|
Overview
Presentations & Speakers
Platform
Media Partners
Purchase Proceedings
Tech Help
Contact
Session Abstract
Software Verification And Security Analysis
Cybersecurity issues should be found during quality assurance or pre-production release testing. Currently, automated solutions to find vulnerabilities in smart grid software through testing, scanning, and inspection are, at times, insufficient. A solution needs to fit into a vendor's and utility's system, product or software development lifecycle. One solution would be to operate on compiled software, reveal all software behavior (correct and incorrect, legitimate and malicious). This session discusses a new technology for software verification and security analysis based on computed behavior and practical actions to enhance the system, product or software development lifecycle in order to reduce cybersecurity issues in production systems, products and software.
Note: To view the recording of this presentation (audio + PowerPoints) and download the .PDF, please purchase the proceedings for this event.
>> View Recording
>> Download PDF
Speakers:
|
Sandy Bacik,CISSP, CISM, ISSMP, CGEIT
Principal Consultant
EnerNeX
|
Sandy Bacik, EnerNex Principal Consultant, author and former CSO, has over 15 years direct development, implementation, and management information security experience in the areas of audit management, disaster recovery/business continuity, incident investigation, physical security, privacy, regulatory compliance, standard operating policies/procedures, and data center operations and management. With an additional 15 years in information technology operations.
Ms. Bacik has managed, architected and implemented comprehensive information assurance programs and managed internal, external, and contracted/outsourced information technology audits to ensure various regulatory compliance for state and local government entities and Fortune 200 companies. She has developed methodologies for risk assessments, information technology audits, vulnerability assessments, security policy and practice writing, incident response, and disaster recovery.
Ms. Bacik is a regular presenter for the MIS Training Institute security course. Ms. Bacik is the author of Building an Effective Security Policy Architecture (2008) and a contributing author to the Information Security Management Handbook (2009, 2010, 2011). Ms. Bacik is the lead cyber security liaison to the NIST Smart Grid Interoperability Panel (SGIP) Cybersecurity Working Group (CSWG) and one of the original participants for the creation and publication of the NISTIR 7628; part of the CSWG management team; chairs CSWG subgroups of security architecture, AMI security, and testing and certification; coordinated and developed the Assessment Guide to the NISTIR 7628; provides cyber security support to the NIST SGIP Architecture and Testing and Certification Committees; CSWG liaison to PAPs 6 and 13; CSWG liaison to the NERC Smart Grid, cyber attack, and severe impact resiliency task forces.
|
Richard Linger, Senior Cyber Security Research Scientist
Cyberspace Sciences and Information Intelligence Research Group
Oak Ridge National Laboratory
|
Mr. Linger leads a team of scientists and engineers in developing advanced software behavior computation technologies for verification of software function and security properties, with initial application to smart grid components. This work is directed to identifying and defeating threats to the national cyber infrastructure.
At the Software Engineering Institute at Carnegie Mellon University, Rick managed a research project to develop mathematical foundations for software behavior computation with application to malware analysis. He also conducted research on rigorous methods for large-scale system development. At IBM, Rick partnered with Dr. Harlan Mills to develop mathematical foundations for software development and verification to approach zero defects, statistical usage-based testing to certify software fitness for use, and incremental development to maintain management control of software projects.
Mr. Linger has co-authored three software engineering textbooks and eleven book chapters. He is a member of the Association for Computing Machinery (ACM), the American Institute of Aeronautics and Astronautics, and a Senior Member of the Institute of Electrical and Electronics Engineers (IEEE).
[ back to session schedule ]
|
|
|
|
