Hi everyone! We will start out with news and notes (virtually) and then talk about the Software Supply Chain.

Description: Overview of lessons learned and key takeaways from recent Supply Chain attacks. Key takeaways:
– Multiple vulnerabilities in target infrastructures can lead to build pipeline compromise
– Potentially detailed internal working knowledge can be leveraged
– Care was taken to avoid potential warnings and build failures
– Unintended functionality deployed as part of signed update
– Similar common weaknesses in typical information security blocking and tackling at victim sites were exploited to avoid detection
– In all, there is no preventative or detective control domain within the Cyber Security realm that is unaffected by overall failures or weaknesses as part of an attack of this nature, from legal frameworks to advanced threat detection.

Michael Fabian
– Principal Consultant in Atlanta, GA
– BS – Political Science
– MS – information Systems – Information Security
– MS – Systems Engineering
Prior to Synopsys
– 20 Years professional experience
– 11 years in non-IT Systems Security
– Experience from end user analysis to vendor product design
– Industry Participation – From Medical Devices to Weapon Systems
– Smart Grid Working Group (SGIP)
– IEC/ISA TC65 – IEC 62443