The Benefits of a Software Bill of Materials Program at Nuclear Facilities
- Idaho National Laboratory
- Pacific Northwest National Laboratory
Software supply chain attacks are becoming increasingly more prevalent in both information communications technology and operational technology environments. Often, a supplier or other entity discloses vulnerability information about software components and subcomponents used in a digital asset, but an asset owner is unable to quickly ascertain if the vulnerable component is installed in their facility. The generation and use of a software bill of materials (SBOM) for installed digital assets can enable an asset owner to quickly identify if and where a component is used, allowing them to evaluate the risk and determine necessary risk treatments. The integration of an SBOM program into a nuclear facility not only improves vulnerability management and risk management processes, it also benefits asset and configuration management, cybersecurity, and supply chain programs. This paper reviews the U.S. Department of Energy Office of Nuclear Energy Cybersecurity Crosscutting Technology Development program’s work on integrating an SBOM program into a nuclear facility. It also provides a discussion on the benefits of such a program.
- Research Organization:
- Idaho National Laboratory (INL), Idaho Falls, ID (United States)
- Sponsoring Organization:
- 58
- DOE Contract Number:
- AC07-05ID14517
- OSTI ID:
- 2279188
- Report Number(s):
- INL/CON-23-71577-Rev000
- Country of Publication:
- United States
- Language:
- English
Similar Records
Software Bill of Materials in the Nuclear Industry
Strengthening the Security of Operational Technology: Understanding Contemporary Bill of Materials