Podomation—ISA’s original podcast covering all things automation and cybersecurity—launched its inaugural episode highlighting the topic of SBOM, or software bill of materials, last month. The podcast plans to continuously bring in guests who are subject matter experts from throughout the industrial automation community.
Podomation’s July-released episode was recorded live at the OT Cybersecurity Summit in Aberdeen, Scotland. OT Cybersecurity Summit welcomed over 120 training and conference delegates to Aberdeen, selecting the location given the city’s strategic position in the energy sector.
ISA’s own Morgan Foor facilitated the educational conversation between Chris Blask (Vice President of Strategy, Cybeats), Steve Mustard (ISA Treasurer and President of National Automation, Inc.), and Cheri Caddy (Deputy Director at the US Office of the National Cyber Director at the White House). Blask, Mustard, and Caddy broke down the importance of SBOM and how it impacts software supply chain risk management.
Keynote Speaker Cheri Caddy—who has worked on supply chain issues for years for the federal government—shares that she’s excited about how the conversation surrounding SBOM is advancing quickly. Like all cybersecurity issues that impact critical infrastructure, Caddy shares that SBOM is challenging and complex.
The ISA/IEC 62443 series of standards “is all about what needs to be done and not how, which is deliberate, as the standards are all about what needs to be done without being prescriptive about technology or vendor” adds Mustard. “There is a huge opportunity for addressing this requirement,” he continues, and explains how from a future policy standpoint, transparency is going to be imperative in the future.
Foor further explains that according to Dr. Allan Friedman (Director of Cybersecurity Initiatives at the National Telecommunications and Information Administration), another speaker at the OT Cybersecurity Summit, the average pickup truck now has more coding in it than some of the retired spaceships. With that in mind, it becomes more important to have a deep understanding of the complexity of products, systems, and services that make up critical infrastructure sites and systems.
The first Podomation episode culminates with a thought-provoking question posed to the experts, “What is a security spectrum that we can rely on, not necessarily wanting to be the most secure or the low-hanging fruit? Where do you want to be?”
Blask, Mustard, and Caddy discuss how first it depends on who you are and if you’re regulated, and how optimally, the baseline of cybersecurity across the board would be raised for everyone. Also, the panelists discussed how cybersecurity is indeed a spectrum with each organization’s tolerance for risk as a key factor. At a minimum, you don’t want to overlook the basic elements of cyber-hygiene, and the population should be encouraged to raise this on a basic level.
The experts discussed how it can and should be clearer about what controls should be in place to ensure security, and fortunately there are globally recognized standards and conformance programs in place to do just that. The bottom line is that transparency in the supply chain—and in cybersecurity overall—is simply imperative.
Are you interested in being a guest on Podomation, or in advertising during one of our upcoming episodes? Feel free to send us a note at podomation@isa.org. Subscribe wherever you listen to podcasts to see new episodes as soon as they are available. Future topics include industry 4.0, digital transformation, manufacturing and machine control, connectivity and cybersecurity for operational technology, and continuous batch processing.
Some Podomation episodes will be live from ISA events, and others recorded in studio. striving to continuously focus on the critical role that automation plays in making the world a better place, as well as the variety of ways that our community is making a difference.
