cybersecurity research needs vendor perspective
play

Cybersecurity Research Needs Vendor Perspective Bryan Owen PE, - PowerPoint PPT Presentation

Jan 04, 2023 •543 likes •650 views

Cybersecurity Research Needs Vendor Perspective Bryan Owen PE, OSIsoft LLC cred-c.org | 1 Beliefs Awareness and training are fundamental We need to advance defensive skills Cyber defense is a team sport We need collaborative approaches

  1. Cybersecurity Research Needs Vendor Perspective Bryan Owen PE, OSIsoft LLC cred-c.org | 1

  2. Beliefs Awareness and training are fundamental • We need to advance defensive skills Cyber defense is a team sport • We need collaborative approaches Trust is earned • We need trust to do great things together Benjamin A. Knott Ph.D. (Air Force Research Laboratory) https://community.apan.org/wg/afosr/spring_review_2014/m/day_3_2014_-_rtcrtd/132488 cred-c.org | 2

  3. Priority Guidelines 1. Do No Harm 2. Keep the ‘bad guys out’ 3. Limit damage if they get in 4. Hunt for evil cred-c.org | 3

  4. Do No Harm – Research Needs • Verification and Validation • Overcome issues of ‘cure is worse than the disease’ • Provable functionality without adverse impact to security controls • Unexpected changes to ‘baseline’ • Representative Test Systems • How close to real is close enough? • Requirements for testing beyond N-1 (‘chaos monkey’ for EDS)? • System of systems interactions • Secure Deployment • Innovative methods for moving changes to production • High assurance methods to address deployment drift • What would it take to reduce level of effort 1000x? cred-c.org | 4

  5. Keep the ‘bad guys out’ – Research Needs • Prevention is ‘King’ • Tools for EDS operators to identify, optimize, and prioritize prevention barriers • Research provable methods for emerging SCADA protocols (eg LangSec) • Research effective/appropriate M2M authentication for EDS ( !=PKI) • Attack surface visibility • Identify high impact remote exploit paths for a region or by EDS function • Accelerate development of Cyber Security Data Sheets (EPRI TAM) • Extend utility of internet based EDS scanning engines (eg Shodan) cred-c.org | 5

  6. Limit damage ‘if they get in’ – Research Needs • Resilient system architectures for using untrustworthy components • Consider alternatives to ‘fail open’, ‘fail close’, and ‘hold last value’ • Study effectiveness of sandbox technology for legacy EDS • Practical study on IDS false positive rate in EDS cred-c.org | 6

  7. Hunt for Evil – Research Needs • EDS canary based threat hunting methods • Detection methods as EDS protocols ‘go dark’ • Is my sensor data fake? • Simulation of deception and delay strategies • Map EDS use of third party libraries to improve supply chain assurance cred-c.org | 7

  8. http://cred-c.org @credcresearch facebook.com/credcresearch/ Funded by the U.S. Department of Energy and the U.S. Department of Homeland Security

  9. Content Slide Option #1 – No branding • This content option does not offer branding. • If you want to show branding on content slides, choose: • Layout Option 2 • Layout Option 3. • Content goes here • And here • And here • And here

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Answer ALL of your Vendor Management Questions. 3 1 10/17/2019 Learning Objectives

Answer ALL of your Vendor Management Questions. 3 1 10/17/2019 Learning Objectives

10/17/2019 Vendor Management Fundamentals Jill Donnelly, Katie Germain, Robert Lehmann, and Karisa Stowell 1 1 Road Map NYS Vendor File Vendor Registration Vendor Maintenance eCommerce Initiative 1099 Reporting

330 views • 19 slides
in the Energy Sector Cybersecurity for Energy Delivery Systems (CEDS) Energy Sector

in the Energy Sector Cybersecurity for Energy Delivery Systems (CEDS) Energy Sector

Working to Achieve Cybersecurity in the Energy Sector Cybersecurity for Energy Delivery Systems (CEDS) Energy Sector Cybersecurity Challenges Open Protocols Open industry standard protocols are replacing vendor-specific

609 views • 36 slides
Cybersecurity research and education: Helping meet the high demand for cybersecurity experts

Cybersecurity research and education: Helping meet the high demand for cybersecurity experts

West Virginia University Cybersecurity research and education: Helping meet the high demand for cybersecurity experts Katerina Goseva-Popstojanova Professor Lane Department of Computer Science and Electrical Engineering (LCSEE) West

538 views • 21 slides
U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity

U.S. National U.S. National Why are we talking about Cybersecurity Cybersecurity cybersecurity? William J. Perry Martin Casado Keith Coleman Dan Wendlandt MS&E 91SI Spring 2004 Stanford University U.S. National Cybersecurity

79 views • 7 slides
eOffer The Vendor Perspective Keonia Cobbins Program Analyst FAS Acquisition Management

eOffer The Vendor Perspective Keonia Cobbins Program Analyst FAS Acquisition Management

U.S. General Services Administration eOffer The Vendor Perspective Keonia Cobbins Program Analyst FAS Acquisition Management July 19, 2017 Agenda Offer/Mod Process Overview Accessing eOffer/eMod Preparing an eOffer/eMod

1.71k views • 118 slides
Towards defining priorities for cybersecurity research in Horizon 2020's work programme 2016-2017

Towards defining priorities for cybersecurity research in Horizon 2020's work programme 2016-2017

Towards defining priorities for cybersecurity research in Horizon 2020's work programme 2016-2017 Contributions from the Working Group on Secure ICT - Research and Innovation of the NIS Platform 8 April 2014 CYBERSECURITY RESEARCH FRAMEWORK

441 views • 8 slides
Optimizing the Agency/Vendor Relationship Katie Germain, Linda Herald, Robert Lehmann 1 1 Road

Optimizing the Agency/Vendor Relationship Katie Germain, Linda Herald, Robert Lehmann 1 1 Road

Optimizing the Agency/Vendor Relationship Katie Germain, Linda Herald, Robert Lehmann 1 1 Road Map Vendor Improvements Vendor Self-Service/Vendor Portal Choosing the correct vendor Location eCommerce Initiative

594 views • 41 slides
Smart Networks III Cybersecurity Panel Verizon Perspective Ernie Hayden CISSP CEH Managing

Smart Networks III Cybersecurity Panel Verizon Perspective Ernie Hayden CISSP CEH Managing

Smart Networks III Cybersecurity Panel Verizon Perspective Ernie Hayden CISSP CEH Managing Principal Energy Security Global Energy & Utility Practice ernest.hayden@verizonbusiness.com Confidential and proprietary material for

188 views • 4 slides
Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives:

Presented by: Islanders Bank Cybersecurity Awareness Cybersecurity Awareness Objectives: Define Cybersecurity & why its important Provide information about Dept. Homeland Security Cybersecurity Campaigns: National

328 views • 22 slides
Third Party Risk and Cybersecurity Issues The Perspective from Outside Counsel November 17,

Third Party Risk and Cybersecurity Issues The Perspective from Outside Counsel November 17,

Third Party Risk and Cybersecurity Issues The Perspective from Outside Counsel November 17, 2016 Presentation to New York Chapter of RIMS Pillsbury Winthrop Shaw Pittman LLP Pillsbury Winthrop Shaw Pittman LLP Agenda A World of

417 views • 18 slides
CYBECO: Supporting Cyberinsurance from a Behavioural Choice Perspective Lorentz

CYBECO: Supporting Cyberinsurance from a Behavioural Choice Perspective Lorentz

CYBECO: Supporting Cyberinsurance from a Behavioural Choice Perspective Lorentz Cyberinsurance Open Day March 27, 2019 Objective Research and develop a framework for managing cybersecurity risks, focused on cyberinsurance as key risk

820 views • 43 slides
How to Become a Certified USDA Vendor Andrea Lang, New Vendor Coordinator Good Afternoon

How to Become a Certified USDA Vendor Andrea Lang, New Vendor Coordinator Good Afternoon

How to Become a Certified USDA Vendor Andrea Lang, New Vendor Coordinator Good Afternoon everyone and thank you for joining us today for our webinar on how to become an approved vendor with USDA, Agricultural Marketing Service, Commodity

650 views • 17 slides
WIC Vendor? Policies and Procedures for WIC Vendor Authorization in T ennessee Presented by

WIC Vendor? Policies and Procedures for WIC Vendor Authorization in T ennessee Presented by

So You Think You Can be a WIC Vendor? Policies and Procedures for WIC Vendor Authorization in T ennessee Presented by Jerry Orenstein WIC Food Delivery Administrator T ennessee Department of Health NWA Technology & Program

516 views • 24 slides
Is a single DNS vendor enough? How can we make multi-vendor setups manageable? Petr paek

Is a single DNS vendor enough? How can we make multi-vendor setups manageable? Petr paek

Is a single DNS vendor enough? How can we make multi-vendor setups manageable? Petr paek petr.spacek@nic.cz 2019-02-03 Outline A single vendor Selection Why not ... Multiple vendors Recommendations

642 views • 26 slides
What the polls show: Americans and cybersecurity Aaron Smith Associate Director, Research

What the polls show: Americans and cybersecurity Aaron Smith Associate Director, Research

What the polls show: Americans and cybersecurity Aaron Smith Associate Director, Research Overview of our cybersecurity work Part o t of our ur o ong ngoing w work o on n Americans privacy y atti ttitud udes and nd b behaviors

300 views • 12 slides
Cybersecurity A presentation to the National Association of Black Accountants Cleveland

Cybersecurity A presentation to the National Association of Black Accountants Cleveland

Cybersecurity A presentation to the National Association of Black Accountants Cleveland Chapter Contents Cybersecurity and risk management 1 Cybersecurity and the regulatory 2 environment Cybersecurity and the audit 3 4 Appendix

685 views • 37 slides
CS615 - Aspects of System Administration System Security Department of Computer Science Stevens

CS615 - Aspects of System Administration System Security Department of Computer Science Stevens

CS765 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration System Security Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens.edu

921 views • 76 slides
Provably Secure Machine Learning Jacob Steinhardt ARO Adversarial Machine Learning Workshop

Provably Secure Machine Learning Jacob Steinhardt ARO Adversarial Machine Learning Workshop

Provably Secure Machine Learning Jacob Steinhardt ARO Adversarial Machine Learning Workshop September 14, 2017 Why Prove Things? Attackers often have more motivation/resources than defenders Heuristic defenses: arms race between attack and

738 views • 52 slides
CSE 127: Introduction to Security Deian Stefan UCSD Winter 2020 Lecture 1 Course staff

CSE 127: Introduction to Security Deian Stefan UCSD Winter 2020 Lecture 1 Course staff

CSE 127: Introduction to Security Deian Stefan UCSD Winter 2020 Lecture 1 Course staff Instructor: Deian Stefan deian@cs.ucsd.edu Lecture: Mon & Wed 5-6:20pm Center 109 Discussion: Fri 2-2:50pm Center 216 Office Hours: Wed

628 views • 49 slides
A Brief Intro to Security December 5th, 2013 What is Computer Security? The protection

A Brief Intro to Security December 5th, 2013 What is Computer Security? The protection

A Brief Intro to Security December 5th, 2013 What is Computer Security? The protection afforded to an automated information system in order to attain the applicable objectives of preserving the integrity, availability, and

296 views • 14 slides
IT 4500 : Information Security Secure Programming Dr Joe Francom Buffer Overflow What it is? A

IT 4500 : Information Security Secure Programming Dr Joe Francom Buffer Overflow What it is? A

IT 4500 : Information Security Secure Programming Dr Joe Francom Buffer Overflow What it is? A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold.

221 views • 3 slides
50+ corporate relationships live on BPO We were able to share shipping documents with BNPP

50+ corporate relationships live on BPO We were able to share shipping documents with BNPP

50+ corporate relationships live on BPO We were able to share shipping documents with BNPP electronically and in a matter of hours we received confirmation that they were fine. In terms of ease of working, its very positive, and we

445 views • 5 slides
Welcome to MREAs Virtual Meeting on Long Term Facility Maintenance Plans The meeting will

Welcome to MREAs Virtual Meeting on Long Term Facility Maintenance Plans The meeting will

Welcome to MREAs Virtual Meeting on Long Term Facility Maintenance Plans The meeting will begin in a few minutes. To prepare please: Do not show your video to conserve bandwidth Mute your microphone Have the MDE memo and

518 views • 33 slides
Page: 1 of 11 Effective Date: 12/95 Previous Review Date: 7/17 Current Review Date: 5/18 Revision

Page: 1 of 11 Effective Date: 12/95 Previous Review Date: 7/17 Current Review Date: 5/18 Revision

Page: 1 of 11 Effective Date: 12/95 Previous Review Date: 7/17 Current Review Date: 5/18 Revision Date: 5/18 SCHNECK MEDICAL CENTER Seymour, Indiana ORGANIZATION WIDE FUNCTION: Management of Information CREDIT AND COLLECTION POLICY PURPOSE : To

280 views • 12 slides

More recommend