信息安全研究2024,Vol.10Issue(9):833-839,7.DOI:10.12379/j.issn.2096-1057.2024.09.07
关键信息基础设施软件供应链风险分析及应对方法研究
Research on Risk Analysis and Countermeasures of Software Supply Chain in Critical Information Infrastructure
李祉岐 1郭晨萌 1汤文玉 1杨思敏 1王雪岩1
作者信息
- 1. 国网思极网安科技(北京)有限公司 北京 102200
- 折叠
摘要
Abstract
System security protection is crucial to critical information infrastructures(CII),and software supply chain risk analysis is indispensable.In recent years,the number of supply chain attack incidents has increased rapidly.This paper first analysis the potential problems of"external"software components,personnel,tools,etc.,which are the main causes of software supply chain threats,and then summarize the current research of domestic and foreign policies and technologies.Based on these findings,a software supply chain security framework for power industry systems is proposed.It covers 15 groups of security measures across 4 aspects,including external component governance,supplier management,development and operation facilities reinforcement,usage mechanism of the software bill of materials(SBOM),all of which can be further extended.This framework can provide references on software supply chain security protection in power industry information systems.关键词
关键信息基础设施/系统安全/软件供应链/安全保障框架/电力行业Key words
critical information infrastructure(CII)/system security/software supply chain/security framework/power industry分类
信息技术与安全科学引用本文复制引用
李祉岐,郭晨萌,汤文玉,杨思敏,王雪岩..关键信息基础设施软件供应链风险分析及应对方法研究[J].信息安全研究,2024,10(9):833-839,7.
