Taming the Chaos of Supply Chain Security Risks with MITRE's System of Trust™

EnglishKeynoteStreamingLive Q&ABlue TeamMITRE

Share Note Instant QA Video Presentation

time

03:15 ~ 04:05

site

The trust and trustworthiness of supply chains is at the center of many of today’s global security challenges. This presentation explores the details of MITRE’s System of Trust, a community effort to develop and validate a process for integrating evidence of the organizational, technical, and transactional trustworthiness of supply chain elements for decision makers dealing with supply chain security. This framework is defining, aligning, and addressing the specific concerns and risks that stand in the way of organizations’ trusting suppliers, supplies, and service offerings. More importantly, the framework offers a comprehensive, consistent, and repeatable methodology – for evaluating suppliers, supplies, and service offerings alike – that is based on decades of supply chain security experience, deep insights into the complex challenges facing the procurement and operations communities, and broad knowledge of the relevant standards and community best practices.
By creating and curating a community-enabled structured corpus of concerns that are important for trusting organizations, products, and components, and service offerings that can be adopted, taught, and utilized by any organization involved in a supply chain, the System of Trust offers a framework for focusing concise and rapid attention onto those risks most relevant and actionable to the parties involved in exchanging goods and services. This is comparable to how MITRE’s ATT&CK framework enables discourse and synergies in the cyber risk domain. Additionally, the framework includes a mechanism for winnowing down and tailoring the overall System of Trust to a set of concerns and investigative questions that consider the resources of your organization, the significance of the system or service to its operations, and the consequences that could result from failing to fully vet concerns. Finally, the System of Trust provides the ability to apply scoring mechanisms that can be adapted to your organization’s priorities, operational sensitivities, and experience with its type of business and partners.

Robert A. Martin

Robert A. Martin, a Senior Principal Software and Supply Chain Assurance Engineer at the MITRE Corporation, has dedicated his career to solving some of the world’s most difficult problems in systems and software engineering. His work focuses on the interplay of risk management, cyber security, and quality assessment and assurance. For 23 years, Robert has applied his expertise to international cybersecurity initiatives such as CVE, CAPEC, and CWE, which host large active vendor and research communities, and is now working on standardizing the Software Bill of Materials (SBOM) and MITRE’s supply chain security System of Trust™. Robert is frequently invited to speak on security and quality issues pertaining to software-based technology systems and the work of the IIC and has published numerous articles and presentation. He also contributed to or authored over 60 standards within ITU-T, ETSI, OMG, The Open Group, UL, and ISO, including the new ISO/IEC 5055 code quality measurement standard. Robert hosts quarterly meetings on software and supply chain assurance with over 300 participants from international, commercial, academic, and government communities. Prior to joining MITRE, Robert designed and installed manufacturing control systems in Area 2 of Kodak Park and performed software integration and porting projects for both RPI and General Electric. Robert holds degrees in electrical engineering from RPI and an MBA from Babson.

English interpretations will be provided for all sessions not presented in English.

Agenda Table

00:30

Attendant Registration Time

01:20

Welcome Speech & Event Introduce

02:10

R0
Insight and trend: Worldwide threat landscape from Microsoft Threat Intelligence Center
Mark Parsons | Justin Warner
50 min
KeynoteVirtualLive Q&AThreat IntelligenceCyberwar

03:00

Break

03:15

R0
Taming the Chaos of Supply Chain Security Risks with MITRE's System of Trust™
Robert A. Martin
50 min
KeynoteStreamingLive Q&ABlue TeamMITRE

Taming the Chaos of Supply Chain Security Risks with MITRE's System of Trust™

time

site

Robert A. Martin

Agenda Table

00:30

Attendant Registration Time

01:20

Welcome Speech & Event Introduce

02:10

Insight and trend: Worldwide threat landscape from Microsoft Threat Intelligence Center

03:00

Break

03:15

Taming the Chaos of Supply Chain Security Risks with MITRE's System of Trust™

04:05

Lunch

05:00

Your Printer is not your Printer ! - Hacking Printers at Pwn2Own

Understanding the Chinese underground card shop ecosystem and becoming a phishing master

Actually, your blue team is red. Stealing your red move from the blue side

Every authorization has its black: tackling privilege escalation in macOS

Injection 101

05:45

Break

06:00

Cybersecurity operation and management bird's-eye view from Japanese financial industry experience.

Disrupting factories, missile bases and warships - Exploration into DDS protocol implementations

Air-Gaped? How to bridge the gap?

CRAX++: Modular Exploit Generator using Dynamic Symbolic Execution

Web Security 101: Finding common bugs on websites

06:45

Tea Time

07:00

07:25

Round Table's Summary

Adventures in Cyber Space: An introduction to satellite cybersecurity

Critical Report - Active Directory Risk Quantification and Defense Strategy

ISIP 校友活動

Insider trading trade secrets? Traces could be found. (Part 1)

08:10

Break

08:25

A new secret stash for fileless malware

Active Directory Security - Truth is Stranger than Fiction

09:10

Closing

09:25