NTT and NEC launch supply chain security tech for ICT infrastructure
NTT Corporation and NEC have announced the development of Security Transparency Assurance Technology to reduce supply chain security risks.
The technology ensures security transparency throughout the supply chain by sharing system configurations and risks of network devices and information systems that constitute ICT infrastructure, including 5G, private 5G, and Innovative Optical and Wireless Networks.
NTT and NEC entered into a capital and business alliance in June 2020 for joint research and development and the global rollout of ICT products utilising innovative optical and wireless technologies, and are developing internationally competitive products and technologies. This initiative is a part of the alliance.
The latest results of the technology will be exhibited in the NTT R-D Forum - Road to IOWN 2021 event, which is scheduled to be held from November 16 to 19 in 2021.
As the digital transformation of society and industry accelerates, supply chain security risks, such as intrusions of unauthorised software through the supply chain related to procurements, maintenance, and operations of network devices and information systems constituting the ICT infrastructure, and unauthorised intrusion into networks and information systems through organisations with weak cybersecurity facilities, have become apparent.
As a risk countermeasure, the suppliers of network devices and information systems (e.g., network device vendors, system integrators, etc.) in the supply chain work to ensure and confirm security for customers. At present, however, it is technically challenging to detect and confirm security risks, and there is a reliance on the trust between the suppliers and the customers.
According to the companies, Security Transparency Assurance Technology, which is at the core of the realisation of trusted networks, is a technology that ensures transparency regarding the security of ICT infrastructures by sharing information that visualises the configuration and risks of communications devices and systems that constitute ICT infrastructure.
Security Transparency Assurance Technology features the following:
- Visualises software configurations in network devices continuously through the supply chain (e.g., manufacturing, shipping, deployment and operation) and generates device information, including the inspection results, the presence of backdoors and illegal components.
- Device information enables high-quality risk analysis and monitoring based on its completeness and accuracy. The transparency of device information is maintained at a high level through continuous updates.
- Sharing device information among organisations that form the supply chain makes it possible to take countermeasures against security risks, take advantage of transparency, and improve security at all phases and through all organisations in the supply chain.
This technology is supported by the following elemental technologies possessed by NTT and NEC.
NTT - Configuration analysis technology for visualising software configuration of devices
NEC - Backdoor inspection technology to detect illegal functions in device software
NEC - Automated cyber-attack risk assessment technology for visualising attack routes in systems
Using this technology, customers can check the presence of suspicious components by referring to the device information during procurement and operation, and suppliers can explain the risk of contamination with unauthorised components objectively. In addition, customers can take prompt action by identifying risks and impacts using device information when a new software vulnerability is found.
The partnership is planning to carry out technical validation using this technology through private 5G within fiscal 2021 to verify the effectiveness of each elemental technology and identify issues.
Furthermore, it aims to set up a consortium of players involved in constructing and operating trusted networks, such as communication device vendors, system integrators, and user companies. By utilising this technology, the partnership aims to establish countermeasures for supply chain security risk that is difficult by a single player.