Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Software Bill of Materials in the Nuclear Industry

Conference ·
OSTI ID:2279155
 [1];  [1];  [1];  [1];  [2]
  1. Idaho National Laboratory
  2. Pacific Northwest National Laboratory
+ Show Author Affiliations
Nuclear power plants (NPP) have thousands of digital assets throughout their facility. Typically, NPPs have asset and configuration management programs that capture the make, model, and version of a component. This information, however, usually only includes first- or second-tier components and does not capture the complete enumeration of software components and their dependencies within operational technology (OT) equipment. As seen with recent cyberattacks, this level of detail is insufficient for identifying if and where an exploitable vulnerability exists within a facility. A software bill of materials (SBOM) provides this detailed enumeration. Further, integrating SBOMs with vulnerability data sources and vulnerability attestation reports can provide improved awareness leading to better cyber risk management and incident response. Preferably, SBOMs are provided by the supplier; however, when an NPP already owns a device, it is less likely they will have a supplier provided-SBOM. Fortunately, SBOMs can be generated on installed digital assets. This paper provides an introduction to the U.S. Department of Energy Office of Nuclear Energy paper titled “Towards Software Bill of Materials in the Nuclear Industry,” which describes the SBOM ecosystem and provides a suggested approach to methodically and seamlessly integrate an SBOM program in an NPP.
Research Organization:
Idaho National Laboratory (INL), Idaho Falls, ID (United States)
Sponsoring Organization:
58
DOE Contract Number:
AC07-05ID14517;
OSTI ID:
2279155
Report Number(s):
INL/CON-23-70977-Rev000
Conference Information:
International Conference on Computer Security in the the Nuclear World, Vienna, Austria, 06/19/2023 - 06/23/2023
Country of Publication:
United States
Language:
English

Similar Records

Towards Software Bill of Materials in the Nuclear Industry
Technical Report · Wed Aug 31 20:00:00 EDT 2022 · OSTI ID:1901825
The Benefits of a Software Bill of Materials Program at Nuclear Facilities
Conference · Wed Jul 19 20:00:00 EDT 2023 · OSTI ID:2279188
Evaluating Methods of Software Bill of Materials Generation to Enhance Nuclear Power Plant Cybersecurity
Journal Article · Tue Sep 17 20:00:00 EDT 2024 · Nuclear Technology · OSTI ID:2587599

Related Subjects

98 NUCLEAR DISARMAMENT, SAFEGUARDS, AND PHYSICAL PROTECTION
Nuclear Power Plant
SBOM
Software Bill of Materials