In this podcast from the Carnegie Mellon University Software Engineering Institute (SEI), Gregory J. Touhill, director of the SEI CERT Division, talks with principal researcher Suzanne Miller about the 2020 attack on Solar Winds software and how to prevent a recurrence of another major attack on key systems that are in widespread use. Solar Winds is the name of a company that provided software to the U.S. federal government. In late 2020, news surfaced about a cyberattack that had already been underway for several months and that had reportedly compromised 250 government agencies, including the Treasury Department, the State Department, and nuclear research labs. In addition to compromising data, the attack resulted in financial losses of more than $90 million and was probably one of the most dangerous modern attacks on software and software-based businesses and government agencies in the recent past. The SolarWinds incident demonstrated the challenges of securing systems when they are the product of complex supply chains.
In this podcast, Touhill discusses topics including the need for systems to be secure by design and secure by default, the importance of transparency in the reporting of vulnerabilities and anomalous system behavior, the CERT Acquisition Security Framework, the need to secure data across a wide range of disparate devices and systems, and tactics and strategies for individuals and organizations to safeguard their data and the systems they rely on daily.
My Story in Computing with Sam Procter
Developing and Using a Software Bill of Materials Framework
The Importance of Diversity in Cybersecurity: Carol Ware
The Importance of Diversity in Software Engineering: Suzanne Miller
The Importance of Diversity in Artificial Intelligence: Violet Turri
Using Large Language Models in the National Security Realm
Atypical Applications of Agile and DevSecOps Principles
When Agile and Earned Value Management Collide: 7 Considerations for Successful Interaction
The Impact of Architecture on Cyber-Physical Systems Safety
ChatGPT and the Evolution of Large Language Models: A Deep Dive into 4 Transformative Case Studies
The Cybersecurity of Quantum Computing: 6 Areas of Research
User-Centric Metrics for Agile
The Product Manager’s Evolving Role in Software and Systems Development
Measuring the Trustworthiness of AI Systems
Actionable Data in the DevSecOps Pipeline
Insider Risk Management in the Post-Pandemic Workplace
An Agile Approach to Independent Verification and Validation
Zero Trust Architecture: Best Practices Observed in Industry
Automating Infrastructure as Code with Ansible and Molecule
Create your
podcast in
minutes
It is Free