The Snapshot enables participants across the COTS ICT supply chain to understand the value in adopting best practice requirements and recommendations. It also provides an early look at the standard so providers, suppliers and integrators can begin planning how to implement the standard in their organizations, and so customers, including government acquirers, can differentiate those providers who adopt the standard's practices. Based on this Snapshot, Version 1.0 of the standard is expected to be published in late 2012. An accreditation program is planned to help provide assurance that Trusted Technology Providers conform to the standard.
"With the increasing threats posed by cyberattacks worldwide, technology buyers at large enterprises and government agencies across the globe need assurance the products they source come from trusted technology suppliers and providers who have met set criteria for securing their supply chains," said David Lounsbury, chief technology officer, The Open Group. "Standards such as O-TTPS will have a significant impact on how organizations procure COTS ICT products over the next few years and how business is done across the global supply chain."
Why Trusted Technology Standards? The rapid pace of globalization has brought both benefits and risks to developers of COTS ICT products worldwide. Although most technology hardware and software products today could not exist without global development, the increase in sophistication of cyberattacks has forced technology suppliers and governments to take a more comprehensive approach to risk management as it applies to product integrity and supply chain security. The Trusted Technology Forum was formed in late 2010 under the auspices of The Open Group to help technology companies, customers, government and supplier organizations create and promote guidelines for manufacturing, sourcing and integrating trusted, secure technology products as they move through the global supply chain.
The two risks being addressed in the Snapshot are tainted and counterfeit products. Each pose significant risk to organizations because altered or non-genuine products introduce the possibility of untracked malicious behavior or poor performance. Both product risks can damage customers and suppliers resulting in failed or inferior products, revenue and brand equity loss, and disclosure of intellectual property. Because governments and enterprises have begun to seek assurance that the products they use have assurance, providers of COTS ICT are focusing on protecting the integrity of their products and services as they move through the global supply chain.
Industry Support The O-TTPS Snapshot has been shaped by the following organizations: Apex Assurance, atsec Information Security, Boeing, Booz Allen Hamilton, CA Technologies, Carnegie Mellon SEI, Cisco, EMC, Fraunhofer SIT, Hewlett-Packard, IBM, IDA, Juniper Networks, Kingdee, Lockheed Martin, Microsoft, MITRE, Motorola Solutions, NASA, Oracle, Office of the Under Secretary of Defense for Acquisition, Technology and Logistics (OUSD AT&L), SAIC, Tata Consultancy Services, and U.S. Department of Defense/CIO.
"The modern supply chain depends upon a complex and interrelated network involving the movement of goods, services, funds, and information across a wide range of global participants, making it vulnerable to increasingly sophisticated cyberattacks and an ever increasing range of breaches and disruptions," said Andras Szakal, vice president and chief technology officer, IBM U.S. Federal. "Standards like O-TTPS are critical in helping to ensure the integrity and security of data, and giving customers peace of mind."
"Cisco appreciates how a global standard holistically addressing security practices throughout the technology value chain will enhance customer assurance," said Edna Conway, chief security strategist for Cisco's Global Supply Chain. "Developing verifiable criteria that can be deployed through the global value chain and flexibly adapt to mitigate emerging threats offers an unshakeable foundation for COTS ICT product integrity."
"With the rapid changes in computing infrastructure and growing security threats our industry is facing, EMC has, from the beginning of this initiative, invested in the Trusted Technology Forum's work to develop a practical standard that builds assurance for our global supply chains," said Dan Reddy, senior consulting product manager, Product Security Office, EMC. "Global providers and governments everywhere must work together to leverage this common means to assure customers that the technology products they buy maintain integrity and reduce the risk to the customer's operational environments. This Standard is an important milestone in that journey."
"Security within the product lifecycle is a critical issue facing global companies today," said Steve Lipner, partner director, Program Management, Microsoft Trustworthy Computing. "In developing standards that provide guidance for industry and government to secure products globally, Microsoft and The Open Group Trusted Technology Forum are working together to help protect both end users and product integrity worldwide."
"As a leading contract vehicle for the purchase of IT products by the Federal Government, the NASA Solutions for Enterprise-Wide Procurement (SEWP) Office is excited and encouraged by the progress made by the OTTF in this industry led effort to define and standardize the trustworthiness of supply chain management," said Joanne Woytek, NASA SEWP program manager.
For more information on the O-TTPS Snapshot or to download, please visit The Open Group Bookstore here. For more information on The Open Group Trusted Technology Forum, please click here. To view a video featuring OTTF Co-Chair and Cisco's chief security strategist for the Global Value Chain Edna Conway discussing the work of the OTTF, please click here. To attend a Webinar on the O-TTPS Snapshot entitled "Developing Standards that Secure the Global Supply Chain, Enabling Suppliers Globally to Raise the Bar on Security and Integrity," on March 15, 2012 at please register here.
About The Open Group Trusted Technology Forum (OTTF) The Open Group Trusted Technology Forum (OTTF) leads the development of a global supply chain integrity program and framework in order to provide buyers of IT products with a choice of accredited technology partners and vendors. The Open Group Trusted Technology Provider Framework (O-TTPF), based on the published White Paper, will identify best practices for secure engineering and supply chain integrity that distinguish trusted technology providers, and foster a secure and sustainable global supply chain.
The OTTF supports the development and utilization of the O-TTPF global framework, the O-TTPF accreditation program, procurement strategies, and related activities that:
Help the technology industry "build with integrity" Enable customers to "buy with confidence" Support global innovation Moderate the unintended consequences of regulation Reduce risk and compliance costs Protect operational assets
The OTTF provides a vendor-neutral environment where security, supply chain, and acquisition professionals can lead the development of industry best practices and accreditation programs, utilize The Open Group's broad reach to build global recognition for them, and network with a world-class community of experts and peers to grow professionally. We welcome the participation of all who want to influence the direction of the OTTF.
About The Open Group The Open Group is an international vendor- and technology-neutral consortium upon which organizations rely to lead the development of IT standards and certifications, and to provide them with access to key industry peers, suppliers and best practices. The Open Group provides guidance and an open environment in order to ensure interoperability and vendor neutrality. Further information on The Open Group can be found at http://opengroup.org.