(CS)²AI Online™ Symposium: Securing the Software Supply Chain - Forging an Unbreakable Chain April 6 @ 1PM EST

This Wednesday, April 6 1:00PM - 5:30PM EST

ATLANTA, GA, UNITED STATES, April 1, 2022 /EINPresswire.com/ -- The Control System Cyber Security Association International (CS2AI), invites the professional community to join peers for our next symposium, Securing the Software Supply Chain - Forging an Unbreakable Chain. This continuing education event is virtual and free for all to join. Register Here

(CS)2AI Founder and Chairman Derek Harp said: “It has long been the case that the software we buy from one single source is not all from that supplier alone. Even if we are purchasing from a highly reputable source, we are in fact, purchasing from a chain of suppliers where many, or in some cases all, are unknown to us as the end-user. The security of the software itself (and thus our own environments) is only as strong as the weakest link in that chain. And, let’s face it, the last twelve months alone have proven that there are some very weak links in the chain that we have to understand and then start to systemically address. I am grateful for the collaboration with event title sponsors aDolous and KPMG who helped create a fantastic event about securing the software supply chain and looking forward to learning from the speakers who have agreed to come and share their collective wisdom with our community.”

After a year of high profile cyber incidents against Operational Technology (OT) systems, followed by a frenzy of regulatory initiatives from governments around the world, executives in critical infrastructure are accelerating their efforts to secure their operations. The software supply chain has been a particularly attractive target for attackers. SecurityWeek reported that software supply chain attacks tripled in 2021—and that’s following a 430% surge in 2020. It has not gone unnoticed.

This symposium will explore the risks posed by a lack of visibility into the OT software supply chain. It will describe the important regulatory requirements initiated by the US federal government and explore the impact of these regulations, both in the US and internationally. We’ll do a deep dive into the federal requirement for Software Bill of Materials (SBOMs), the critical role they play in risk reduction, and the future direction of supply chain transparency.

We’ll discuss some of the challenges of creating and using SBOMs in OT/ICS environments. OT technology has a long service life and there is often legacy software where the source code is no longer available. We’ll also cover how OT vendors can use VEX (Vulnerability Exploitability eXchange) documents to help prioritize vulnerabilities exposed by SBOMs.

Finally, we’ll wrap up with a real world example detailing the experiences of a major OEM vendor that determined the risk posed by the vulnerabilities in the Apache Foundation’s Log4j module, identified products where it was exploitable, and efficiently communicated with their customers using VEX.

The need for a secure supply chain is the new business imperative for operators of critical infrastructure and those who supply them with software and firmware. Don’t miss this chance to hear from the experts on how to forge an unbreakable chain in critical infrastructure operations.

Eric Byers, CTO & Board Member at aDolus Technology Inc. shared "Some of the most experienced voices in the ICS industry are joining us to shed light on managing software supply chain cyber risks. The audience will come away with practical steps they can take to improve visibility and transparency across their entire software supply chain."

Register Now

*SYMPOSIUM AGENDA*

1:00 PM Kickoff with Derek Harp

1:10 PM The Need for a Secure Software Supply Chain with Caleb Queern
Followed by Q&A

1:45 PM Recent Regulations and SBOM with Rod Campbell & Mark Weatherford
Followed by Q&A

2:30 PM Progress on Supply Chain Risks: Transparency as the Starting Point with Allan Friedman
Followed by Q&A

3:30 PM The Challenges of SBOMs - Making SBOMs Work for you / VEX Documents with Eric Byers
Followed by Q&A

4:20 PM Real World Case Studies (and Call to Action from Eric Schweigert)
Followed by Q&A

5:05 PM Panel Wrap-up with Jonathan Dambrot, et al

5:45 PM Symposium Close

Register Today

*****

Control Systems Cyber Security Association International - (CS)2AI, pronounced “see say”, is the world's largest and most influential community dedicated solely to the protection of control systems from cybersecurity threats. (CS)2AI connects people and organizations around the world with the knowledge and resources to protect their control systems from ever evolving cybersecurity threats. A nonprofit work force development association with over 23,000 members worldwide, we enable our members to help members, foster meaningful peer-to-peer exchanges, provide continuing professional education and directly support cyber security professional development. https://www.cs2ai.org

Trisha Harp
CS2AI
+1 614-403-2552
email us here
Visit us on social media:
Facebook
Twitter
LinkedIn
Other

CS2AI Symposium: Securing the Software Supply Chain - Forging an Unbreakable Chain April 6 2022