Software Bill of Materials in Critical Infrastructure
Jaatun, Lars Andreassen; Sørlien, Silje Marie; Borgaonkar, Ravishankar Bhaskarrao; Steve, Taylor; Jaatun, Martin Gilje
Original version
Jaatun, L. A., Sørlien, S. M., Borgaonkar, R., Taylor, S., & Jaatun, M. G. (2023, December). Software Bill of Materials in Critical Infrastructure. In 2023 IEEE International Conference on Cloud Computing Technology and Science (CloudCom) (pp. 319-324). IEEE.Abstract
Critical infrastructure today is comprised of cyber-physical systems, and therefore also vulnerable to cyber threats. Many of these threats come from within, through malicious code in software updates or bugs that can be exploited. Further exacerbating the issue is the fact that most software suppliers in critical infrastructure are developing proprietary systems and giving out minimal information about the composition of their software products. With the US introduction of a Software Bill of Materials (SBOM) requirement in federal information systems, they are better prepared to deal with cyber incidents. This article examines regulations regarding software in critical infrastructure, and whether there is any benefit to mandating SBOMs in critical infrastructure.