SBOM: Will It Actually Help Manage Supply Chain Risk?Adam Isles of Chertoff Group on Cybersecurity Performance, Automation Approaches
How do we manage the risk of global supply chain attacks? Will a shift in cybersecurity liability to software providers help improve the problems of software vulnerabilities? Adam Isles, principal of The Chertoff Group, said mandating software bill of materials measures has its own challenges.
See Also: Software Supply Chain Do's and Don'ts
But Isles is confident that the executive authorities will be able to drive people toward more software-specific security standards because of the added pressure facing large organizations today.
"If we were talking five years ago, we would have had six to 10 SAAS applications there," Isles said. "Today, we are managing 130. We might have 40 billion IoT devices by 2025. The lines of codes have also increased. This adds to enormous layers of complexity. There is enough guidance out there, but the challenge is: How do we take this guidance and map it to the threat?"
In this video interview with Information Security Media Group at RSA Conference 2023, Isles also discusses:
- How to measure cybersecurity performance;
- How to understand where the defenses are working;
- Automation beyond SOAR.
Prior to joining The Chertoff Group, Isles was the director of strategy and policy consulting for homeland security at Raytheon Company. Prior to that, he served as deputy chief of staff at the U.S. Department of Homeland Security, where he was responsible for coordinating policy decisions, including technology standards, regulations, and business rules, for numerous border, travel security and critical infrastructure protection programs.