Evaluating Methods of Software Bill of Materials Generation to Enhance Nuclear Power Plant Cybersecurity

Vairagade, Himanshu V.; Mercado, Angel; Ruiz Padron, Adolfo; Buniya, Abhro; Eggers, Shannon; Zhang, Fan

doi:10.1080/00295450.2024.2382015

Evaluating Methods of Software Bill of Materials Generation to Enhance Nuclear Power Plant Cybersecurity

Journal Article · Wed Sep 18 00:00:00 EDT 2024 · Nuclear Technology

DOI:https://doi.org/10.1080/00295450.2024.2382015· OSTI ID:2587599

Vairagade, Himanshu V. ^[1]; Mercado, Angel ^[1]; Ruiz Padron, Adolfo ^[1]; Buniya, Abhro ^[1]; ^[2]; ^[1]

Georgia Institute of Technology, Atlanta, GA (United States)
Idaho National Laboratory (INL), Idaho Falls, ID (United States)

Instrumentation and control (I&C) systems in nuclear power plants (NPPs) are potential targets of cyberattacks and can prove deleterious for the safety of the NPPs. A Software Bill of Materials (SBOM) provides a detailed list of the various components and their dependencies in software, which helps in vulnerability and risk assessment for cyber hygiene and situational awareness. For an NPP, the process of generating an accurate SBOM report can be complex due to the legacy systems and firmware binaries involved. While most current SBOM tools are focused more on modern internet technology software, this research provides insights and guidelines for an NPP to generate an accurate and efficient SBOM. Here, the paper proposes a new methodology to help NPPs categorize software and use appropriate tools to generate SBOMs for their digital I&C systems.

Research Organization:: Idaho National Laboratory (INL), Idaho Falls, ID (United States)

Sponsoring Organization:: USDOE Office of Nuclear Energy (NE)

Grant/Contract Number:: AC07-05ID14517

OSTI ID:: 2587599

Report Number(s):: INL/JOU--23-75742-Rev000

Journal Information:: Nuclear Technology, Journal Name: Nuclear Technology Journal Issue: 6 Vol. 211; ISSN 0029-5450; ISSN 1943-7471

Publisher:: Informa UK LimitedCopyright Statement

Country of Publication:: United States

Language:: English

References (4)

Cyber security issues imposed on nuclear power plants Kim, Do-Yeon Annals of Nuclear Energy, Vol. 65 https://doi.org/10.1016/j.anucene.2013.10.039	journal	March 2014
Robust localized cyber-attack detection for key equipment in nuclear power plants Zhang, Fan; Coble, Jamie B. Progress in Nuclear Energy, Vol. 128 https://doi.org/10.1016/j.pnucene.2020.103446	journal	October 2020
Building resilient medical technology supply chains with a software bill of materials Carmody, Seth; Coravos, Andrea; Fahs, Ginny npj Digital Medicine, Vol. 4, Issue 1 https://doi.org/10.1038/s41746-021-00403-w	journal	February 2021
Software Bills of Materials Are Required. Are We There Yet? Zahan, Nusrat; Lin, Elizabeth; Tamanna, Mahzabin IEEE Security & Privacy, Vol. 21, Issue 2 https://doi.org/10.1109/MSEC.2023.3237100	journal	March 2023