Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Infrastructure

Consortium Pushes Security Standards for Technology Supply Chain

A consortium of experts has published a preview of standards meant to improve the security of the global supply chain for commercial software and hardware products.

A consortium of experts has published a preview of standards meant to improve the security of the global supply chain for commercial software and hardware products.

The standards are the work of The Open Group, and are supported by companies ranging from Boeing to Oracle to IBM. The document has been dubbed the Open Trusted Technology Provider Standard (O-TTPS) Snapshot. The standards are being aimed at providers, suppliers and integrators with the goal of enhancing the security of the supply chain and allowing customers to differentiate between providers who adopt the standard’s practices and those who don’t.

Protecting IT Supply Chain“With the increasing threats posed by cyberattacks worldwide, technology buyers at large enterprises and government agencies across the globe need assurance the products they source come from trusted technology suppliers and providers who have met set criteria for securing their supply chains,” said David Lounsbury, chief technology officer of The Open Group, in a statement. “Standards such as O-TTPS will have a significant impact on how organizations procure COTS ICT products over the next few years and how business is done across the global supply chain.”

According to The Open Group, globalization has brought both benefits and risks to developers of commercial off-the-shelf products. The increasing sophistication of cyber-threats has forced technology suppliers and governments to take a more comprehensive approach to security, the organization said.

According to the FBI, from November 2007 to May 2010, Customs and Border Protection and Immigration and Customs Enforcement made more than 1,300 seizures involving 5.6 million counterfeit semiconductor devices. These semiconductors are used extensively in modern products, including many used in government, military, and aerospace industries. More than 50 seized counterfeit shipments were falsely marked as military or aerospace grade devices.

“The modern supply chain depends upon a complex and interrelated network involving the movement of goods, services, funds, and information across a wide range of global participants, making it vulnerable to increasingly sophisticated cyberattacks and an ever increasing range of breaches and disruptions,” said Andras Szakal, vice president and chief technology officer, IBM U.S. Federal. “Standards like O-TTPS are critical in helping to ensure the integrity and security of data, and giving customers peace of mind.”

Based on the Snapshot, Version 1.0 of the standard is expected to be published in late 2012.

Related: Students Develop Techniques to Keep Malware Out of the Electronics Supply Chain

Advertisement. Scroll to continue reading.
Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

Supply Chain Security

Security researchers with NCC Group have documented 11 vulnerabilities impacting Nuki smart lock products, including issues that could allow attackers to open doors.Nuki offers...

Supply Chain Security

SBOMs can be used for managing risk and determining vulnerability impact, but it’s very hard to build holistic risk models when the data is...

Government

Companies have announced securing billions of dollars in cybersecurity-related contracts with the United States government in 2022.

Application Security

Enterprise communication and collaboration platform Slack has informed customers that hackers have stolen some of its private source code repositories, but claims impact is...