BEGIN:VCALENDAR VERSION:2.0 PRODID:IEEE vTools.Events//EN CALSCALE:GREGORIAN BEGIN:VTIMEZONE TZID:America/Los_Angeles BEGIN:DAYLIGHT DTSTART:20230312T030000 TZOFFSETFROM:-0800 TZOFFSETTO:-0700 RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3 TZNAME:PDT END:DAYLIGHT BEGIN:STANDARD DTSTART:20231105T010000 TZOFFSETFROM:-0700 TZOFFSETTO:-0800 RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11 TZNAME:PST END:STANDARD END:VTIMEZONE BEGIN:VEVENT DTSTAMP:20230713T010218Z UID:5398E8A7-6BB8-4EED-85E2-CB15772A8B39 DTSTART;TZID=America/Los_Angeles:20230712T170000 DTEND;TZID=America/Los_Angeles:20230712T180000 DESCRIPTION:Systems are built by integrating components upwards from the lo west level of the supply chain to the finished\, often highly complex\, pr oduct. That upward integration process represents a potential security wea kness. In that\, without direct scrutiny or control from the OEM it is pos sible to surreptitiously insert malicious code\, or counterfeit parts at t he bottom of a multilevel\, or offshored\, build. And inevitably any malic ious object inserted down the integration ladder will then be integrated i nto the end product\, the most recent example being the SolarWinds hack of 2021.\n\nThe possibility of such a thing occurring is so obvious that you would think that there have been practical efforts to address it. However \, even though we’ve expended a lot of time and effort to ensure robust\ , efficient\, and defect-free code production\, we have done very little t o ensure against compromises that might occur during the integration proce ss. So\, the aim of this talk is to outline the challenge of supply chain risk\, as well as present a couple of potential solutions from the automob ile industry.\n\nSpeaker(s): Daniel Shoemaker\, \n\nVirtual: https://event s.vtools.ieee.org/m/364736 LOCATION:Virtual: https://events.vtools.ieee.org/m/364736 ORGANIZER:dbutcher@ieee.org SEQUENCE:13 SUMMARY:Secure Sourcing of COTS Products URL;VALUE=URI:https://events.vtools.ieee.org/m/364736 X-ALT-DESC:Description: <br /><p style="font-weight: 400\;">Systems are bui lt by integrating components upwards from the lowest level of the supply c hain to the finished\, often highly complex\, product.&nbsp\;&nbsp\;That u pward integration process represents a potential security weakness. In tha t\, without direct scrutiny or control from the OEM it is possible to surr eptitiously insert malicious code\, or counterfeit parts at the bottom of a multilevel\, or offshored\, build. And inevitably any malicious object i nserted down the integration ladder will then be integrated into the end p roduct\, the most recent example being the SolarWinds hack of 2021.&nbsp\; &nbsp\;</p>\n<p style="font-weight: 400\;">The possibility of such a thing occurring is so obvious that you would think that there have been practic al efforts to address it. However\, even though we&rsquo\;ve expended a lo t of time and effort to ensure robust\, efficient\, and defect-free code p roduction\, we have done very little to ensure against compromises that mi ght occur during the integration process. So\, the aim of this talk is to outline the challenge of supply chain risk\, as well as present a couple o f potential solutions from the automobile industry.</p> END:VEVENT END:VCALENDAR