This blog excerpt is taken from our April 2023 newsletter. To view the rest of the newsletter, visit rmf.org/newsletter.
By: Devon Schall, Ph.D., CISSP
On March 30th, I had the opportunity to attend the primary conference day for Information Systems Security Association (ISSA) Colorado Springs Cyber Focus Week hosted at University of Colorado, Colorado Springs (UCCS). After traveling throughout much of the US, Colorado Springs is on the top of my list as favorite places to visit as well as always being on the shortlist of great locations to live and have a bustling DoD cyber career. The purpose of this article is to touch on the highlights and main topics of the conference.
Throughout the day, three major topics continued to revibrate, for the sake of clarity and brevity, I will list them in chronological order with a summary of each.
- The importance of SBOM
Full disclosure here, when I first heard this term a few years ago, I initially thought it was referencing profane language, but I quickly realized no one “dropped an SBOM”. What is an SBOM you ask? Well, the acronym stands for software bill of materials (SBOM). The primary takeaway from a presentation on SBOM and some conversation with fellow RMF folks was that many think an SBOM should be a requirement from acquisitions in RMF contracts (this is unfortunately not a reality) and with so many supply chain threats every cybersecurity professional needs to be familiar with SBOM and the role it plays. For more information, I suggest visiting nist.gov and searching the term SBOM. This link is a great start.
- Advances in Quantum Computing/Threats to Cryptography
I was anticipating more conversations on OpenAI than quantum cryptography, but quite frankly, I was relieved to be given a break from AI. Quantum cryptography came up multiple times with an excellent roundtable discussion amongst leaders in quantum during a morning session. The primary takeaways from this session were that NIST is actively pursuing post-quantum cryptographic algorithms to replace our aging cryptographic standards which are not quantum resistant. The second big moment for me in this session was that breaking RSA and predicting keys is a big concern for the future, but we do not have to panic quite yet as quantum computing still has some progress to make before becoming a significant threat. For more information, I suggest checking out NIST’s Post-Quantum Cryptography Project as well as a highly recommended book called Quantum in Pictures.
- Space: The Final Frontier
Primary topics here were the infancy of cybersecurity in space and the evolving threats to the cybersecurity space landscape. I was very interested to hear that cybersecurity policy for space and satellites are currently very limited. I imagine this will be an area we will look back on in 10-20 years like I currently look at the early NIST documents during the infancy of cybersecurity. Standby for BAI’s next course offering titled RMF in Space. This NIST article has some good information on the current security challenges and efforts in space.
If you are looking for an ISSA Chapter to join, visit, or involve your business with, I cannot say enough positive things about the Colorado Springs chapter. They also have a symposium coming up in September called the Peak Cyber Symposium with Ron Ross as keynote which is linked below. I hope to see you there!
To stay ahead of the curve with SBOM and supply chain risk management, BAI offers our RMF and Supply Chain Security 1-day class. This is a must-take in light of recent attacks. Apply RMF principles to manage risk associated with every link in the supply chain and apply due diligence to trust relationships within your organization. Register now at register.rmf.org!