Lessons in External Dependency and Supply Chain Risk Management
Software Engineering Institute
In this webinar, John Haller and Matthew Butkovic of the CERT Division of the Software Engineering Institute will discuss real-world incidents, including recent industrial control system attacks and incidents affecting Department of Defense capabilities, and the lessons that organizations should take away. The session will focus on the lifecycle of supply chain relationships and introduce concepts to help organizations manage them more effectively.
The webinar speakers, John and Matthew, will discuss the HAVEX malware attacks on industrial control system vendors, which were reported to the security community in June 2014. For supply chain risk management, a key lesson from the HAVEX case is the importance of having a process to identify and prioritize external dependencies. The speakers will also explore and discuss methods for addressing this problem in a realistic, reliable way.
Also covered in the webinar are the lessons for third-party risk management that organizations should take away from recent attacks on DoD-affiliated transportation contractors. The speakers will explain how to correctly scope and build security programs around key, organizationally critical services.
The speakers will discuss how your organization can learn from these incidents, including best practices around forming relationships with external entities and managing the relationship over time to support your organization's incident management and situational awareness processes. The webinar closes with a recap of key supply chain risk management capabilities and an update to CERT research into the state of these capabilities across U.S. critical infrastructure sectors.
About the Speaker
John Haller is an SEI alumni employee.
John Haller is a member of the technical staff on the Cybersecurity Assurance team within the CERT® Division at the Software Engineering Institute (SEI), a unit of Carnegie Mellon University in Pittsburgh, PA. As a member of this team, Haller performs research on …Read more
Matthew Butkovic is the Technical Director of the Cyber Risk and Resilience Assurance Directorate in the CERT Division of the Carnegie Mellon University Software Engineering Institute (CMU SEI).
Matt performs critical infrastructure protection research and develops methods, tools, and techniques for evaluating capabilities and managing risk. This includes addressing the …Read more