Tech at the Leading EdgeMar 22, 2023
Modernizing critical infrastructure protection policy: Seven perspectives on rewriting PPD21
By Will Loomis
In February of 2013, then President Obama signed a landmark executive order - Presidential Policy Directive 21 (PPD 21) - that defined how U.S. Departments and Agencies would provide a unity of government effort to strengthen and maintain US critical infrastructure. Almost a decade later, evolutions in both the threat landscape and the interagency community invite the US government to revise this critical policy.
Megan Samford is a nonresident senior fellow at the Cyber Statecraft Initiative under the Atlantic Council’s Digital Forensic Research Lab (DFRLab) and vice president and chief product security officer for energy management at Schneider Electric. Presently the only female chief product security officer (CPSO) for a major industrial, Samford is a security executive with a focus on industrial control systems security, critical infrastructure protection, and risk analysis. Samford drives the product security strategy and program for Schneider Electric’s energy management business.
Prior to Schneider Electric, Samford was the global director of product safety and security for Rockwell Automation, product security leader for GE Global Research, and lead for the GE Product Security Incident Response Team. While working in the public sector, she served as the Commonwealth of Virginia’s critical infrastructure protection coordinator and special assistant for homeland security projects within the offices of former Governors Tim Kaine and Bob McDonnell.
Samford brings a unique perspective to the security community based on her diverse security background with an interest in utilizing proven concepts from traditional critical infrastructure protection and emergency management foundations, such as Incident Command System and preparedness, and applying those to cyber, in particular for industrial control systems incident response.
In addition to her role at Schneider Electric, she is currently the chairperson for the ISA Global Cybersecurity Alliance. She is also leading a community-driven effort known as Incident Command System for Industrial Control Systems (ICS4ICS), which seeks to establish a common language for responding to cyber incidents and provide avenues for mutual assistance between organizations. Lastly, she is the co-chair of the US Department of Homeland Security’s Control Systems Working Group.
Samford has served on numerous boards, including Virginia Commonwealth University’s School of Electrical and Computer Engineering, Security Analysis and Risk Management Association, Department of Homeland Security’s Control Systems Security Working Group, Trusted Computing Group, and Virginia Aviation Security Advisory Council. She is also a returning 2022 program chair for the RSA Conference “Secure All the Things” track.
Samford holds a bachelor’s degree in homeland security and emergency preparedness as well as a master’s in public administration, both from Virginia Commonwealth University.