Note from Tom: I’ve moved my email feed from FeedBurner (who’s getting out of this business in July) to Follow.It. If you aren’t getting my posts anymore, just hit the Subscribe button in the top right. And if you’d like to start receiving these posts in your email inbox, also hit the Subscribe button.
I just received an invitation from
an organization whose meetings I’ve only attended once but found them quite
good. This is the Software and Supply Chain Assurance forum, a group that includes
a lot of government cybersecurity people. They deal with what IMHO are the two biggest
problems in cybersecurity today: software security and supply chain cybersecurity.
Moreover, they’ve been doing this since 2010 (long before I even thought about
supply chain security, to be honest). I wrote about them in this post
in 2018.
This invitation is to a virtual
meeting on June 16th. I was especially interested in this meeting
because Cheri Caddy will be speaking. She is Senior Advisor, Cybersecurity, in
the Office of Cybersecurity, Energy Security and Emergency Response (CESER), of
the Department of Energy. I have gotten to know her (I won’t say well yet, but
I hope to be able to later) because she played a big role in getting our Energy SBOM Proof of Concept off the
ground. Moreover, she provided the resources of Idaho National Labs – including
my co-leader, Virginia Wright - to make
the PoC successful (and with over 30 electric utilities and other power industry players, five major industry organizations, and over ten software and device
suppliers to the power industry represented – along with a number of service
and tool providers – I can safely say that the PoC is well on the road to being
successful, although it won’t be a short or easy road).
Cheri will “describe DOE’s
programs for working with operational technology manufacturers and energy
sector asset owners to discover, mitigate, and engineer out cyber
vulnerabilities in digital components in Energy Sector critical supply chains.”
I’m looking forward to this, and recommend you try to attend as well. DoE is
doing some pretty amazing things, especially in supply chain security.
Any opinions expressed in this
blog post are strictly mine and are not necessarily shared by any of the
clients of Tom Alrich LLC. Nor
are they shared by the National Technology and Information Administration’s
Software Component Transparency Initiative, for which I volunteer. If you would like to comment on what you
have read here, I would love to hear from you. Please email me at tom@tomalrich.com.
No comments:
Post a Comment