The Department of Homeland Security (DHS) Science and Technology Directorate (S&T) announced a new solicitation in partnership with the Cybersecurity and Infrastructure Security Agency (CISA) that address weaknesses in software, a key component of critical infrastructure systems. Cyber-attacks can lead to outages or damage to safety and life-critical systems.
Under its “Software Supply Chain Visibility Tools” topic call, S&T’s Silicon Valley Innovation Program (SVIP) is seeking technical capabilities that will help CISA secure the digital frameworks that individuals and organizations rely on for essential services, including communications, finance, transportation and energy.
“DHS is committed to working with industry to develop tools and technologies that provide visibility into the software supply chain,” said Melissa Oh, SVIP Managing Director. “This topic call highlights core capabilities that will help bring transparency into the digital building blocks used by organizations in both their business operations and in their cyber defenses.”
This topic call is looking for technology to strengthen the assurance of the software supply chain that is essential to protecting software and software-controlled systems. This can be done, in part, through the development of tools that enable stakeholder visibility into software supply chains and new risk assessment capabilities.
Detailed application requirements are outlined in the solicitation, and particularly focuses on the Software Bill of Materials (SBOM), a formal, machine-readable inventory of software components and dependencies, information about those components, and their hierarchical relationships.
“Vulnerabilities in software are a key risk in cybersecurity, with known exploits being a primary path for bad actors to inflict a range of harms,” said Allan Friedman, CISA Senior Advisor and Strategist. “By leveraging SBOMs as key elements of software security, we can mitigate the risk to the software supply chain and respond to new risks faster, and more efficiently.”
The solicitation deadline is October 3, 2022, 12:00 PM PT.
A virtual Industry Day is set for July 14, 2022, 9:30 – 11:30 AM PT for technology developers and vendors to discuss the solicitation and operational needs.