The Open Group Releases Global Technology Supply Chain Security Standard
Developed in Response to the Increased Sophistication of Cybersecurity Attacks and Product Vulnerability Risks Associated with the Changing Threat Landscape
Standard Outlines Criteria for Mitigating Maliciously Tainted or Counterfeit Technology Products from Entering the Global Supply Chain
SAN FRANCISCO, CA – Tuesday 9th April, 2013 – The Open Group today announces the publication of the Open Trusted Technology Provider Standard (O-TTPS)™, the first complete standard published by The Open Group Trusted Technology Forum (OTTF)™ and which will benefit global providers and acquirers of Commercial Off-the-Shelf (COTS) Information and Communication Technology (ICT) products. This open standard is the first of its kind to help organizations achieve Trusted Technology Provider status, assuring the integrity of COTS ICT products worldwide and safeguarding the global supply chain against the increased sophistication of Cybersecurity attacks.
Specifically intended to prevent maliciously tainted and counterfeit products from entering the supply chain, this first release of the O-TTPS codifies best practices across the entire COTS ICT product lifecycle, including the design, sourcing, build, fulfilment, distribution, sustainment, and disposal phases.
The O-TTPS will enable organizations to implement best practice requirements and allow all providers, component suppliers and integrators to obtain Trusted Technology Provider status. For customers, including government acquirers, O-TTPS can differentiate those providers who adopt the standard’s practices. Thus raising the bar globally by helping the technology industry and its customers to “Build with Integrity, Buy with Confidence.”™.
Tainted and counterfeit products pose significant risk to organizations because altered or non-genuine products introduce the possibility of untracked malicious behavior or poor performance. Both product risks can damage customers and suppliers resulting in failed or inferior products, revenue and brand equity loss, and disclosure of intellectual property. The increase in sophistication of cyber-attacks has forced technology suppliers and governments to take a more comprehensive approach to risk management as it applies to product integrity and supply chain security. Customers are now seeking assurances that their providers are following standards to mitigate the risks of tainted and counterfeit components, while providers of COTS ICT are focusing on protecting the integrity of their products and services as they move through the global supply chain.
The OTTF is now working to develop an accreditation program to help provide assurance that Trusted Technology Providers conform to the O-TTPS. The planned accreditation program is intended to mitigate maliciously tainted and counterfeit products by raising the assurance bar for component suppliers, technology providers, and integrators, who are part of and depend on the global supply chain. Using the guidelines and best practices documented in the O-TTPS as a basis, the OTTF will also release updated versions of the O-TTPS based on changes to the threat landscape.
The launch of the O-TTPS follows the release of a draft or ‘Snapshot’ version, which became available in March 2012.
David Lounsbury, Chief Technical Officer, The Open Group, said: “With the increasing sophistication of cyber-attacks worldwide, technology buyers at large enterprises and government agencies need guarantees the products they source come from trusted suppliers and that they meet set criteria for securing their supply chains. By codifying best of breed best practices already used by industry, the O-TTPS will have a significant impact on the future procurement of COTS ICT products, as well as the security and integrity of the global supply chain.”
Edna Conway, Chief Security Strategist for Cisco’s Global Supply Chain, said: “Cisco appreciates how a global standard holistically addressing security practices throughout the technology value chain will enhance customer assurance. Developing verifiable criteria that can be deployed through the global value chain and flexibly adapt to mitigate emerging threats offers an unshakeable foundation for COTS ICT product integrity.”
Andras Szakal, Vice President and Chief Technology Officer, IBM U.S. Federal, said: “The modern technology supply chain depends upon a complex and interrelated network of technology component suppliers across a wide range of global partners. It is necessary to mitigate the risks inherent across this value chain in the face of increasingly sophisticated cyber-attacks. Standards like O-TTPS are indispensable tools for ensuring the integrity and security of commercial technology solutions, giving customers peace of mind.”
- For more information on O-TTPS or to download the Standard, please visit The Open Group Bookstore here.
- For more information on The Open Group Trusted Technology Forum, please click here.
- To view a video featuring OTTF Co-Chair and Cisco’s chief security strategist for the Global Value Chain Edna Conway discussing the work of the OTTF, please click here.
The O-TTPS has been shaped by the following members of The Open Group Trusted Technology Forum: Apex Assurance, atsec information security, Boeing, Booz Allen Hamilton, CA Technologies, EWA-Canada, Carnegie Mellon SEI, Cisco, Dell, EMC, Fraunhofer SIT, Huawei, Hewlett-Packard, IBM, IDA, Juniper Networks, Kingdee, Lockheed Martin, Microsoft, MITRE, Motorola Solutions, NASA, Oracle, Office of the Under Secretary of Defense for Acquisition, Technology and Logistics (OUSD AT&L), SAIC, Tata Consultancy Services, and U.S. Department of Defense/CIO.
About The Open Group Trusted Technology Forum (OTTF)
The Open Group Trusted Technology Forum (OTTF) leads the development of a global supply chain security program in order to provide buyers of IT products with a choice of accredited technology partners, suppliers, and integrators. The Open Group Trusted Technology Provider Framework (O-TTPF), based on the published White Paper, will identify best practices for secure engineering and supply chain integrity that distinguish trusted technology providers, and foster a secure and sustainable global supply chain.
The OTTF supports the development and utilization of the O-TTPS, the O-TTPS Accreditation Program, procurement strategies, and related activities that:
• Help the technology industry and its customers to “Build with integrity, Buy with Confidence”
• Support global innovation
• Moderate the unintended consequences of regulation
• Reduce risk and compliance costs
• Protect operational assets
The OTTF provides a vendor-neutral environment where security, supply chain, and acquisition professionals can lead the development of industry best practices and accreditation programs, utilize The Open Group’s broad reach to build global recognition for them, and network with a world-class community of experts and peers to grow professionally. We welcome the participation of all who want to influence the direction of the OTTF.
About The Open Group
The Open Group is an international vendor- and technology-neutral consortium upon which organizations rely to lead the development of IT standards and certifications, and to provide them with access to key industry peers, suppliers and best practices. The Open Group provides guidance and an open environment in order to ensure interoperability and vendor neutrality. Further information on The Open Group can be found at http://opengroup.org.