India Strengthens Cybersecurity with Expanded SBOM Scanning for Imported Technologies, ETCISO

New Delhi – August 15, 2025 – As India deepens its reliance on imported digital systems—from drones and connected cars to medical devices—cybersecurity authorities are escalating efforts to detect hidden threats embedded in foreign technology. The move comes amid rising global concern over software supply chain attacks, where malicious code is planted in hardware or software during manufacturing or distribution.

Supply chain compromises have surged globally, with reports from the World Economic Forum showing 72% of organizations experienced increased cyber risk over the past year. Incidents like the SolarWinds breach and Log4j vulnerability underscore how attackers exploit trusted channels to infiltrate critical systems.

For India, which imports substantial volumes of digital equipment for infrastructure, transport, and defence, a single compromised component could have nationwide consequences—ranging from data exfiltration to service disruption.

CERT-In’s expanding mandate
In response, CERT-In (Indian Computer Emergency Response Team) issued detailed Software Bill of Materials (SBOM) guidelines in late 2024, requiring entities across critical sectors to maintain a complete inventory of every software component used in imported and domestic systems.

In mid-2025, these guidelines were expanded to cover:
• CBOM (Cryptographic Bill of Materials) – for cryptographic modules
• AIBOM (AI Bill of Materials) – for AI systems and models
• QBOM (Quantum Bill of Materials) – for emerging quantum technologies
• HBOM (Hardware Bill of Materials) – for hardware components

The aim is to create a transparent, verifiable “digital manifest” that can be scanned for vulnerabilities, unauthorized code, or backdoors before deployment.

Implementation is supported by both domestic and global cybersecurity vendors. Pune-based HackersEra, for example, provides SBOM scanning services across industries to identify anomalies before they reach operational environments. International platforms like JFrog and Sonatype are also adapting tools to align with India’s compliance requirements.

“In today’s digital world, threats often hide in plain sight. Even a single undisclosed dependency in imported code can compromise privacy, safety, or national security,” Dr. Vikash Chaudhary, Founder & CEO of HackersEra, stressed.

For CISOs and risk leaders, SBOM adoption represents a shift from reactive vulnerability management to proactive supply chain assurance. By mandating continuous updates with every software build or infrastructure change, the framework ensures an evolving, real-time map of digital assets.

This aligns India with global Zero Trust supply chain principles and parallels regulations like the U.S. NTIA’s SBOM standards and the EU’s Cyber Resilience Act—signaling that transparent software inventories are becoming a baseline expectation in critical infrastructure security.

As India integrates more global technology into essential services, governance over the “ingredients” of software and hardware will be as vital as physical quality checks. With CERT-In’s expanded framework, CISOs now have a regulatory mandate and technical pathway to close one of the most exploited gaps in cybersecurity.

• Published On Aug 15, 2025 at 11:53 AM IST

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!

_{Images are for reference only.Images and contents gathered automatic from google or 3rd party sources.All rights on the images and contents are with their legal original owners.}