Thursday, September 23, 2021
The topic of software bill of materials (SBoM) to provide transparency into software supply chain risks and vulnerabilities for critical infrastructure is gaining momentum through such efforts as the Cybersecurity Executive Order 14028 and the EEI Model Procurement Contract Language. Additionally demand for suppliers to provide insights into their hardware supply chains and foreign adversarial risks is also producing the need for compliance with NDAA Section 889. These requests for transparency have raised many questions about how to meet requirements and do so in a secure fashion.
Join Fortress Information Security to learn how a Cyber Bill of Materials can support supply chain risk management for asset owners and suppliers alike.
Presentation Highlights and Take-Aways:
· An overview of recent cyber-attacks and the supply chain threat landscape for ICS
· Breakdown of supply chain security regulations: Section 889 A & B, NERC-CIP regulations and Executive Order 14028
· The Importance of both Software (SBOM) and Hardware Bill of Materials (HBOM) & 4th Party Evaluations
· Identifying and mitigating supplier concerns for adoption – Cutting through the Fear, Uncertainty and Doubt
· Continuous Monitoring, Attestation sharing and use of Blockchain as a force multiplier to secure the industry
· BOM supplier and purchaser coordination for success
Thanks first to the Solarwinds attack and then Executive Order 14028 - Improving the Nation’s Cybersecurity, the security of the software supply chain has become the hot topic of the year. The Colonial Pipeline ransomware attack made critical infrastructure security front page news. This talk will look at the intersection of these two challenges - why securing the supply chain for critical OT environments is now an urgent priority for asset owners, suppliers and government agencies. In this session you will learn:
- Why supply chain and ransomware attacks are dramatically increasing
- The new obligations set out in EO14028 that industry will need to follow
- How EO14028 requirements will ripple far beyond government contracts
- How Software Bill of Materials (SBOMs) will help secure software supply chains
- What asset owners should be demanding from their OEM Vendors to secure OT systems
- Why AI will be crucial for locating and prioritizing product vulnerabilities
There is a large effort to quickly bring SBOM to the OT industry. Then what? I get impact analysis will in part be faster. But what about provenance? What happens if a US company discovers there is a SW component from China? Or the Chinese discover the component they thought was from Hong Kong is actually from Japan? The geopolitical implications can be significant. How is the drive towards regionalism and away from globalism going to affect our industry?