Secure Sourcing of COTS Products : vTools Events

IEEE.org | IEEE Xplore Digital Library | IEEE Standards | IEEE Spectrum | More Sites

Secure Sourcing of COTS Products

#security #cybersecurity #supplychain

Systems are built by integrating components upwards from the lowest level of the supply chain to the finished, often highly complex, product. That upward integration process represents a potential security weakness. In that, without direct scrutiny or control from the OEM it is possible to surreptitiously insert malicious code, or counterfeit parts at the bottom of a multilevel, or offshored, build. And inevitably any malicious object inserted down the integration ladder will then be integrated into the end product, the most recent example being the SolarWinds hack of 2021.

The possibility of such a thing occurring is so obvious that you would think that there have been practical efforts to address it. However, even though we’ve expended a lot of time and effort to ensure robust, efficient, and defect-free code production, we have done very little to ensure against compromises that might occur during the integration process. So, the aim of this talk is to outline the challenge of supply chain risk, as well as present a couple of potential solutions from the automobile industry.

Date and Time

Location

Hosts

Registration

Date: 13 Jul 2023
Time: 12:00 AM UTC to 01:00 AM UTC
Add Event to Calendar
iCal
Google Calendar

If you are not a robot, please complete the ReCAPTCHA to display virtual attendance info.

Contact Event Hosts

Starts 19 June 2023 10:09 PM UTC
Ends 12 July 2023 10:00 PM UTC
No Admission Charge

Speakers

Daniel Shoemaker

Biography:

Dan Shoemaker is full time professor at Detroit Mercy. He is currently a Distinguished Visitor for the Institute of Electrical and Electronic Engineers (IEEE) and the Director of the Master of Science in Information Assurance Program with a major in Cybersecurity, and a senior researcher at Detroit Mercy's Center for Cyber Security & Intelligence Studies. Shoemaker is a former chair of the Computer & Information Systems Department at Detroit Mercy for more than 25 years. As the co-chair for the National Workforce Training and Education Initiative, he is one of the authors of the DHS Software Assurance Common Body of Knowledge (CBK). He also helped author the DHS IA Essential Body of Knowledge and serves as a subject matter expert for the NIST-NICE workforce framework. Shoemaker also enjoys editing journals, and his publications number are well over one hundred.

Shoemaker holds a Ph.D. from University of Michigan. He leads the Midwest CISSE Chapter—a coalition that covers five-state regions with research partners as far away as the United Kingdom. He and the coalition have conducted research on curriculum for the U.S. Department of Defense and is very proud of the work they have completed in Software Assurance and Supply Chain Risk Management.

Shoemaker spends much of his free time authoring some of the leading books in Cyber Security. His book, Cybersecurity: The Essential Body of Knowledge, is Cengage publishing's flagship book in the field. His first book, Information Assurance for the Enterprise, is McGraw-Hill's primary textbook in Information Assurance and is in use all over the world. The CSSLP Certification All-in-One Exam Guide, another McGraw-Hill publication came out December of 2013, Engineering a More Secure Software Organization, which is also published by Cengage came out in April of 2014. He just finished working on two new books for Taylor & Francis, The Complete Guide to Cybersecurity Risk & Controls and Cyber Security, and finally, A Guide to the National Initiative for Cybersecurity Education (NICE) Framework 2.0.