Best practices for securing the global technology supply chain
The Open Group, a vendor-neutral and technology-neutral consortium, has unveiled the formation of The Open Group Trusted Technology Forum (TTF), a global standards initiative that is aimed at shaping global procurement strategies and best practices to help reduce threats and vulnerabilities in the global supply chain.
The TTF forum will provide a collaborative, open environment for technology companies, customers, government and supplier organisations to create and promote guidelines for manufacturing, sourcing, and integrating trusted, secure technologies.
The TTF is a proactive response to the changing cyber-security threat landscape and will address the mitigation of risks potentially introduced by vulnerable supply and development processes.
Boeing, Carnegie Mellon SEI, CA Technologies, Cisco, HP, IBM, Kingdee, Microsoft, MITRE, NASA, Oracle, and US Department of Defense (OUSD(AT&L)/DDR&E) are the founding members of the forum.
The forum will operate under the stewardship of The Open Group, an international vendor- and technology-neutral standards consortium.
Initially, the TTF will release a framework that for the first time unifies in a systematic way the industry best practices that contribute to the secure and trusted development, manufacture, delivery and ongoing operation of commercial software and hardware products.
The TTF’s long-term objective is to develop a globally-recognised programme based on open, international standards.
Such a programme will identify trusted technology providers and products throughout the global supply chain, enabling suppliers to innovate and build technology products with integrity and customers to buy with confidence.
The TTF’s work programme will aim to identify and promote the use of supply-chain best practices to reduce security risks that may be intentionally or inadvertently introduced into the global supply chain.
It will also identify manufacturing practices for protecting product lifecycle and checkpoints throughout the lifecycle that mitigate risk from uncontrolled, unprotected development methods and engineering procedures.
In addition to developing criteria for identifying trusted technology providers, the TTF will work with the global community to develop responsible and realistic procurement strategies for mitigating supply chain risk.
Governments and enterprises that use these global standards in their technology strategy and purchasing decisions can rely on a more comprehensive approach to risk management and product assurance when selecting commercial off-the-shelf technology products.
Vendors and suppliers who adhere to these practices will be able to better protect the integrity of their products and services as they move through the global supply chain.
The Open Group will provide guidance and a vendor-neutral collaborative environment for TTF members to identify industry best practices and define a globally recognised programme for providers who implement the best practices.
IBM distinguished engineer and The Open Group board member Andras Szakal said through this collaboration, IBM and other TTF participants will identify and promote for global adoption the best practices and tools that enable technology users and suppliers alike to confidently develop, integrate, and update essential security protections within the fabric of their critical systems.
The Open Group chief technical officer David Lounsbury said by forming the TTF in response to the growing need to address global cyber threats, they are fortunate to be able to draw from some of the most innovative organisations in the world as founding members and look to their leadership to grow the Trusted Technology Provider Framework and provide best practices to all industries and governments.