SOFTWARE BILL OF MATERIALS: A CATALYST TO A MORE SECURE SOFTWARE SUPPLY CHAIN
Loading...
Authors
Nguyen, Phillip Q.
Tikalsky, Madison A.
Durlauf, Samantha M.
Subjects
SBOM
cyber supply chain
cyber risk management
CDRL
DID
data visualization
visualization tools
H4D
software supply chain
software risk
system dynamics model
cyberattacks
cyber supply chain
cyber risk management
CDRL
DID
data visualization
visualization tools
H4D
software supply chain
software risk
system dynamics model
cyberattacks
Advisors
Finkenstadt, Daniel J.
Porchia, Jamie M.
Date of Issue
2023-12
Date
Publisher
Monterey, CA; Naval Postgraduate School
Language
Abstract
This MBA innovation capstone project investigates cyber supply chain security, emphasizing targeted incidents within the United States. It encompasses Hacking for Defense (H4D), innovation capstone initiatives, and system dynamics modeling, culminating in Minimum Viable Product (MVP) development. Aligned with the "Back-to-Basics" restructuring initiative and Executive Order 14028, the research aims to enhance cyber supply chain security in line with three core objectives: validating the EITaaS Program Office's problem statement, identifying potential solutions, and offering informed recommendations. Methodologies include the Lean Launchpad, working groups, the goals-decisions-signals-data model, and system dynamics. Findings present advanced tools for EITaaS Supply Chain Risk Management, with implications for national security. The study underscores the importance of Software Bills of Materials (SBOMs) in DOD's software supply chain risk management. Effective SBOM implementation is crucial for strengthening the nation's cyber defense infrastructure. The research outlines a roadmap for improving cyber supply chain security, reducing cyberattacks, and minimizing economic losses, advocating for the implementation of an SBOM policy. It concludes with actionable recommendations for SBOM implementation, covering education, collaboration, best practices, process framework development, and DOD-specific SBOM standards.
Type
Thesis
Description
Series/Report No
Joint Applied Projects
Department
Identifiers
NPS Report Number
Sponsors
Funding
Format
Citation
Distribution Statement
Approved for public release. Distribution is unlimited.
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.