Site iconSite icon IFSEC Insider | Security and Fire News and Resources

Trusted Technology Forum set up to identify Best Practices for securing global technology supply chain

The Open Group has announced the formation of The Trusted Technology Forum (TTF), a global standards initiative that will provide a collaborative, open environment for technology companies, customers, Government and supplier organisations to create and promote guidelines for manufacturing, sourcing and integrating trusted, secure technologies.

The TTF’s objective is to shape global procurement strategies and Best Practices, in turn helping reduce threats and vulnerabilities in the global supply chain.

The TTF is a proactive response to the changing cyber security threat landscape, and will address the mitigation of risks potentially introduced by vulnerable supply and development processes.

Founding members are Boeing, Carnegie Mellon SEI, CA Technologies, Cisco, HP, IBM, Kingdee, Microsoft, MITRE, NASA, Oracle and the US Department of Defense (OUSD(AT&L)/DDR&E).

The Forum will operate under the stewardship of The Open Group, an international vendor- and technology-neutral standards consortium.

Best Practice and commercial software/hardware solutions

Initially, the TTF will release a framework that, for the first time, unifies in a systematic way the industry Best Practices that contribute to the secure and trusted development, manufacture, delivery and ongoing operation of commercial software and hardware products.

The TTF’s long-term objective is to develop a globally-recognised programme based on open, international standards. Such a programme will identify trusted technology providers and products throughout the global supply chain, enabling suppliers to innovate and build technology products with integrity and customers to buy with confidence.

Governments and enterprises that use these global standards in their technology strategy and purchasing decisions can rely on a more comprehensive approach to risk management and product assurance when selecting commercial off-the-shelf technology products.

Vendors and suppliers adhering to these practices will be able to better protect the integrity of their products and services as they move through the global supply chain.

Leveraging more than 20 years of experience in creating industry Best Practices, standards, certification and accreditation programmes for global organisations in all verticals, The Open Group will provide guidance and a vendor-neutral collaborative environment for TTF members to identify industry Best Practices and define a globally recognised programme for providers who implement those Best Practices.

What does IBM have to say on the matter?

“IBM is a founding member of The Open Group Trusted Technology Forum because building security into the critical systems of the planet requires global, multi-disciplinary and multi-sector collaboration,” said Andras Szakal, IBM’s distinguished engineer and Board member of The Open Group.

“Through this collaboration, IBM and other TTF participants will identify and promote for global adoption the Best Practices and tools that enable technology users and suppliers alike to confidently develop, integrate and update essential security protections within the fabric of their critical systems.”

Recognising the importance of increasing trust among manufacturers, vendors and customers, the TTF’s work programme will aim to:

“The Open Group has long served as an open environment and facilitator whereby members around the world collaborate to create initiatives that drive industry standards development and certification programmes,” said David Lounsbury, chief technical officer of The Open Group.

“By forming the TTF in response to the growing need to address Bglobal cyber threats, we are fortunate to be able to draw from some of the most innovative organisations in the world as founding members. We look to their leadership to grow the Trusted Technology Provider Framework and provide Best Practices to all industries and Governments.”

Industry support for the TTF

“CA Technologies is proud to be a founding member of the Trusted Technology Forum,” said Tim Brown, chief security architect with CA Technologies.

“We recognise that the global community in which we operate needs an international, standards-based programme that gives vendors confidence the technologies in their supply chain are secure and meet the same high standards they hold for themselves. The criteria developed by the TTF will assist buyers in their due diligence and help speed time-to-market.”

Mark Schiller, director of the security office at HP, commented: “HP recognises the importance of a trustworthy and assured secure global supply chain, and welcomes this new Open Group initiative to identify and establish Best Practices and strategies.”

Comment from Cisco and Kingdee Software

“Cisco is privileged to collaborate with the IT community as reflected in the TTF to proactively address global supply chain security concerns facing us all,” said Edna Conway, senior director of customer value chain management at Cisco.

“The TTF provides the opportunity to evolve international standards which may be referenced by existing multi-national certification programmes such as Common Criteria, and used as a meaningful indicator of product assurance. Ultimately, improved standards keep us all accountable and allow the consumer to purchase with confidence.”

“As a Platinum member and a Board member of The Open Group, Kingdee Software will work with the Trusted Technology Forum to introduce global technology supply chain procurement and product development standards and frameworks into Asia via The Open Group China franchise, which is also managed by Kingdee,” said Dr Bob Chu, chief enterprise architecture expert at Kingdee Software and CTO of The Open Group, China.

“Kingdee will introduce the Trusted Technology Provider Framework to help global manufacturers in Asia like Lenovo, Acer, Huawei, ZTE, Haire and NTT, etc to develop and manufacture technology products with integrity so that global customers can buy with confidence in a secure global supply chain.”

Microsoft and Oracle have their say

“Microsoft supports the Trusted Technology Forum’s goal of publishing practices that ultimately help protect end users,” said Steve Lipner, senior director at Microsoft Trustworthy Computing.

“Our experience applying the Security Development Lifecycle to numerous Microsoft products over a period of six years has demonstrated that targeted security activities executed throughout the phases of the traditional software development lifecycle and as part of a repeatable process result in security gains.”

“The world is powered by information technology, yet we know little about the hardware and software that enable IT,” said Mary Ann Davidson, chief security officer with Oracle.

“The Trusted Technology Provider Framework brings a much-needed, outcomes-based, feasible and achievable focus on supply chain Best Practices related to the software and hardware that powers critical infrastructure.”

Forum deliverables: what happens next?

The Open Group Trusted Technology Provider Framework (TTPF) has been in development over the past year as a project of the Acquisition Cybersecurity Initiative, a collaborative effort between Government and industry verticals under the sponsorship of the US Department of Defense (OUSD (AT&L)/DDR&E) and facilitated by the Open Group.

The framework is intended to benefit technology buyers across all industries concerned with secure development practices and supply chain management, including Government and defence, transportation, healthcare and financial services.

The first deliverable of the TTF will be the TTPF White Paper that will outline current industry Best Practices for manufacturing trusted technology products, and will build on the highest priority areas such as supply chain integrity where action is most likely to mitigate risk with a global recognition programme identifying providers following Best Practice methodologies.

For more information on The Open Group Trusted Technology Forum visit the website (a dedicated link is provided on the right hand panel of this page)

Exit mobile version