Cybersecurity Tactics to Reduce ICS Software Supply Chain Risk

  /  ICS Security   /  Cybersecurity   /  Cybersecurity Tactics to Reduce ICS Software Supply Chain Risk
supply chain attacks

Cybersecurity Tactics to Reduce ICS Software Supply Chain Risk

Supply chain attacks like the recent SolarWinds hack are now front-page news, and cybersecurity steps must be taken to reduce the risk these attacks pose to critical systems. A platform that enables end users to manage the security of their ICS/OT endpoints down to vulnerabilities in hidden subcomponents is a necessity given the increased capabilities of cyber criminals.

Current approaches that rely on passive detection of software miss the underlying reservoir of risk of both OS and application software as well as the hidden risks of vulnerable components within OT/IoT firmware. A new partnership between two leading ICS cybersecurity companies allows organizations to not only identify ‘known’ risks, but immediately check for vulnerabilities hidden in their embedded firmware.

More about Securing the ICS Software Supply Chain

Cybersecurity Webinar: Learn How to Reduce Risk in ICS Software Supply Chain

IT-based vulnerability detection solutions often miss more OT vulnerabilities than they detect–or they generate an unmanageable flood of false positives, wasting already over-stretched cybersecurity resources.

This webinar aims to show how decades of OT product naming inconsistency limits the ability of traditional vulnerability tools to determine which of assets are affected by a vulnerability – or the reverse: which vulnerabilities you need to worry about.

The difference between CPEs, CVEs, and CWEs will be explained and real-world examples of naming issues that undermine the usefulness of these resources provided. A primer on Software Bill of Materials (SBOMs) and how enhanced SBOMs build the links between products, vulnerabilities, risks, and asset inventories will be discussed.

Learn how to use those links to get the most out of your investments or to secure the assets that are harder to replace. Three takeaways to help enhance OT vulnerability management and risk monitoring will also be covered. More about Supply Chain Control Tower Solutions to Conquer Disruption.

Register for the webinar on February 25 at 12:00pm CT


Eric byresEric Byres (CEO, aDolus Technology Inc.) is widely recognized as one of the world’s leading experts in the field of industrial control system (ICS) and Industrial Internet of Things (IIoT) cybersecurity. He is the inventor of the Tofino Security technology – the most widely deployed ICS-specific firewall in the world – licensed by industry giants Honeywell, Schneider Electric, and Caterpillar. Eric is also known for his leadership in international standards and research for industrial communications. Full Bio

ron brashRon Brash (Director of Cybersecurity Insights @Verve Industrial) injects technical expertise from vulnerability research to cyber-risk advisory from several critical infrastructure domains (O&G, energy, utilities, aviation). He has 12+ years of experience working with embedded ICS, possesses a MsCompSci, a Btech, and co-authored a book on Bash programming.



FAQs about Cybersecurity of ICS Software Supply Chain

What is the difference between IT security and ICS?

IT security primarily focuses on protecting information technology systems, networks, and data. In contrast, ICS (Industrial Control Systems) security is centered around safeguarding the specialized hardware and software used to control industrial processes in critical infrastructure sectors like energy, manufacturing, and utilities.

What is the ICS supply chain strategy for cybersecurity?

The ICS supply chain strategy for cybersecurity involves implementing measures to assess and mitigate risks associated with third-party vendors and components in the supply chain. This includes thorough vendor evaluations, contractual security requirements, and continuous monitoring.

What is the most common ICS supply chain vulnerability?

One of the most common ICS supply chain vulnerabilities is the lack of visibility and control over third-party components and software. This can lead to potential security gaps, as vulnerabilities in these elements may not be immediately apparent or under direct control.

What is ICS supply chain certification?

ICS supply chain certification involves a formal process of assessing and verifying that vendors, components, and processes within the supply chain meet specific cybersecurity standards and requirements. This certification helps ensure a higher level of security in ICS environments.