Supply Chain Security of Critical Infrastructure Protection Software Blueprints: Deployment Aspects

Cloud Computing (CC) technologies are gradually being used in the Operational Technologies (OT) of Critical InfrastructuresCritical Infrastructures (CI) (CI) which enables the use of the concept of blueprint introduced in the previous chapter. This chapter explores the practical deployment and management of blueprintsBlueprints in CIs. It also explores mechanisms to secure the supply chainSupply chainof Critical Infrastructure ProtectionCritical Infrastructure Protection (CIP) (CIP) assets using Software Bills of Material (SBOM)Software Bills Of Materials (SBOM)and DevSecOpsDevSecOps. More specifically this chapter details: i) the enabling technologies of the concept of blueprint such as the support of virtualization in safety critical systems and the virtualization of OT; ii) Software Bills of Material tools such as CycloneDXCycloneDXand SPDXSystem Package Data Exchange (SPDX) used in software supply chainSupply chain security; and iii) the application of these technologies for the deployments of key software building blocks used in CIP and the support of software supply chain security in DevSecOps pipelines. Finally, this chapter presents our new prototype on CIP blueprintsBlueprints deployment and its description using Topology and Orchestration Specification for Cloud Applications (TOSCA)Topology and Orchestration Specification for Cloud Applications (TOSCA) Service Templates (STs) as well as our approach to include software supply chain protection mechanism in the blueprints.