Evaluating Methods of Software Bill of Materials Generation to Enhance Nuclear Power Plant Cybersecurity

Instrumentation and control (I&C) systems in nuclear power plants (NPPs) are potential targets of cyberattacks and can prove deleterious for the safety of the NPPs. A Software Bill of Materials (SBOM) provides a detailed list of the various components and their dependencies in software, which helps in vulnerability and risk assessment for cyber hygiene and situational awareness. For an NPP, the process of generating an accurate SBOM report can be complex due to the legacy systems and firmware binaries involved. While most current SBOM tools are focused more on modern internet technology software, this research provides insights and guidelines for an NPP to generate an accurate and efficient SBOM. The paper proposes a new methodology to help NPPs categorize software and use appropriate tools to generate SBOMs for their digital I&C systems.