Cybersecurity for the Operational Technology Environment (CyOTE)
Incorporating context for better threat detection
The Energy Sector Software Bill Of Materials (SBOM) Proof of Concept (POC) effort is a partnership between DOE CESER and the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) to develop and explore the application of SBOMs within energy sector environments. Using an open, transparent, consensus-based process, this diverse stakeholder group is developing tools, technologies, and use cases to catalyze SBOM adoption by technology vendors and asset owners in the energy sector.
The SBOM POC group has met monthly since April 2021 to advance SBOM development in the energy sector and share information with the stakeholder community.
March 20, 2024
Using Surfactant to automate SBOMs, and discussions of lessons learned from generating BOMs for CyTRICS
The National Telecommunications and Information Administration (NTIA) led an early multi-stakeholder effort to develop informational and technical resources for SBOMs between 2018-2021.
Click Learn More to review these foundational resources.
The Energy SBOM POC effort is a partnership between DOE CESER and DHS CISA. CISA is leading other SBOM-related efforts that inform and draw from this work.
Click Learn More to review the CISA workstreams and resources.
Auburn University’s McCrary Institute hosted a panel discussion on growing policy support for BOMs, implementation challenges, and strategic use cases. Panelists include representatives from DOE, Idaho National Laboratory, NTIA, Unisys, and Microsoft Azure.
CESER Partners with CISA to Release New Framework for Software Bill of Materials Sharing.
Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) addresses the emerging threats of tomorrow while protecting the reliable flow of energy to Americans today by improving energy infrastructure security and supporting the Department of Energy’s national security mission. CESER’s focus is preparedness and response activities to natural and man-made threats, while ensuring a stronger, more prosperous, and secure future for the nation.
Idaho National Laboratory is a world leader in providing industrial control system (ICS) cybersecurity workforce training and development. The laboratory’s distinctive history in protecting critical infrastructure systems puts the lab at the forefront of thought leadership and applied innovation in critical infrastructure cybersecurity education. INL uses a comprehensive approach to developing ICS cybersecurity training programs that can be tailored to meet the energy sector’s needs identified by the DOE, utilities, and other organizations.