Automotive Applications and SBOMsApril 8, 2022 Tweet
A discussion with Hitachi America R&D cybersecurity research director and SBOM program director at the Automobile ISAC
Today’s cars have more than 100 million lines of code, according to McKinsey and Co., and this does not count autonomous self-driving vehicles. The latest statistics by Code-Features estimates there will be one billion lines of code in autonomous vehicles. Code developed for these vehicles also includes open source. At last check there were 56 automobile related repositories in GitHub, which makes the requirement for SBOMS - Software Bill of Materials – critically important for all software components running in today’s vehicles.
In November, the Automotive ISAC (Information Sharing and Analysis Center) spun up a POC for suppliers to provide a standard SBOM approach that all the major automakers will accept. Leading that charge is Charlie Hart, Senior Analyst in Cybersecurity Research, at Hitachi America R&D. Hart is a longtime tech executive at leading IT product and services companies who joined Hitachi in 2008. He currently serves as Hitachi representative on US Government projects for the Departments of Commerce and Homeland Security as well as the automotive ISAC.
In this interview, Hart explains the importance of SBOMs across all tiers of the automobile supply chain and how standardization benefits developers, testers, and integrators repair vulnerabilities before deployment.
Additional Resources on Automotive Supply Chain:
GrammaTech’s whitepaper on MISRA automotive industry software compliance.
UN regulations for identifying, assessing and monitoring cyber risks, including security by design, and providing safe and secure software updates.
The DHS CISA is developing guidelines for autonomous vehicles, while NIST provides ongoing education in this area, including C-SCRM Cyber Security Supply Chain Risk Management guidelines.
Linux is operationalizing the SBOM with the Linux foundation SBOM projects, including SBOMs integrated into Automotive Grade Linux.