Software Bill of Materials in Critical Infrastructure

Abstract

Critical infrastructure today is comprised
of cyber-physical systems, and therefore also vulnerable
to cyber threats. Many of these threats come from
within, through malicious code in software updates or
bugs that can be exploited. Further exacerbating the
issue is the fact that most software suppliers in critical
infrastructure are developing proprietary systems and
giving out minimal information about the composition
of their software products. With the US introduction
of a Software Bill of Materials (SBOM) requirement in
federal information systems, they are better prepared
to deal with cyber incidents. This article examines
regulations regarding software in critical infrastructure,
and whether there is any benefit to mandating SBOMs
in critical infrastructure.

Client

EU – Horizon Europe (EC/HEU) / 101119747
Research Council of Norway (RCN) / 310105

Language

English

Author(s)

Lars Andreassen Jaatun
Silje Marie Sørlien
Ravishankar Borgaonkar
Taylor Steve
Martin Gilje Jaatun

Affiliation

Norwegian University of Science and Technology
SINTEF Digital / Software Engineering, Safety and Security
University of Southampton
University of Stavanger

Year

2024

Publisher

IEEE conference proceedings

Book

Proceedings of the 2023 IEEE International Conference on Cloud Computing Technology and Science (IEEE CloudCom 2023)

Issue

ISBN

979-8-3503-3982-6

Page(s)

319 - 324

External resources

DOI

https://doi.org/https://doi.org/10.1109/cloudcom59040.2023.00059

View this publication at Cristin

Contact us

Our services

Career

Sustainability

Management and board

Institutes

Other units

About us

Follow us