Dan Shoemaker of IEEE

Systems are built out of components that are integrated from the lowest level of a supply chain up to a finished product.  This creates a serious weakness in that malicious code, or counterfeit parts can be inserted at the bottom of the process without scrutiny and then integrated up into the end-product, as was demonstrated by the recent SolarWinds hack.

The possibility of such a thing occurring is so obvious that you would think that there have been practical efforts to address it. However, even though we’ve expended much time and effort to ensure robust, efficient and defect free code, we have done very little to ensure against compromises that could occur during the integration process. Thus, the aim of this talk will be to outline the challenge of supply chain risk, as well as present a couple of potential solutions. 

Biography:

Daniel P Shoemaker, PhD, is a Full Professor and Director of the Graduate Program in Cybersecurity at the University of Detroit Mercy, were he has worked for over 35 years. He has also spent fourteen years as the Principal Investigator for the National Security Agency’s Center of Academic excellence in Cyber Defense at UDM’s Center for Cyber Security and Intelligence Studies. Dan was the Department Chair for the Computer and information System Program of the UDM College of Business Administration for twenty-six years.  He served as Co-Chair for Workforce Training and Education for the Department of Homeland Security Software Assurance Initiative. In that capacity he was also one of the authors of the DHS Software Assurance Common Body of Knowledge (CBK). He helped author the DHS IA Essential Body of Knowledge and he has served as a SME for the NIST-NICE workforce framework as well as the ACM/IEEE/AIS Joint Task Force for Cybersecurity Education (CSEC2017).  

He also spends his free time authoring some of the leading books in Cyber Security.   His book Cyber Security:  The Essential Body of Knowledge, is Cengage publishing’s flagship book in the field. His first book, Information Assurance for the Enterprise, is McGraw-Hill’s primary textbook in IA and is in use all over the globe. The CSSLP Certification All-in-One Exam Guide, another McGraw-Hill publication came out December of 2013 and sells very well, Engineering a More Secure Software Organization, which is also published by Cengage came out in April of 2014. 

Finally, his newest publisher Taylor & Francis CRC Press has published his latest works: A Guide to the National Initiative for Cybersecurity Education (NICE) Framework (2.0) in 2016, The Complete Guide to Cybersecurity Risk & Controls in Cyber Security, in 2016, Implementing Cybersecurity: A Guide to the National Institute of Standards and Technology Risk Management Framework, in 2017, Supply Chain Risk Management: Applying Secure Acquisition Principles to Ensure a Trusted Technology Product, in 2018, and How to Build a Cyber Resilient Organization, 2019 and The Cybersecurity Body of Knowledge: The ACM/IEE/AIS/IFIP Recommendations for a Complete Curriculum in Cybersecurity, 2020.

Dr. Shoemaker has been designated a Distinguished Visitor with  IEEE Computer Society for a term from 2021-2023.