An industry scheme could help IT suppliers win back confidence from businesses following Edward Snowden’s of revelations of surveillance by the US National Security Agency (NSA), it was claimed this week.
The scheme, which offers IT suppliers independent audits of their supply chain and production processes, will act as a deterrent to suppliers selling compromised products, The Open Group, the industry body, behind the initiative said.
Equipment suppliers will need to provide evidence that they have secured their in-house development and their supply chains, to qualify for registration under the scheme as an ‘Open Trusted Technology Provider.”
“If it is found out that [an accredited organisation] is non-conformant they will be taken off the registry, and everyone will know that,” said Sally Long, director of the group’s Trusted Technology Forum.
Download resources from The Open Group
The accreditation scheme follows concerns from the US and UK governments that public sector organisations could be at risk as they move increasingly from developing their own IT systems to buying commercially available technology.
It aims to give buyers a level of assurance that technology is free from ‘tainted’ parts that could compromise security and to reduce the risk that counterfeit components find their way into commercial computer and telecommunications equipment.
“Incidents have happened around the world as a result of tainted components whether it’s the result of an individual, or whether it is a nation state that has a political rationale behind it,” said Long.
Since work began on the accreditation programme, CIA whistleblower Edward Snowden, has raised fresh concerns for businesses following revelations that the US National Security Agency and the UK’s GCHQ are exploiting vulnerabilities in commercial IT equipment.
IBM became the first organisation this week to achieve accreditation under the scheme, for its Application Infrastructure and Middleware Division, which produces its WebSphere rage of software.
The accreditation programme is likely to create a positive ripple effect among technology suppliers said Long. Trusted suppliers will want their component suppliers to be accredited to win their business, encouraging more companies to take up the programme.
“I think if the holistic potential of the programme is realised it will create a confidence boost for trusted technology providers, in particular, component suppliers,” she said.
The Open Group is holding talks with the International Organisation for Standardisation (ISO) to develop the accreditation programme into an internationally-recognised standard.
The Obama administration has shown some interest in the scheme, which could be incorporated into future best practice requirements for the country’s critical national infrastructure in future, Long revealed.
“We are talking about outreaching to governments around the world. We realise it needs to be adapted everywhere, “ said Long.
Under the programme, IT equipment manufacturers can chose to accredit individual products, business lines, or business units.