In a day and age where similar products from numerous vendors line store shelves, verifying goods and provided services before you buy has become second nature.
Take the pet food recall of 2007, for example, which associated with contaminated dog and cat food and further led to a Chinese export contamination investigation after concerns were raised as to the impact it could have had on the human food supply chain. Other cases involved numerous recalls of children’s toys that didn’t abide by national safety standards. And just like with any tangible product, online services and tools can also pose security threats that impact a consumer or company. Look at the numerous cloud-based platforms that have populated industries over the past several years due to increasing consumer demand. When shopping around for a hosted service or a product online, do you check the validity of the site before you click the “confirm” button at the time of purchase or agreement? Do you know where the goods came from and how they arrived at your door? Is their supply chain path vulnerable to disruption or threats?
Risks in almost any environment are inevitable. Thus, it is critical that proper procedures, secured infrastructures and industry standards are in place to prevent such threats and potential hazards from disrupting the global supply chain. And to better assure the integrity of Commercial Off-the Shelf (COTS) Information and Communication Technology (ICT) products, The Open Group released a Snapshot preview of its Open Trusted Technology Provider Standard (O-TTPS).
Call to action
Developed by The Open Group Trusted Technology Forum (OTTF)—one of the newest forums of The Open Group, an international vendor and technology-neutral consortium devoted to creating standards and certification programs— the open standard for organizational best practices aims to enhance the security of the global supply chain and address the risk of tainted and counterfeit products. By allowing suppliers, providers, integrators and acquirers of ICT a preview of the standard—version 1.0 to be release in Q4 later this year—they can better understand the importance in adopting these best practice requirements and recommendations.
“The objective for the OTTF and the snapshot is to raise the bar around the world for providers and their component suppliers—the idea being that if they all follow these best practices and implement them in their organizations, it would raise the bar for securing their global supply chain,” said Sally Long, Director of the Trusted Technology Forum, The Open Group, San Francisco. In development for the past nine months, the need for the standard “initially started with the need for identifying trustworthy COTS products, raising such questions as: What’s in the source code? Who built it? What are the meaningful supply chain considerations? And from there, we realized the real problem was how do we assure the industry is using best practices in development and in securing their supply chains in order to consistently produce trustworthy COTS products?” Long confirmed.
Although most technology hardware and software products today could not exist without global development, the increase in sophistication of cyber attacks has forced technology suppliers and governments to take a more comprehensive approach to product integrity and supply chain security.
“Delivering innovative information and communications technology today simply must leverage a global supply chain,” explained Edna Conway, Chief Security Strategist, Global Value Chain, Cisco Systems Inc., San Jose, Calif. and Vice-Chair of the OTTF. “Given this global supply chain, any effort to comprehensively address the challenges of cyber and product integrity can no longer be focused on end-point security alone. The OTTF is applying a comprehensive end-to-end supply chain way of thinking about the integrity of information and communications technology.”