智能电网经历了深刻的数字化进程，整合了新的数据驱动型控制和监督技术，形成了现代数字变电站（DS）。由于DS包含多厂商环境，攻击者更倾向于针对其供应链进行攻击。本研究提出了一种基于CycloneDX规范的变电站物料清单（Subs-BOM）方案，能够从网络安全视角对DS中的所有智能电子设备（IED）及其关系进行建模。所提出的Subs-BOM方案可以为与供应链相关的网络风险提供明智的决策依据，并同时支持对多个DS进行管理，从而为能源公司提供设备、运行固件和服务的准确完整清单。该Subs-BOM通过IEC 61850标准规定的变电站配置描述（SCD）文件作为主要信息源生成。我们使用OWASP的Dependency-Track软件对该Subs-BOM方案进行了验证，结果表明该方案能够被与CycloneDX兼容的工具正确识别。此外，Dependency-Track软件还可以追踪由Subs-BOM表示的IED中存在的现有漏洞。

Smart grids have undergone a profound digitization process, integrating new data-driven control and supervision techniques, resulting in modern digital substations (DS). Attackers are more focused on attacking the supply chain of the DS, as they a comprise a multivendor environment. In this research work, we present the Substation Bill of Materials (Subs-BOM) schema, based on the CycloneDX specification, that is capable of modeling all the IEDs in a DS and their relationships from a cybersecurity perspective. The proposed Subs-BOM allows one to make informed decisions about cyber risks related to the supply chain, and enables managing multiple DS at the same time. This provides energy utilities with an accurate and complete inventory of the devices, the firmware they are running, and the services that are deployed into the DS. The Subs-BOM is generated using the Substation Configuration Description (SCD) file specified in the IEC 61850 standard as its main source of information. We validated the Subs-BOM schema against the Dependency-Track software by OWASP. This validation proved that the schema is correctly recognized by CycloneDX-compatible tools. Moreover, the Dependency-Track software could track existing vulnerabilities in the IEDs represented by the Subs-BOM.