The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 


The SBOM PoC’s web site is up!

Tom Alrich's picture
Supply chain Cyber Risk management - emphasis on SBOMs and VEX documents, Tom Alrich LLC

I provide consulting services in supply chain cybersecurity risk management and am now primarily focused on software bills of materials (SBOMs) and VEX (Vulnerability Exploitability eXchange). I...

  • Member since 2018
  • 426 items added with 154,702 views
  • May 18, 2021


I’m pleased to report that Idaho National Laboratories (INL) has put up an engaging web site that will serve as the one-stop-shop for the Energy SBOM (software bill of materials) Proof of Concept program. The program is co-sponsored by the National Technology and Information Administration (NTIA) of the Department of Commerce and the Office of Cybersecurity, Energy Security and Emergency Response (CESER) of the Department of Energy. INL is the home of DoE’s CyTRICS program, whose leader, Virginia Wright, is co-leader (with me) of the PoC.

One type of information you can find on the site is the times and connection information for upcoming meetings, of which the next one is this Wednesday May 19, from 12-1 PM ET. Note that we plan to have bi-weekly meetings at the same time on Wednesdays, so the next one will be June 2 (I can’t believe June is coming up, since it seems Chicago just crawled out of a brutal February).

The PoC ‘s kickoff meeting was on April 26 and the video should be available shortly. In fact, videos and meeting notes from all meetings will be available on the site, as well as links to various articles of interest (plus videos of the four informational webinars we conducted from January through April). And since we’re planning on conducting an active hands-on educational program during the PoC, you can be sure some of that will be facilitated on the site itself.

We definitely need a web site, since interest in the PoC is much higher than I anticipated (at least for this stage of the program). On the “user side”, we have 32 power market participant organizations (mostly utilities) and industry organizations (e.g. EEI and NATF). On the “supply side”, we have 14 suppliers of software, devices, or tools for security management.

And there are a number of government agencies and consulting firms of various types – as well as a few people who seem to be just curious about SBOMs. That’s one of the best things about this PoC: there will be very little that we discuss that applies uniquely to the energy industry. Why, you might invite your neighbor who’s in insurance to join you at the meetings! As long as they don’t try to sell me more life insurance.

Any opinions expressed in this blog post are strictly mine and are not necessarily shared by any of the clients of Tom Alrich LLC. If you would like to comment on what you have read here, I would love to hear from you. Please email me at



No discussions yet. Start a discussion below.

Tom Alrich's picture
Thank Tom for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Get Published - Build a Following

The Energy Central Power Industry Network® is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »