
Cybersecurity for the Operational Technology Environment (CyOTE)
Incorporating context for better threat detection
The Energy Sector Software Bill Of Materials (SBOM) Proof of Concept (POC) effort is a partnership between DOE CESER and the U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) to develop and explore the application of SBOMs within energy sector environments. Using an open, transparent, consensus-based process, this diverse stakeholder group is developing tools, technologies, and use cases to catalyze SBOM adoption by technology vendors and asset owners in the energy sector.
This site highlights the discussions and outcomes of the Energy Sector SBOM POC effort since work began in April 2021.
For more information on SBOM work, visit CISA’s SBOM resources page.
The SBOM POC group has met monthly since April 2021 to advance SBOM development in the energy sector and share information with the stakeholder community.
Meeting topics are presented in reverse chronological order below. Click each topic to view a recording of each meeting.
January 26, 2021
Provides an overview of the SBOM work across a range of industries and communities during the past several years.
February 18, 2021
Provides a technical deep dive into what an SBOM is, the process for developing SBOMS, and how they are being implemented, including data formats and tools.
March 24, 2021
Offers lessons from the field, including work with DOE’s CyTRICS program, supplier and customer perspectives on SBOMs in the healthcare field, and perspectives from the automotive and IT industries.
April 12, 2021
Explores the SBOM POC effort that later kicked off on April 26, 2021.
JULY 14, 2021
Additional resources:
JUNE 16, 2021
JUNE 2, 2021
Agenda: To identify specific topics, use cases, and technology gaps the POC would like to focus on in the remainder of the calendar year. We will be using a tool called MURAL to allow the group to work together and we will send an advance copy of the “board” in case there are those for whom this technology will not work.
May 19, 2021
The Project Charter captures high level planning information (scope, deliverables, assumptions, etc.) about the SBOM Proof of Concept effort.
Agenda:
Attendees may be interested in this review of SBOM use cases, and the benefits across the ecosystem. We encourage you to review it before Monday’s meeting: NTIA SBOM Use Cases Roles and Benefits, 2019 [PDF]
The National Telecommunications and Information Administration (NTIA) led an early multi-stakeholder effort to develop informational and technical resources for SBOMs between 2018-2021.
Click Learn More to review these foundational resources.
The Energy SBOM POC effort is a partnership between DOE CESER and DHS CISA. CISA is leading other SBOM-related efforts that inform and draw from this work.
Click Learn More to review the CISA workstreams and resources.
April 30, 2021
Auburn University’s McCrary Institute hosted a panel discussion on growing policy support for BOMs, implementation challenges, and strategic use cases. Panelists include representatives from DOE, Idaho National Laboratory, NTIA, Unisys, and Microsoft Azure.
Department of Energy’s Office of Cybersecurity, Energy Security, and Emergency Response (CESER) addresses the emerging threats of tomorrow while protecting the reliable flow of energy to Americans today by improving energy infrastructure security and supporting the Department of Energy’s national security mission. CESER’s focus is preparedness and response activities to natural and man-made threats, while ensuring a stronger, more prosperous, and secure future for the nation.
Idaho National Laboratory is a world leader in providing industrial control system (ICS) cybersecurity workforce training and development. The laboratory’s distinctive history in protecting critical infrastructure systems puts the lab at the forefront of thought leadership and applied innovation in critical infrastructure cybersecurity education. INL uses a comprehensive approach to developing ICS cybersecurity training programs that can be tailored to meet the energy sector’s needs identified by the DOE, utilities, and other organizations.