MAR 17 @6pm – Dr. Kenneth Crowther on Inside product cybersecurity for next-generation IIOT
Abstract: The water and wastewater sector is moving towards digitization due to the millions of dollars of savings derived from remote monitoring, predictive maintenance, and improved control. Digitization of water and wastewater infrastructure can potentially help resolve problems of access to clean water, sanitation, and sustainability if we can find the right partnership model to build security in while controlling costs. However, due to the highly distributed nature of water and wastewater operations (municipal treatment, industrial wastewater treatment, agricultural, commercial buildings, etc.), the smaller average size of operating companies, and the cost constraints, the emerging technology and architecture is increasingly appearing more like an industrial internet of things (IIOT) than traditional industrial control systems (ICS) following a Purdue model-type segmentation. When you combine that with increased targeting against critical infrastructure, there is a need for a shared responsibility between the product maker and the utility for successful cybersecurity and modernization that come from digitization of infrastructure. This presentation delves into the cybersecurity responsibilities of the product maker, and provides a tour inside the secure development frameworks and engineering challenges of producing next-generation IIOT technologies. The first part of the presentation provides an overview of what constitutes secure development of IIOT and how it works across multiple global teams and third party suppliers. The second part of the presentation provides some examples and case studies on securing over-the-air firmware updates or zero-trust device provisioning by third-party manufacturers. The desired outcome of this presentation is to provide insights into the cybersecurity challenges of a product maker. REGISTER HERE Presentation
About the Speaker: Dr. Kenneth Crowther is the Product Security Leader for Xylem Applied Water Systems. He was formerly Product Security Leader for General Electric (GE) Global Research and Principal Engineer at the MITRE Corporation. He teaches applied quantitative risk analysis at the University of Virginia and Georgetown University, has published dozens of peer-reviewed manuscripts on topics related to risk analysis and homeland security, served as the Chair of Attack and Disaster Preparedness Track of the IEEE Homeland Security Technology Conference, as the Assistant Area Editor for the journal Risk Analysis, as Chair of the Engineering and Infrastructure Specialty Group and Security and Defense Specialty Group of the Society for Risk Analysis, and on the Board of Directors of the Security Analysis and Risk Management Association. His research and publications in risk analysis have received various honors by the Institute for Information Infrastructure Protection, the International Council for Disaster Research, the University of Virginia Department of Systems and Information Engineering, the Department of Homeland Security, and the Center for Risk Management of Engineering Systems, among others. In addition to his current work at Xylem, he serves on the ISA Global Cybersecurity Alliance subcommittee for IIOT cybersecurity certifications and on a committee of the Military Operations Research Society to train and certify risk analysts for doing national security risk analyses. Dr. Crowther holds a PhD in Systems and Information Engineering from the University of Virginia and a BS in Chemical Engineering from Brigham Young University.