The initiative, co-ordinated by an independent consortium of IT users and suppliers, could lead to the development of a series of kite-marks for trusted, secure IT equipment.
The project answers concerns raised by the US and other governments that cybercriminals could introduce security vulnerabilities into IT equipment as it passes through the supply chain.
Boeing, Cisco, IBM, Microsoft, NASA and the US Department of Defense are among the organisations driving the work, which aims to develop an internationally agreed framework for manufacturing secure IT equipment.
Andras Szakal, director of software architecture at IBM, and a member of The Open Group, which is co-ordinating the project, said the framework would help suppliers eliminate potential security risks.
"The end user is in pain. The critical infrastructure is under attack. They are looking for someone to blame. We, the vendor community, have to look what we are doing to solve that problem," he said.
The move comes amid concerns that governments may introduce their own, potentially conflicting security requirements for suppliers if they don't take action themselves.
Dave Lounsbury, chief technology officer of The Open Group, said it was important for suppliers to act.
"We do want to make sure there is an industry proposal on the table that governments can point to and use. We have to have that so we don't end up with different regimes for best-practice in different countries," he said.
The group plans to publish a security framework next year that will draw upon existing standards and industry best practice.
"We are looking at the most mature corporations in the world, looking at the practical approaches they have implemented that are effective in reducing the risk of supply chain attack and ensuring the integrity of the network," said Szakal.
The framework should be outcome-based, he said, giving organisations flexibility to implement security in the way that best matches their needs.
"Through this initiative, I think you will get more of the industry in-line and help vendors to pull themselves up by their bootstraps."
The framework has grown out of an 18-month project sponsored by the US government, which brought the major IT suppliers together to collaborate and share their experience on securing their supply chains.
"The government is a consumer of these kinds of systems, " said Lounsbury. "They wanted to see if they could get a response from industry that would not require them to put in procurement policy. They wanted to see industry step up to the plate."
|
| Source: The Open Group |
This story was first published by Computer Weekly