Monday, June 7, 2021

A presentation you shouldn't miss

Note from Tom: I’ve moved my email feed from FeedBurner (who’s getting out of this business in July) to Follow.It. If you aren’t getting my posts anymore, just hit the Subscribe button in the top right. And if you’d like to start receiving these posts in your email inbox, also hit the Subscribe button.

I just received an invitation from an organization whose meetings I’ve only attended once but found them quite good. This is the Software and Supply Chain Assurance forum, a group that includes a lot of government cybersecurity people. They deal with what IMHO are the two biggest problems in cybersecurity today: software security and supply chain cybersecurity. Moreover, they’ve been doing this since 2010 (long before I even thought about supply chain security, to be honest). I wrote about them in this post in 2018.

This invitation is to a virtual meeting on June 16th. I was especially interested in this meeting because Cheri Caddy will be speaking. She is Senior Advisor, Cybersecurity, in the Office of Cybersecurity, Energy Security and Emergency Response (CESER), of the Department of Energy. I have gotten to know her (I won’t say well yet, but I hope to be able to later) because she played a big role in getting our Energy SBOM Proof of Concept off the ground. Moreover, she provided the resources of Idaho National Labs – including my co-leader, Virginia Wright -  to make the PoC successful (and with over 30 electric utilities and other power industry players, five major industry organizations, and over ten software and device suppliers to the power industry represented – along with a number of service and tool providers – I can safely say that the PoC is well on the road to being successful, although it won’t be a short or easy road).

Cheri will “describe DOE’s programs for working with operational technology manufacturers and energy sector asset owners to discover, mitigate, and engineer out cyber vulnerabilities in digital components in Energy Sector critical supply chains.” I’m looking forward to this, and recommend you try to attend as well. DoE is doing some pretty amazing things, especially in supply chain security.

 

Any opinions expressed in this blog post are strictly mine and are not necessarily shared by any of the clients of Tom Alrich LLC. Nor are they shared by the National Technology and Information Administration’s Software Component Transparency Initiative, for which I volunteer. If you would like to comment on what you have read here, I would love to hear from you. Please email me at tom@tomalrich.com.

 

No comments:

Post a Comment