About the Symposium
After a year of high profile cyber incidents against Operational Technology (OT) systems, followed by a frenzy of regulatory initiatives from governments around the world, executives in critical infrastructure are accelerating their efforts to secure their operations. The software supply chain has been a particularly attractive target for attackers. SecurityWeek reported that software supply chain attacks tripled in 2021—and that’s following a 430% surge in 2020. It has not gone unnoticed.
This symposium will explore the risks posed by a lack of visibility into the OT software supply chain. It will describe the important regulatory requirements initiated by the US federal government and explore the impact of these regulations, both in the US and internationally. We’ll do a deep dive into the federal requirement for Software Bill of Materials (SBOMs), the critical role they play in risk reduction, and the future direction of supply chain transparency.
We’ll discuss some of the challenges of creating and using SBOMs in OT/ICS environments. OT technology has a long service life and there is often legacy software where the source code is no longer available. We’ll also cover how OT vendors can use VEX (Vulnerability Exploitability eXchange) documents to help prioritize vulnerabilities exposed by SBOMs.
Finally, we’ll wrap up with a real world example detailing the experiences of a major OEM vendor that determined the risk posed by the vulnerabilities in the Apache Foundation’s Log4j module, identified products where it was exploitable, and efficiently communicated with their customers using VEX.
The need for a secure supply chain is the new business imperative for operators of critical infrastructure and those who supply them with software and firmware. Don’t miss this chance to hear from the experts on how to forge an unbreakable chain in critical infrastructure operations.
Meet The Event Speakers
Agenda
*Please note this agenda is subject to change as we get closer to the event date.
1:00 PM Kickoff with Derek Harp
1:15 PM The Need for a Secure Software Supply Chain with Caleb Queern
Followed by Q&A
1:45 PM Recent Regulations and SBOM with Mark Weatherford
Followed by Q&A
2:35 PM Progress on Supply Chain Risks: Transparency as the Starting Point with Allan Friedman
Followed by Q&A
3:35 PM The Challenges of SBOMs - Making SBOMs Work for you / VEX Documents with Eric Byers
Followed by Q&A
4:20 PM Real World Case Studies (and Call to Action from Erik Schweigert)
Followed by Q&A
5:05 PM Panel Wrap-up with Jonathan Dambrot, Brad Raiford, Rod Campbell, and Eric Byers
5:30 PM Symposium Close
Meet The Event Steering Committee
(CS)²AI would like to thank the steering committee from aDolus and KPMG for all the effort put into making this a unique and impactful event for the community.
Yet another great example of Members Helping Members!