Eric J. Byres
Country: United States
Eric Byres is widely recognized as one of the world’s leading experts in the field of industrial control system (ICS) and Industrial Internet of Things (IIoT) cybersecurity. He is the inventor of the Tofino Security technology – the most widely deployed ICS-specific firewall in the world – licensed by industry giants Honeywell, Schneider Electric, and Caterpillar. Eric is also known for his leadership in international standards and research for industrial communications.
Eric holds an extensive list of accomplishments, which includes founding the BCIT Critical Infrastructure Security Centre, providing guidance to government security agencies and major energy companies on protection for critical infrastructures, sitting as the chair of the ISA SP-99 Security Technologies Working Group, representing Canada for the IEC TC65/WG10 standards effort, and testifying to the US Congress on the Security of Industrial Control Systems in National Critical Infrastructures. He has received numerous awards from international organizations and was made an ISA Fellow in 2009. In 2013 he received ISA’s highest honor: Excellence in Leadership.
Five Blind Men and the Elephant called ICS Supply Chain Security
Is a secure ICS software supply chain important to your company’s critical operations? And what does securing your supply chain really involve? A 3-year study sponsored by the US Department of Homeland Security revealed many different perspectives. ICS vendors, asset owners, consultants and security researchers all identified numerous complex priorities:
- Counterfeit firmware detection
- Mystery sub-component detection
- Version validation
- Certification-chain validation
A common theme among these different perspectives is the exploitation of trust between ICS vendors and their customers (and other suppliers). This talk will explore specific examples of each of these threats and discuss FACT, a framework for safeguarding against attacks on trust and reliability.
- Identify key cybersecurity risks to critical infrastructure supply chains.
- Understand existing security strategies (e.g. certificate signing, hashes) and their limitations.
- Explore tools and solutions for addressing specific supply chain threats.