Software Bill of Materials (SBoM) for Electric Power Systems (EPS)

Software complexity in Electric Power Systems is increasing quickly with the digitization of protection, automation and control. To keep up with evolving product applications and requirements, manufacturers tend to rely on several software components, often from external sources, to build their products, which may provide a larger attack surface for entities targeting electrical utilities. Software Bill of Materials (SBOM) aim to provide a list of software components included in a product. This information could be used by electrical utilities to proactively assess their exposure when new cybersecurity vulnerabilities are published, allowing more rapid risk mitigation. However, special challenges will have to be addressed for the application of SBOMs to electric power system use cases.
Active Committees/Task Forces of Interest

IEEE PES PSCCC TF S17: Task Force on Use of SBOM in the Energy Sector,
https://site.ieee.org/pes-pscc/cybersecurity-subcommittee-s0/#1704314511728-c5d9bc9b-1bc7; DOE CESER and CISA SBOM Proof of Concept: https://sbom.inl.gov/sbom/

Technical Reports & Applicable Papers or Presentations
PES PSCCC has identified a trend towards the use of SBOM to assist with vulnerability assessment in Electric Power Systems. PSCCC TF S17 is in the process of identifying how they could be applied for embedded devices used in Electric Power Systems. The Task Force will publish a report on the matter to assist the PSCCC Cybersecurity Subcommittee in identifying future work to be proposed.
Publications