Software complexity in Electric Power Systems is increasing quickly with the digitization of protection, automation and control. To keep up with evolving product applications and requirements, manufacturers tend to rely on several software components, often from external sources, to build their products, which may provide a larger attack surface for entities targeting electrical utilities. Software Bill of Materials (SBOM) aim to provide a list of software components included in a product. This information could be used by electrical utilities to proactively assess their exposure when new cybersecurity vulnerabilities are published, allowing more rapid risk mitigation. However, special challenges will have to be addressed for the application of SBOMs to electric power system use cases.
Active Committees/Task Forces of Interest
IEEE PES PSCCC TF S17: Task Force on Use of SBOM in the Energy Sector,
https://site.ieee.org/pes-pscc/cybersecurity-subcommittee-s0/#1704314511728-c5d9bc9b-1bc7; DOE CESER and CISA SBOM Proof of Concept: https://sbom.inl.gov/sbom/
Technical Reports & Applicable Papers or Presentations
PES PSCCC has identified a trend towards the use of SBOM to assist with vulnerability assessment in Electric Power Systems. PSCCC TF S17 is in the process of identifying how they could be applied for embedded devices used in Electric Power Systems. The Task Force will publish a report on the matter to assist the PSCCC Cybersecurity Subcommittee in identifying future work to be proposed.
- Discourse, Challenges, and Prospects Around the Adoption and Dissemination of Software Bills of Materials (SBOMs) | IEEE Conference Publication | IEEE Xplore; https://ieeexplore.ieee.org/document/10305922
- An Intelligent Security Detection and Response Scheme Based on SBOM for Securing IoT Terminal devices | IEEE Conference Publication | IEEE Xplore; https://ieeexplore.ieee.org/document/10393435
- Visibility & Control: Addressing Supply Chain Challenges to Trustworthy Software-Enabled Things | IEEE Conference Publication | IEEE Xplore; https://ieeexplore.ieee.org/document/9174365
- Integrating Zero Trust in the cyber supply chain security | IEEE Conference Publication | IEEE Xplore; https://ieeexplore.ieee.org/document/9626299
Publications
- Boming Xia; Tingting Bi; Zhenchang Xing; Qinghua Lu; Liming Zhu; “An Empirical Study on Software Bill of Materials: Where We Stand and the Road Ahead”, DOI: 10.1109/ICSE48619.2023.00219, https://www.computer.org/csdl/proceedings-article/icse/2023/570100c630/1OM4MtCF0Dm
- Nusrat Zahan; Elizabeth Lin; Mahzabin Tamanna; William Enck; Laurie Williams; “Software Bills of Materials Are Required. Are We There Yet?”, DOI: 10.1109/MSEC.2023.3237100, https://www.computer.org/csdl/magazine/sp/2023/02/10102604/1MkXVoZc772
- Santiago Torres-Arias; Dan Geer; John Speed Meyers; “A Viewpoint on Knowing Software: Bill of Materials Quality When You See It”, DOI: 10.1109/MSEC.2023.3315887, https://ieeexplore.ieee.org/document/10315783
Other Available Material