SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
5G
#
Cloud Services
#
Monitors
NTT and NEC launch supply chain security tech for ICT infrastructure
Fri, 5th Nov 2021
FYI, this story is more than a year old
Author image
By Ryan Morris-Reade, Contributor
Follow us

NTT Corporation and NEC have announced the development of Security Transparency Assurance Technology to reduce supply chain security risks.

The technology ensures security transparency throughout the supply chain by sharing system configurations and risks of network devices and information systems that constitute ICT infrastructure, including 5G, private 5G, and Innovative Optical and Wireless Networks.

NTT and NEC entered into a capital and business alliance in June 2020 for joint research and development and the global rollout of ICT products utilising innovative optical and wireless technologies, and are developing internationally competitive products and technologies. This initiative is a part of the alliance.

The latest results of the technology will be exhibited in the NTT R-D Forum - Road to IOWN 2021 event, which is scheduled to be held from November 16 to 19 in 2021.

As the digital transformation of society and industry accelerates, supply chain security risks, such as intrusions of unauthorised software through the supply chain related to procurements, maintenance, and operations of network devices and information systems constituting the ICT infrastructure, and unauthorised intrusion into networks and information systems through organisations with weak cybersecurity facilities, have become apparent.

As a risk countermeasure, the suppliers of network devices and information systems (e.g., network device vendors, system integrators, etc.) in the supply chain work to ensure and confirm security for customers. At present, however, it is technically challenging to detect and confirm security risks, and there is a reliance on the trust between the suppliers and the customers.

According to the companies, Security Transparency Assurance Technology, which is at the core of the realisation of trusted networks, is a technology that ensures transparency regarding the security of ICT infrastructures by sharing information that visualises the configuration and risks of communications devices and systems that constitute ICT infrastructure.

Security Transparency Assurance Technology features the following:

  • Visualises software configurations in network devices continuously through the supply chain (e.g., manufacturing, shipping, deployment and operation) and generates device information, including the inspection results, the presence of backdoors and illegal components.
  • Device information enables high-quality risk analysis and monitoring based on its completeness and accuracy. The transparency of device information is maintained at a high level through continuous updates.
  • Sharing device information among organisations that form the supply chain makes it possible to take countermeasures against security risks, take advantage of transparency, and improve security at all phases and through all organisations in the supply chain.

This technology is supported by the following elemental technologies possessed by NTT and NEC.

NTT - Configuration analysis technology for visualising software configuration of devices
NEC - Backdoor inspection technology to detect illegal functions in device software
NEC - Automated cyber-attack risk assessment technology for visualising attack routes in systems

Using this technology, customers can check the presence of suspicious components by referring to the device information during procurement and operation, and suppliers can explain the risk of contamination with unauthorised components objectively. In addition, customers can take prompt action by identifying risks and impacts using device information when a new software vulnerability is found.

Future Development

The partnership is planning to carry out technical validation using this technology through private 5G within fiscal 2021 to verify the effectiveness of each elemental technology and identify issues.

Furthermore, it aims to set up a consortium of players involved in constructing and operating trusted networks, such as communication device vendors, system integrators, and user companies. By utilising this technology, the partnership aims to establish countermeasures for supply chain security risk that is difficult by a single player.

Related stories
RiverSafe teams up with Cribl to boost IT & data security services
Business leaders anxious over data security – report
Keeper Security launches user-friendly passphrase generator
Spirent partners with online payments platform to boost cyber defenses
First-party data collection prioritised due to privacy laws
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
Secolve & Asimily join forces to boost Australia's IoT security
Armis warns of major cyber-attack risk to 2024 global elections
i-PRO to support Genetec SaaS with new AI-enabled camera models