Beyond Minimum Standards
ABSTRACT
The recent Cybersecurity Executive Order asked agencies to define minimum standards for supply chain governance and software testing that could be required of all vendors selling software to the Federal Government. In this talk, I ask the question: what could minimal standards look like 10 years from now? I will describe recent research on software and supply chain security, focusing on emerging threats and promising approaches to mitigation.
BIO
Left of Boom: Cyber Supply Chain Security, Testing, and Vulnerability Disclosure
ABSTRACT
Cyber risks to digital supply chains are not new, but recent cyber incidents have prioritized these concerns and catalyzed several executive orders. This briefing will describe the Department of Energy’s programs in cyber vulnerability enumeration, testing, and forensic analysis for digital components in industrial control systems; efforts to illuminate risks in digital supply chains; and emerging strategies to improve security-by-design through Cyber-Informed Engineering.
BIO