HomeCII/OTSouthern Company constructs a power substation SBOM

Southern Company constructs a power substation SBOM

Published on

spot_img

Energy giant Southern Company embarked on a comprehensive project over the past year to create a software bill of materials (SBOM) for one of its Mississippi substations. The initiative involved inventorying all hardware, software, and firmware in the equipment at the substation to gain a better understanding of the software components and potential vulnerabilities present.

The cybersecurity team at Southern Company conducted on-site visits to the Mississippi Power substation to physically catalog the equipment, gather data from network sensors, and take photos. This initial reconnaissance phase was followed by the daunting task of obtaining software supply-chain details from the 17 different vendors whose devices were identified at the substation.

Alex Waitkus, principal cybersecurity architect at Southern Company, spearheaded the SBOM project and emphasized the importance of collecting information on all hardware, software, and interdependencies at the substation. Prior to the project, the energy company lacked visibility into the various software versions running on its systems. This lack of insight posed security risks and made vulnerability management challenging.

The project involved gathering SBOMs from each vendor represented at the substation. However, Southern encountered roadblocks as a significant number of vendors declined to provide the SBOM information. It took an average of 60 days and multiple meetings to obtain SBOMs from cooperating vendors, leading to frustrations and delays in the project.

Creating an SBOM for an operational technology (OT) environment presents unique challenges, especially with legacy equipment and outdated software that is crucial for industrial processes. The project highlighted the importance of supply chain transparency in identifying security weaknesses and vulnerabilities in industrial networks.

The benefits of SBOMs for Southern Company included NERC CIP compliance management, vulnerability management, and software patching prioritization. The project also emphasized the role of SBOMs in enhancing procurement processes by providing deeper visibility into software products during the evaluation phase.

While the project did not yield all the desired data due to vendor non-cooperation, Southern took proactive steps to verify the accuracy of the SBOMs they received. The team analyzed the SBOMs for component and code dependency data, and cross-referenced them with vulnerability databases to identify exploitable vulnerabilities in the systems.

Despite the challenges faced during the SBOM project, Southern Company is committed to operationalizing the program. The company plans to automate elements of the project in collaboration with other industry partners, including Schneider Electric, MITRE, Ameren, EPRI, and Scythe, to streamline inventory, SBOM collection, verification, and vulnerability analysis processes.

Southern Company’s SBOM project underscored the importance of supply chain transparency, vulnerability management, and proactive security measures in ensuring the resilience of critical infrastructure networks. By investing in initiatives like SBOMs, energy companies can enhance their cybersecurity posture and mitigate potential risks posed by software vulnerabilities.

Source link

Latest articles

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

 Attackers are once again abusing Google Ads to target people with info-stealing malware, this time...

Hackers allege to have infiltrated computer network of Israeli nuclear facility

An Iran-linked hacking group has declared that they successfully breached the computer network of...

Hacker allegedly uses white-hat approach to exploit crypto game for $4.6M

In a surprising turn of events, the food-themed crypto game Super Sushi Samurai fell...

Reducing Threats from the IABs Market

As ransomware attacks continue to escalate in frequency and severity, one of the key...

More like this

Attackers Abuse Google Ad Feature to Target Slack, Notion Users

 Attackers are once again abusing Google Ads to target people with info-stealing malware, this time...

Hackers allege to have infiltrated computer network of Israeli nuclear facility

An Iran-linked hacking group has declared that they successfully breached the computer network of...

Hacker allegedly uses white-hat approach to exploit crypto game for $4.6M

In a surprising turn of events, the food-themed crypto game Super Sushi Samurai fell...
en_USEnglish