NCCoE Learning Series Fireside Chat: Federal Government Perspectives on Managing Supply Chain Cybersecurity Risks to Computing Devices

Thursday, September 30, 2021

NCCoE Learning Series Webinar

Date/Time: Thursday, September 30, 2021 | 3 p.m. EDT
Duration: 30 minutes plus Q&A
Technical Level: Foundational

Description:  

Organizations today face an extraordinarily complex challenge in verifying that the internal components of computing devices are genuine and have not been altered during manufacturing and distribution processes. By the time a computing device reaches an end user, it has gone through a web of interdependent supply chain participants—component manufacturers, sub-contractors, suppliers, distributors, etc. Supply chain cybersecurity risks, such as counterfeiting, unauthorized production, tampering, theft, and insertion of unexpected software and hardware, can affect an organization’s overall cybersecurity posture. Managing these cyber risks requires ensuring the integrity of the computing device supply chain and its products and services. 

During this fireside chat we will explore:

  • how and why attackers target computing device supply chains
  • challenges organizations are facing, and how they can begin addressing the integrity of their computing devices
  • steps to take if you suspect or confirm a device has been tampered with
  • lessons learned from recent hardware/firmware supply chain attacks
  • how the NIST National Cybersecurity Center of Excellence is addressing supply chain assurance of computing devices

Meet Our Panelists

  • Jon Boyens, Deputy Chief, Computer Security Division, National Institute of Standards and Technology (NIST)
  • Gabriel Davis, Risk Operation Federal Lead, Cybersecurity Division, Cybersecurity and Infrastructure Security Agency (CISA)
  • Nakia Grayson, Supply Chain Assurance Project Lead, NIST NCCoE
  • Lawrence Reinert, Computer Systems Researcher, National Security Agency (NSA)