IOActive Senior Advisor John Sheehy will be a part of a panel discussion taking place during the Cyber-Physical Systems Security Summit (CPS3), taking place June 16 – 17 in Rochester, MI. An abstract of IOActive’s participation can be found below.
ABOUT THE EVENT:
“Clear lines between war and peace, physical and digital, and foreign and domestic threats have dissolved. We are now in a constant state of “gray-zone” conflict, where adversaries operate below the threshold of traditional warfare to achieve strategic goals. This conflict is not fought on a distant battlefield but here at home, targeting the very seams of our society:
- It’s AI agents learning to attack on their own.
- It’s foreign-owned land next to a military base becoming a launchpad for espionage.
- It’s a compromised software update from a trusted supplier.
- It’s the need for an “all-of-society” response because the government cannot do it alone.
- It’s the struggle to write a national strategy for a fight that has no clear rules.
Therefore, the mission of this summit is to move beyond siloed thinking and forge a unified, cyber-physical defense strategy capable of confronting these ambiguous threats head-on. Join us as we bring together experts from the US military, Industry, Government, and Academia to address both the problems and possible solutions to some of the hardest cybersecurity challenges facing our nation today.
PANEL ABSTRACT:
Significant deployment of COTS technology components into military systems offers benefits and new risks. COTS suppliers have little or no focus on supply chain risks especially sophisticated supply chain interdiction operations to deploy clandestine implants into the ecosystem. Moreover, their open nature subverts a key protection found in closed, defense-only ecosystems – firmware for systems can often be freely downloaded off the internet and reverse engineered for remote code execution vulnerabilities (RCEs). Simple protections like encrypted firmware images are not deployed. For exmaple, in the case of the 787, advesaries who operate the commercial ariliner at national airlines have an unencrypted copy of key avionics software for flight systems that is identical or almost identical to that used in the KC-46.