Technology companies including Cisco and IBM are backing an Open Group programme to protect computer hardware from threats such as spyware added to components in the supply chain.
The goal is to “safeguard the global supply chain against the increased sophistication of cyber-security attacks,” Open Group said in a statement. A new open standard, Open Trusted Technology Provider Standard (O-TTPS), aims to provide governments and companies with peace of mind when buying off-the-shelf IT products.
Andras Szakal, Vice President and Chief Technology Officer, IBM U.S. Federal, said: “The modern technology supply chain depends upon a complex and interrelated network of technology component suppliers across a wide range of global partners.”
“It is necessary to mitigate the risks … in the face of increasingly sophisticated cyber-attacks. Standards like O-TTPS are indispensable tools for ensuring the integrity and security of commercial technology solutions, giving customers peace of mind.”
David Lounsbury, Chief Technical Officer, The Open Group, said: “With the increasing sophistication of cyber-attacks worldwide, technology buyers at large enterprises and government agencies need guarantees the products they source come from trusted suppliers and that they meet set criteria for securing their supply chains. ”
ESET researcher David Harley explains the risks in a detailed blog post here, “There’s a lot more to a supply chain than the production line,” says Harley. “The number of entry points for the insertion of malicious software is so much greater, right up to the time the system hits the customer’s desk.”
Author Rob Waugh, We Live Security