At a glance.
- CISA publishes the Software Bill of Materials (SBOM) Sharing Lifecycle Report.
- German government investigating China-made 5G tech.
CISA publishes the Software Bill of Materials (SBOM) Sharing Lifecycle Report.
The US Cybersecurity and Infrastructure Security Agency (CISA) yesterday released its Software Bill of Materials (SBOM) Sharing Lifecycle Report, a guide which outlines phases of the SBOM sharing process, as well as the parties involved. Co-sponsored by US Department of Energy Cybersecurity, Energy Security, and Emergency Response, the document is intended to support members of the cybersecurity and supply chain community in selecting appropriate SBOM sharing solutions. It reads, “The SBOM sharing lifecycle consists of the Discovery, Access, and Transport of an SBOM, and this report details these individual phases and how an SBOM goes from author to the consumer. This report also details how potential enrichment activities may be performed on an SBOM to create a new product before or after it has been shared.” It also introduces the concept of sophistication classification for SBOM sharing, with examples of low, medium, and high-sophistication solutions. The report also shares the results of a survey of stakeholders who were interviewed about their SBOM sharing experiences. While the survey indicates that most SBOMs are currently transported directly to the receiver through informal communication mechanisms like email or are shared in repositories available to consumers, the report states that efforts are being made to create private sharing solutions that incorporate higher sophistication features like cloud-based storage or distributed ledger technologies.
German government investigating China-made 5G tech.
In response to national security concerns, Germany has announced that the Interior Ministry is inspecting all Chinese technology connected to the country's 5G infrastructure. The Register notes that last month reports surfaced that the German government had plans to block operators from installing technology created by Chinese companies Huawei and ZTE and was considering making telecom companies replace tech that had already been installed. In an effort to protect the country’s communication networks and critical infrastructure, over the weekend Federal Interior Minister Nancy Faeser stated that the country has decided to analyze all China-made equipment. It has been estimated that Huawei tech comprises nearly 60% of Germany's 5G network infrastructure. Although Huawei and ZTE have not yet responded to the announcement, they have each stated in the past that their products adhere to German security standards. Concerns have grown among western nations that the close relationship between Chinese businesses and Beijing could give the Chinese government access to countries’ telecom networks. The US banned ZTE and Huawei at the end of 2020, and Great Britain has also followed suit, announcing that any tech already in use must be removed by 2027.