The influential Open Group has published the first preview of a new document it hopes will turn into a global standard for protecting against “counterfeit and tainted” software and parts entering technology supply chains.
Called the Open Trusted Technology Provider Standard (O-TTPS) Snapshot, the preview’s origins lie with an anxiety in the US Department of Defense (DoD) that the complexity of the modern technology supply chains left opportunities for bogus parts and insecure software to erode undermine product assurance.
Aimed primarily at large producers and consumers of ICT products (and their intricate supply chains) the Snapshot document will eventually turn into O-TTPS version 1.0 later in the year with the possibility of it becoming an ISO standard or being incorporated into Common Criteria for Information Technology Security Evaluation.
“With the increasing threats posed by cyberattacks worldwide, technology buyers at large enterprises and government agencies across the globe need assurance the products they source come from trusted technology suppliers and providers who have met set criteria for securing their supply chains,” said David Lounsbury, The Open Group’s CTO.
Governments were particularly worried that the growing importance of automation meant that ICT systems were now being embedded in every area of critical infrastructure, increasing the security posed by bad technology, he said.
“Standards such as O-TTPS will have a significant impact on how organisations procure COTS [Commercial Off The Shelf) ICT products over the next few years and how business is done across the global supply chain,” he said.
Under the auspices of The Open Group, O-TTPS has gained the backing of a range of organisations at the top of the supply chain, including, IBM, Cisco, Boeing, Lockheed Martin, Microsoft, HP, NASA, Juniper Networks, Booz Allen Hamilton, CA Technologies, Oracle, and the US Department of Defense itself.
A PDF of the Snapshot can be found on The Open Group website. Interested parties can also register for a webinar, Developing Standards that Secure the Global Supply Chain, Enabling Suppliers Globally to Raise the Bar on Security and Integrity on 15 March, at 15.00 (GMT).