5 Blind Men and an Elephant called ICS Supply Chain Security

Sponsor Stage

In this session we uncover the five key supply chain risks to ICS software and firmware. We’ll show you specific examples of each of these threats; we’ll introduce a framework funded by the DHS to safeguard against ICS supply chain attacks.  Finally we’ll show you how to satisfy security requirements like NERC CIP-013, without introducing onerous or error-prone processes:

  • Verification of software integrity and authenticity: Learn how to ensure that your staff are not loading counterfeit or tampered software and firmware into critical systems.
  • Vulnerability detection and disclosure: Learn how to generate a Software Bill of Materials (SBoM) to reveal unexpected sub-components that may contain vulnerabilities or malware.
  • Validation of firmware versions: Learn how to ensure that firmware is an up-to-date version, tested and approved by the vendor rather than an unauthorized or obsolete version.
  • Validation of certificate-chains: Learn how to detect fraudulently signed packages masquerading as authentic, avoiding Stuxnet-style attacks where private keys have been stolen.
  • Detection of blacklisted products: Learn how to uncover sub-components in software from banned suppliers.
Supply Chain