NTT and NEC have developed Supply Chain Security Risk Reduction Technology for ICT Infrastructure
October 27, 2021
NTT Corporation (headquartered in Chiyoda-ku, Tokyo: Jun Sawada, President and CEO; "NTT") and NEC Corporation (headquartered in Minato-ku, Tokyo: Takayuki Morita, President and CEO; "NEC") have developed Security Transparency Assurance Technology, which is the core technology for realizing the Trusted Network Concept. Security Transparency Assurance Technology, which aims to reduce supply chain security risks, ensures security transparency throughout the supply chain by sharing system configurations and risks of network devices and information systems that constitute ICT infrastructure, including the Fifth Generation Mobile Communication Systems (5G), private 5G, and Innovative Optical and Wireless Networks (IOWN *1).
NTT and NEC entered into a capital and business alliance in June 2020 for the purpose of joint research and development and the global rollout of ICT products utilizing innovative optical and wireless technologies *2, and are developing internationally competitive products and technologies. This initiative is a part of the alliance.
The latest results of this technology will be exhibited in the NTT R&D Forum — Road to IOWN 2021 *3, which is scheduled to be held from November 16 to 19 in 2021.
As the digital transformation (DX) of society and industry accelerates, supply chain security risks, such as intrusions of unauthorized software (malware, etc.) through the supply chain related to procurements, maintenance, and operations of network devices and information systems constituting the ICT infrastructure, and unauthorized intrusion into networks and information systems through organizations with weak cybersecurity facilities, have become apparent.
As a risk countermeasure, the suppliers of network devices and information systems (e.g., network device vendors, system integrators, etc.) in the supply chain work to ensure and confirm security for customers. At present, however, it is technically difficult to detect and confirm security risks and we have to rely on the trust between the suppliers and the customers.
Security Transparency Assurance Technology, which is at the core of the realization of trusted networks, is a technology that ensures transparency regarding the security of ICT infrastructures by sharing information (hereinafter referred to as "device information") that visualizes the configuration and risks of communications devices and systems that constitute ICT infrastructure.
Security Transparency Assurance Technology features the following:
(1) Visualizes software configurations in network devices continuously through the supply chain (e.g., manufacturing, shipping, deployment and operation) and generates device information including the inspection results, the presence of backdoors and illegal components.
(2) Device information enables high-quality risk analysis and monitoring based on its completeness and accuracy, and the transparency of device information is maintained at a high level through continuous updates of it.
(3) Sharing device information among organizations that form the supply chain makes it possible to take countermeasures against security risks, to take advantage of transparency and to improve security at all phases and through all organizations in the supply chain.
This technology is supported by the following elemental technologies possessed by NTT and NEC.
NTT - Configuration analysis technology for visualizing software configuration of devices
NEC - Backdoor inspection technology to detect illegal functions in device software
NEC - Automated cyber-attack risk assessment technology for visualizing attack routes in systems *4
Using this technology, customers can check the presence of suspicious components by referring to the device information during procurement and operation *5, and suppliers can explain the risk of contamination with unauthorized components objectively. In addition, customers can take prompt action by identifying risks and impacts using device information when a new software vulnerability is found.
We are planning to carry out technical validation using this technology through private 5G within fiscal 2021 to verify the effectiveness of each elemental technology and identify issues.
Furthermore, we aim to set up a consortium of players involved in the construction and operation of trusted networks, such as communication device vendors, system integrators, and user companies. By utilizing this technology, we will establish countermeasures for supply chain security risk that is difficult by a single player.
- *1IOWN (Innovative Optical and Wireless Network)
A future communication infrastructure that supports a smart world and utilizes the latest optical and information processing technologies.
- *2Alliance for Joint Research and Development and Global Rollout of ICT Products Utilizing Innovative Optical and Wireless Technologies
- *3NTT R&D Forum — Road to IOWN 2021
- *4Technology provided by NEC to visualize system security risks and the effects of countermeasures.
Cyber Attack Route Assessment Service
- *5This makes it possible to easily respond to supply chain security requirements (security inspection at device procurement and operation, risk reduction, etc.) in guidelines set by government agencies in various countries.
About NEC Corporation
NEC Corporation has established itself as a leader in the integration of IT and network technologies while promoting the brand statement of “Orchestrating a brighter world.” NEC enables businesses and communities to adapt to rapid changes taking place in both society and the market as it provides for the social values of safety, security, fairness and efficiency to promote a more sustainable world where everyone has the chance to reach their full potential. For more information, visit NEC at https://www.nec.com.
NEC is a registered trademark of NEC Corporation. All Rights Reserved. Other product or service marks mentioned herein are the trademarks of their respective owners. © NEC Corporation.