Left of Boom: Cyber Supply Chain Security, Testing, and Vulnerability Disclosure
ABSTRACT
Cyber risks to digital supply chains are not new, but recent cyber incidents have prioritized these concerns and catalyzed several executive orders. This briefing will describe the Department of Energy’s programs in cyber vulnerability enumeration, testing, and forensic analysis for digital components in industrial control systems; efforts to illuminate risks in digital supply chains; and emerging strategies to improve security-by-design through Cyber-Informed Engineering.
BIO
Cheri Caddy is the Senior Advisor for Cybersecurity in the Office of Cybersecurity, Energy Security & Emergency Response (CESER) within the Department of Energy. In this role she leads strategy and execution of cybersecurity operations, technology, and critical infrastructure protection programs, implementing DOE’s role as the Sector Risk Management Agency for the Energy Sector. Ms. Caddy leads the Department’s program for supply chain security and cyber vulnerability testing of digital components, CyTRICS™, efforts to ensure cybersecurity of renewable technologies under the Clean Energy Cyber Accelerator, and is the Executive Director of the Securing Energy Infrastructure Executive Task Force.
Previously, Ms. Caddy spent five years as the National Security Agency’s Executive Director of Enduring Security Framework, a joint program among the Department of Defense, the Department of Homeland Security, the Intelligence Community, and industry leaders in the defense, IT, and communications sectors to collectively address technical and operational cyber vulnerabilities and risks to national security systems and critical infrastructure. Prior to NSA, Ms. Caddy was Director for Cybersecurity Policy at the National Security Council during the Obama Administration. In her 2.5-year tenure at NSC, she led the development of numerous national cybersecurity policies, in particular, leading efforts on cybersecurity for state governments, representing the NSC at the Council of Governors and the National Governors Association. She also led national cyber engagements with industry and academia, directing the work of the President’s National Security Telecommunications Advisory Committee, and coordinating White House initiatives on growing the nation’s skilled cyber workforce. Prior to serving in the White House, Ms. Caddy was a Senior Advisor for Information Assurance and Cybersecurity in the Office of the Director of National Intelligence. In this role, she led national teams in solving complex policy and technical issues related to classified threat information sharing among federal and state governments, and helped stand up the national network of State and Major Urban Area Fusion Centers.
Ms. Caddy has been a non-resident Senior Cybersecurity Fellow at the McCrary Institute for Cybersecurity & Critical Infrastructure at Auburn University since 2017. Ms. Caddy holds a B.A. in International Studies from Norwich University, Military College of Vermont; an M.A. in Foreign Affairs from the University of Virginia; and an M.P.A. in Public Administration from the American University in Washington, DC.