Professional Documents
Culture Documents
Hsu Welcome 2017 - 10 - 10 Final For Distribution - Summit5
Hsu Welcome 2017 - 10 - 10 Final For Distribution - Summit5
Hsu Welcome 2017 - 10 - 10 Final For Distribution - Summit5
https://phishme.com/ransomware-delivered-97-phishing-emails-end-q3-2016-supporting-booming-cybercrime-
industry//
HARDWARE TROJANS
Modifications to circuitry by adversaries
to exploit hardware
or to use hardware mechanisms to gain access to data or software
running on the chips
A Survey of Hardware Trojan Taxonomy and Detection. 2010. M. Tehranipoor & F. Koushanfar. IEEE Design and Test of
Computers
HARDWARE TROJANS
A Survey of Hardware Trojan Taxonomy and Detection. 2010. M. Tehranipoor & F. Koushanfar. IEEE Design and Test of
Computers
HARDWARE TROJANS
GLOBALIZATION
in the semiconductor design and fabrication process
integrated circuits (ICs) are becoming increasingly vulnerable to
malicious activities and alterations
A Survey of Hardware Trojan Taxonomy and Detection. 2010. M. Tehranipoor & F. Koushanfar. IEEE Design and Test of
Computers
A Survey of Hardware Trojan Taxonomy and Detection. 2010. M. Tehranipoor & F. Koushanfar.
IEEE Design and Test of Computers
INTELLIGENCE ADVANCED
RESEARCH PROJECTS ACTIVITY
(IARPA)
OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE
http://spectrum.ieee.org/semiconductors/design/stopping-hardware-trojans-in-their-tracks
http://www.dmea.osd.mil/TAPO/foundryServices.html
INSECURE SOFTWARE DEVELOPMENT
1) Poor software design
3) Commercial Off The Shelf (COTS) products that rely on foreign and non-
vetted domestic suppliers
INSECURE SOFTWARE DEVELOPMENT
1) Poor software design
3) Commercial Off The Shelf (COTS) products that rely on foreign and non-
vetted domestic suppliers
INSECURE SOFTWARE DEVELOPMENT
1) Poor software design
3) Commercial Off The Shelf (COTS) products that rely on foreign and non-
vetted domestic suppliers
http://www.gartner.com/smarterwithgartner/top-10-security-predictions-2016/
SOFTWARE DEVELOPMENT
LIFE CYCLE (SDLC)
Vendors sometimes neglect security and
validation of software during rapid
development.
• 2013 5,186 vulnerabilities
• 2017 9,202 reported by August 17
National Institute of Standards and Technology
SOFTWARE DEVELOPMENT
LIFE CYCLE (SDLC)
Vendors sometimes neglect security and
validation of software during rapid
development.
• 2013 5,186 vulnerabilities
• 2017 11,329 reported by October 10
National Institute of Standards and Technology
95,613
Common Vulnerabilities and Exposures
(CVE)
https://nvd.nist.gov/general/nvd-dashboard
EQUIFAX
https://www.us-cert.gov/bsi/articles/best-practices/acquisition/a-
systemic-approach-assessing-software-supply-chain-risk
AQUIRE
https://www.us-cert.gov/bsi/articles/best-practices/acquisition/a-
systemic-approach-assessing-software-supply-chain-risk
AQUIRE
https://www.us-cert.gov/bsi/articles/best-practices/acquisition/a-
systemic-approach-assessing-software-supply-chain-risk
IMPROVING THE CYBER AND
PHYSICAL SECURITY
POSTURE OF THE ELECTRIC
SECTOR
Up to $7.5 million over three years
$2.5 million per year
Rural Cooperative Cybersecurity
Capabilities Program
PEOPLE, PROCESS, &
TECHNOLOGY
PEOPLE, PROCESS, &
TECHNOLOGY
PEOPLE, PROCESS, &
TECHNOLOGY
Rural Cooperative Cybersecurity
Capabilities Program
Rural Cooperative Cybersecurity
Capabilities Program
Rural Cooperative Cybersecurity
Capabilities Program
41 Pilot Cooperatives
Rural Cooperative Cybersecurity
Capabilities Program
Rural Cooperative Cybersecurity
Capabilities Program
Cybersecurity Summits:
Addressing Cybersecurity Risks
Greg Sparks, President, CIOsource
January - Colorado
May - Illinois
July - Washington
April - Arkansas
33
YOU DESIGN THE RESEARCH
• Challenge 1: Scalability of • Challenge 5: Time Management
Existing Guidance Documents
• Challenge 6: Labor Pool
• Challenge 2: Governance – CEO,
Board of Directors, General • Challenge 7: Technology Challenge
Manager
• Challenge 8: Undocumented
• Challenge 3: Risk Management – Processes – knowledge retention,
Risk Register improvements, business management
44
Training
45
OUTREACH AND AWARENESS:
Training
Rural Cooperative Cybersecurity
Capabilities Program
Rural Cooperative Cybersecurity
Capabilities Program
Rural Cooperative Cybersecurity
Capabilities Program
Rural Cooperative Cybersecurity
Capabilities Program
Accessible
Rural Cooperative Cybersecurity
Capabilities Program
Accessible Affordable
Rural Cooperative Cybersecurity
Capabilities Program