As the digital transformation of society and industry accelerates, supply chain security risks, such as intrusions of unauthorized software (malware, etc.) through the supply chain related to procurements, maintenance, and operations of network devices and information systems constituting the ICT infrastructure, and unauthorized intrusion into networks and information systems through organizations with weak cybersecurity facilities, have become apparent.
As a risk countermeasure, the suppliers of network devices and information systems (e.g., network device vendors, system integrators, etc.) in the supply chain work to ensure and confirm security for customers. At present, however, it is technically difficult to detect and confirm security risks and we have to rely on the trust between the suppliers and the customers.
Japan’s NTT Corporation and NEC Corporation have developed Security Transparency Assurance Technology, which is the core technology for realizing the Trusted Network Concept. Security Transparency Assurance Technology, which aims to reduce supply chain security risks, ensures security transparency throughout the supply chain by sharing system configurations and risks of network devices and information systems that constitute ICT infrastructure, including the Fifth Generation Mobile Communication Systems (5G), private 5G, and Innovative Optical and Wireless Networks.
NTT and NEC entered into a capital and business alliance in June 2020 for the purpose of joint research and development and the global rollout of ICT products utilizing innovative optical and wireless technologies, and are developing internationally competitive products and technologies. This initiative is a part of the alliance.
Security Transparency Assurance Technology, which is at the core of the realization of trusted networks, is a technology that ensures transparency regarding the security of ICT infrastructures by sharing information that visualizes the configuration and risks of communications devices and systems that constitute ICT infrastructure.
Security Transparency Assurance Technology visualizes software configurations in network devices continuously through the supply chain in manufacturing, shipping, deployment and operations and generates device information including the inspection results, the presence of backdoors and illegal components. Device information enables high-quality risk analysis and monitoring based on its completeness and accuracy, and the transparency of device information is maintained at a high level through continuous updates of it. Sharing device information among organizations that form the supply chain makes it possible to take countermeasures against security risks, to take advantage of transparency and to improve security at all phases and through all organizations in the supply chain.
Using this technology, customers can check the presence of suspicious components by referring to the device information during procurement and operation, and suppliers can explain the risk of contamination with unauthorized components objectively. In addition, customers can take prompt action by identifying risks and impacts using device information when a new software vulnerability is found.
Content and Image: NEC Corp