Software Bill of Materials in Critical Infrastructure
Jaatun, Lars Andreassen; Sørlien, Silje Marie; Borgaonkar, Ravishankar Bhaskarrao; Steve, Taylor; Jaatun, Martin Gilje
Chapter
Accepted version
Permanent lenke
https://hdl.handle.net/11250/3140599Utgivelsesdato
2024Metadata
Vis full innførselSamlinger
Originalversjon
Jaatun, L. A., Sørlien, S. M., Borgaonkar, R., Taylor, S., & Jaatun, M. G. (2023, December). Software Bill of Materials in Critical Infrastructure. In 2023 IEEE International Conference on Cloud Computing Technology and Science (CloudCom) (pp. 319-324). IEEE.Sammendrag
Critical infrastructure today is comprised of cyber-physical systems, and therefore also vulnerable to cyber threats. Many of these threats come from within, through malicious code in software updates or bugs that can be exploited. Further exacerbating the issue is the fact that most software suppliers in critical infrastructure are developing proprietary systems and giving out minimal information about the composition of their software products. With the US introduction of a Software Bill of Materials (SBOM) requirement in federal information systems, they are better prepared to deal with cyber incidents. This article examines regulations regarding software in critical infrastructure, and whether there is any benefit to mandating SBOMs in critical infrastructure.