“Securing the Manufacturing Supply Chain: Getting Tactical” – upcoming conference in Chicago

I’m pleased to call your attention to what promises to be a very good ICS (industrial control systems) supply chain security conference in Chicago on April 10. The sponsor of the event is the Digital Manufacturing Institute, a Chicago-based initiative funded by the Department of Defense, other federal departments, and a number of major companies, to innovate and promote use of digital manufacturing technologies.

Of course, a major component of this effort is cyber security, and – as we all should know by now – supply chain security is almost without a doubt the biggest cyber threat facing the industrial sector, and especially the electric power industry, nowadays. The Institute was named DoD’s hub for cyber security in manufacturing a year ago. As you probably know, DoD buys lots of manufactured products and operates its own manufacturing facilities. For obvious reasons, they are extremely concerned about securing their own supply chain, as well as that of American businesses.

The conference itself is being organized by Verve Industrial Protection, a company you should get to know if you don't already.

You can read about, and sign up for, the event here (there’s a $150 fee, unless your organization is already a member of the Institute). I will be speaking on a panel in the morning with three others, one of whom is Eric Byres, one of my heroes. He is the founder of Tofino Security and inventor of their technology (now sold under the Belden name) for ICS firewalls. He is now the CEO of aDolus Inc., a research company investigating security technologies to aid in the detection of malicious and counterfeit software in “smart devices” used in the industrial, aerospace, and medical fields.

Of course, the power industry is just one “manufacturing” industry, but it has a special concern about supply chain security now because the current Russian attacks on the industry are coming through the supply chain. I’m told that a person particularly knowledgeable about those attacks will be presenting about them at the conference. Hope to see you there!

Any opinions expressed in this blog post are strictly mine and are not necessarily shared by any of the clients of Tom Alrich LLC.

If you would like to comment on what you have read here, I would love to hear from you. Please email me at tom@tomalrich.com. Please keep in mind that if you’re a NERC entity, Tom Alrich LLC can help you with NERC CIP issues or challenges like what is discussed in this post – especially on compliance with CIP-013. To discuss this, you can email me at the same address.