NTT Corporation and NEC Corporation have developed Security Transparency Assurance Technology, which is the core technology for realizing the Trusted Network Concept. Security Transparency Assurance Technology, which aims to reduce supply chain security risks, ensures security transparency throughout the supply chain by sharing system configurations and risks of network devices and information systems that constitute ICT infrastructure, including the Fifth Generation Mobile Communication Systems (5G), private 5G, and Innovative Optical and Wireless Networks (IOWN(1)).
NTT and NEC entered into a capital and business alliance in June 2020 for the purpose of joint research and development and the global rollout of ICT products utilizing innovative optical and wireless technologies(2), and are developing internationally competitive products and technologies.
Read More:Â Â E2open Named A Leader In The 2021 Nucleus Control Tower Value Matrix For Seventh Consecutive Year
This initiative is a part of the alliance.
The latest results of this technology will be exhibited in the NTT R&D Forum – Road to IOWN 2021(3), which is scheduled to be held from November 16 to 19 in 2021.
1. Background
As the digital transformation (DX) of society and industry accelerates, supply chain security risks, such as intrusions of unauthorized software (malware, etc.) through the supply chain related to procurements, maintenance, and operations of network devices and information systems constituting the ICT infrastructure, and unauthorized intrusion into networks and information systems through organizations with weak cybersecurity facilities, have become apparent.
As a risk countermeasure, the suppliers of network devices and information systems (e.g., network device vendors, system integrators, etc.) in the supply chain work to ensure and confirm security for customers. At present, however, it is technically difficult to detect and confirm security risks and we have to rely on the trust between the suppliers and the customers.
2. Technology
Security Transparency Assurance Technology, which is at the core of the realization of trusted networks, is a technology that ensures transparency regarding the security of ICT infrastructures by sharing information (hereinafter referred to as “device information”) that visualizes the configuration and risks of communications devices and systems that constitute ICT infrastructure.
Security Transparency Assurance Technology features the following:
1. Visualizes software configurations in network devices continuously through the supply chain (e.g., manufacturing, shipping, deployment and operation) and generates device information including the inspection results, the presence of backdoors and illegal components.
2. Device information enables high-quality risk analysis and monitoring based on its completeness and accuracy, and the transparency of device information is maintained at a high level through continuous updates of it.
3. Sharing device information among organizations that form the supply chain makes it possible to take countermeasures against security risks, to take advantage of transparency and to improve security at all phases and through all organizations in the supply chain.
This technology is supported by the following elemental technologies possessed by NTT and NEC.
NTT – Configuration analysis technology for visualizing software configuration of devices
NEC – Backdoor inspection technology to detect illegal functions in device software
NEC – Automated cyber-attack risk assessment technology for visualizing attack routes in systems(4)
Using this technology, customers can check the presence of suspicious components by referring to the device information during procurement and operation(5), and suppliers can explain the risk of contamination with unauthorized components objectively. In addition, customers can take prompt action by identifying risks and impacts using device information when a new software vulnerability is found.
Read More:Â Â SalesTechStar Interview With Mary Pat Donnellon, Chief Revenue Officer At CallRail
3. Future Development
We are planning to carry out technical validation using this technology through private 5G within fiscal 2021 to verify the effectiveness of each elemental technology and identify issues.
Furthermore, we aim to set up a consortium of players involved in the construction and operation of trusted networks, such as communication device vendors, system integrators, and user companies. By utilizing this technology, we will establish countermeasures for supply chain security risk that is difficult by a single player.
(1) IOWN (Innovative Optical and Wireless Network)
A future communication infrastructure that supports a smart world and utilizes the latest optical and information processing technologies.
(2) Alliance for Joint Research and Development and Global Rollout of ICT Products Utilizing Innovative Optical and Wireless Technologies
(3) NTT R&D Forum – Road to IOWN 2021
(4) Technology provided by NEC to visualize system security risks and the effects of countermeasures.
Cyber Attack Route Assessment Service
(5) This makes it possible to easily respond to supply chain security requirements (security inspection at device procurement and operation, risk reduction, etc.) in guidelines set by government agencies in various countries.