Below the Surface: The Supply Chain Security Podcast
SubscribeDefending Against Supply Chain Attacks – Bri Rolston – BTS #18
Bri has spent her career investigating and defending against critical infrastructure attacks. Hear her take on the current threat landscape, supply chain security, and more!
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Segments
Defending Against Supply Chain Attacks – Bri Rolston – BTS #18
Protecting The Digital Supply Chain – Yuriy Bulygin – BTS #17
Dr. Yuriy Bulygin is the CEO and founder of Eclypsium, the digital supply chain security company. Prior to Eclypsium, Yuriy was Chief Threat Researcher at Intel Corporation. He is also the creator of CHIPSEC, the popular open-source firmware and hardware supply chain security assessment framework When enterprises started using CHIPSEC to find vulnerabilities, discover compromised firmware, or just poke around hardware systems, Yuriy founded Eclypsium with Alex Bazhaniuk. Since then Eclypsium has been on a mission to protect devices from supply chain risks.
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Segments
Protecting The Digital Supply Chain – Yuriy Bulygin – BTS #17
UEFI & The Digital Supply Chain – Dick Wilkins – BTS #16
Learn about the evolution of UEFI, various aspects of supply chain security surrounding UEFI, and the interactions between links in the supply chain that ultimately end up delivering you a computer or server.
Segment Resources:
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Segments
UEFI and The Digital Supply Chain – Dick Wilkins – BTS #16
Reverse Engineering BMCs and Other Firmware – Vladyslav Babkin – BTS #15
Vlad is part of the Eclypsium research team and has discovered several flaws in BMC ecosystems. He comes on the show to talk about his journey and cover the details behind BMC vulnerabilities and attacks.
Segment Resources: https://forum.defcon.org/node/245714 https://eclypsium.com/research/bmcc-lights-out-forever/ https://eclypsium.com/blog/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/
Segments
Reverse Engineering BMCs and Other Firmware – Vladyslav Babkin – BTS #15
Protecting The Federal Supply Chain – John Loucaides – BTS #14
John Loucaides, SVP Strategy at Eclypsium, joins us on the show to discuss protecting the federal supply chain!
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Segments
Protecting The Federal Supply Chain – John Loucaides – BTS #14
Network Device Supply Chain Security – Nate Warfield – BTS #13
We dig into network devices/appliances, why they are still around, who is attacking them, and how. Just why are attackers using network devices in ransomware campaigns and how do we stop them? Tune-in to find out as Nate Warfield, Director of Threat Research and Intelligence at Eclypsium joins us for this episode!
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Segments
Network Device Supply Chain Security – Nate Warfield – BTS #13
Dealing with The Digital Supply Chain – Ramy Houssaini – BTS #12
Ramy Houssaini joins us to discuss the challenges enterprises face when dealing with supply chain threats, risks and vulnerabilities. We'll explore how to identify cybersecurity gaps in your various supply chains, discuss real-world examples such as Log4j and more!
Segments
Dealing with The Digital Supply Chain – Ramy Houssaini – BTS #12
SCRM and Supply Chain Security Up and Down the Stack – Steve Orrin – BTS #11
Supply Chain threats and industry / government initiatives like EO 14028 are driving a deeper understanding and a set of requirements for applying supply chain risk management (SCRM) and increased transparency (ex. SBOM) across the software ecosystem up and down the stack. Platform and system firmware present unique challenges for supply chain assurance from the depths of the stack.
Segment Resources: ESF: Securing the Software Supply Chain for Customers https://media.defense.gov/2022/Nov/17/2003116444/-1/-1/0/ESFSECURINGTHESOFTWARESUPPLYCHAINCUSTOMER_SLICKSHEET.PDF
ESF: Securing the Software Supply Chain for Suppliers https://media.defense.gov/2022/Oct/31/2003105572/-1/-1/0/ESFSECURINGTHESOFTWARESUPPLYCHAINSUPPLIERS_SLICKSHEET.PDF
ESF: Securing the Software Supply Chain for Developers https://media.defense.gov/2022/Sep/01/2003068942/-1/-1/0/ESFSECURINGTHESOFTWARESUPPLYCHAINDEVELOPERS.PDF
CISA SBOM Site https://www.cisa.gov/sbom
Segments
SCRM and Supply Chain Security Up and Down the Stack – Steve Orrin – BTS #11
Learning About Firmware Security – Xeno Kovah – BTS #10
Firmware security is a deeply technical topic, that's hard to get started in. In this talk, Xeno will discuss some past work in firmware security, and how he has organized resources such as a low level timeline (with over 300 talks), and free MOOC classes, to help teach people about firmware security.
Segment Resources: https://ost2.fyi https://darkmentor.com/timeline.html
Segments
Learning About Firmware Security – Xeno Kovah – BTS #10
Accidentally Learning about Security: From Firmware to the Cloud, Brian Richardson – BTS #9
Brian Richardson didn't start out wanting to do marketing or computer security... but after starting his career as a BIOS programmer, he tripped and fell into technical marketing (aka "Binary to English translator"). Brian's here to talk about the importance of hardware & firmware security in a SaaS world.
Segment Resources: https://www.youtube.com/watch?v=I2FwiEH6dg4
https://www.youtube.com/watch?v=i9PrWw4ljeg
https://medium.com/intel-tech/security-built-on-a-foundation-of-trust-1fa1dbb74cbc
https://archive.fosdem.org/2020/schedule/event/firmware_culisfu/