IIoTSBOM for manufacturing and end users
Software Bill of Materials help the users of the equipment they operate (manufacturers, producers, operators, … – end users) to get a more transparent understanding of the equipment.
During daily operations, the Software Bill of Materials allows the operator to be instructed what to be alert for in consideration of a cyber incident. Due to the reported potential threats and vulnerabilities, CyberSecurity management can indicate the operator on similar types of events that can occur. For instance, to prevent a ransomware attack from happening, the operator can notice and alert on abnormal behavior.
Manufacturers and producers can consider the Software / Security Bill of Materials in a similar way as they operate a production Bill of Materials. It is a ledger of components that make up the purchased or operated equipment. But this SBOM will focus on which software has been installed, and needs to be maintained, including potential software security risks and considerations. The Software Bill of Materials can for instance indicate the need for additional identification or authentication requirements.
During procurement, purchasing departments can indicate their requirement upfront and identify in collaboration with risk and security departments what accepted level of security challenges can be identified. A Software Bill of Materials can be called upon as a general ledger that contains these risks and security challenges. Afterwards, the Bill of Material can serve as the ledger to check for all delivered components and their security and risks status, and can be joined with a security plan to ensure follow-up and daily management of security risks.
Compliance departments and general management can utilize the Software Bill of Materials to cope with reporting, provide more transparency to regulators or customers demanding for tracing capabilities either for themselves, or in the total supply chain they are part of.
In the Healthcare Industry the Software Bill of Materials serves the societal benefit of ensuring reduction of CyberSecurity risks to health-related challenges. Heath equipment that can be tampered with, can cause personal damage to citizens. The Software Bill of Materials allows for healthcare operators to identify risks that only became apparent after the purchase of the equipment, and beyond the knowledge at the time of the equipment provider. It will be a joined responsibility of the healthcare operator and the manufacturer to ensure to avoid harm to be done, by CyberSecuring the equipment.