DEF CON 29 ICS Village - Thomas Pace - Leveraging SBOMs to Enhance ICS Security

In this talk Tom Pace will discuss how SBOMs (Software Bill of Materials) can be leveraged to enhance ICS security. The recent executive order and guidance from the NTIA have reignited the SBOM discussion and its importance, especially to critical assets such as ICS devices. Tom will explain what an SBOM is, how they can be generated and consumed as well as the vale of the data once an SBOM has been generated. This will include but not be limited to use cases such as known vulnerabilities, integrity verification, provenance and license compliance. Tom will further explain the value an SBOM can have to various stakeholders, from ICS device manufacturers to end-users of the devices themselves. Tom will highlight how significant time savings can be realized once SBOMs are in place, while at the same time provide commentary on the challenges of generating an SBOM especially for devices deemed "legacy" or out of support.