Trusted IT scheme aims to restore confidence after Snowden

News

Trusted IT scheme aims to restore confidence after Snowden

Bill Goodwin

An industry scheme could help IT suppliers win back confidence from businesses following Edward Snowden’s of revelations of surveillance by the US National Security Agency (NSA), it was claimed this week.

Microsoft, HP, Juniper Networks, IBM and Cisco are among the companies backing an accreditation programme designed to protect commercial hardware and software from clandestine tampering.

44073_Malware.jpg

The scheme, which offers IT suppliers independent audits of their supply chain and production processes, will act as a deterrent to suppliers selling compromised products, The Open Group, the industry body, behind the initiative said.

Equipment suppliers will need to  provide evidence that they have secured their in-house development and their supply chains, to qualify for registration under the scheme as an ‘Open Trusted Technology Provider.”

“If it is found out that [an accredited organisation] is non-conformant they will be taken off the registry, and everyone will know that,” said Sally Long, director of the group’s Trusted Technology Forum.

The accreditation scheme follows concerns from the US and UK governments that public sector organisations could be at risk as they move increasingly from developing their own IT systems to buying commercially available technology.

Tainted parts

It aims to give buyers a level of assurance that technology is free from ‘tainted’ parts that could compromise security and to reduce the risk that counterfeit components find their way into commercial computer and telecommunications equipment.

“Incidents have happened around the world as a result of tainted components whether it’s the result of an individual, or whether it is a nation state that has a political rationale behind it,” said Long.

State Surveillance

Since work began on the accreditation programme,  CIA whistleblower Edward Snowden, has raised fresh concerns for businesses following revelations that the US National Security Agency and the UK’s GCHQ are exploiting vulnerabilities in commercial IT equipment.

IBM became the first organisation this week to achieve accreditation under the scheme, for its Application Infrastructure and Middleware Division, which produces its WebSphere rage of software.

The accreditation programme is likely to create a positive ripple effect among technology suppliers said Long. Trusted suppliers will want their component suppliers to be accredited to win their business, encouraging more companies to take up the programme.

“I think if the holistic potential of the programme is realised it will create a confidence boost for trusted technology providers, in particular, component suppliers,” she said.

The Open Group is holding talks with the International Organisation for Standardisation (ISO) to develop the accreditation programme into an internationally-recognised standard.

Obama interested

The Obama administration has shown some interest in the scheme, which could be incorporated into future best practice requirements for the country’s critical national infrastructure in future, Long revealed.

“We are talking about outreaching to governments around the world. We realise it needs to be adapted everywhere, “ said Long.

Under the programme, IT equipment manufacturers can  chose to accredit  individual products, business lines, or business units.


Download a guide to the Open Trusted Technology Provider Standard (O-TTPS) here


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy