Allan Friedman: Software Bill of Materials Should Be Part of Multifaceted Cybersecurity Agenda

Allan Friedman: Software Bill of Materials Should Be Part of Multifaceted Cybersecurity Agenda
Allan Friedman CISA

Allan Friedman, who just moved to the Cybersecurity and Infrastructure Security Agency (CISA) to help scale up work on software bill of materials (SBOM), said operationalizing SBOM requires integrating the concept into existing tools, daily operations and into the cybersecurity and vulnerability ecosystem, Nextgov reported Friday.

“SBOM was never meant to be a standalone concept. Its value is that it helps support other ongoing efforts and enables further intelligence efforts for the cybersecurity and data management approaches,” Friedman told Nextgov in an interview.

“SBOM, in the long run, shouldn't be thought of as a unique suite, it should just be part of a multifaceted cybersecurity agenda that we should be pushing and fostering,” he added.

In June, the Department of Commerce’s National Telecommunications and Information Administration sought public comments on elements for an SBOM to help improve transparency in the software supply chain in compliance with President Biden’s cybersecurity executive order. A month after, NTIA issued a report on SBOM's minimum elements.

Friedman also discussed the goals for developing agency guidelines and potential changes to federal procurement regulations with regard to SBOM.

“One of our core goals is going to be to sort of help advise those that are actually building out either guidelines or explicit requirements to say, one, ‘when we say something about SBOM, what do we mean?’ making sure that we're all aligned,” he said. 

“And then, two, helping [make] an appropriate case for, you know, scaling this up so that it's something that, on one hand, reflects the White House's sense of urgency for making progress, but at the same time making sure that we're not overwhelming it, or creating imperfect implementations that will actually set back the agenda,” Friedman added.

Supply Chain Cybersecurity: Revelations and Innovations

ExecutiveBiz, sister site of GovConDaily and part of the Executive Mosaic digital media umbrella, will host a virtual event about securing the supply chain on Oct. 26. Visit ExecutiveBiz.com to sign up for the “Supply Chain Cybersecurity: Revelations and Innovations” event.

You may also be interested in...

Lt. Col. Jody Ogle

National Guard Officer Col. Jody Ogle Joins CISA as Cybersecurity Adviser

Lt. Col. Jody Ogle, director of communications and cyber activities for the Air National Guard, has been appointed to advise the Cybersecurity and Infrastructure Security Agency (CISA) on cyber matters. Ogle was the chief information officer and J6 director for the West Virginia National Guard over a span of six years.