Tokyo - In November 2022, Nippon Telegraph and Telephone Corporation (Head Office: Chiyoda-ku, Tokyo, President and CEO: Akira Shimada, “NTT") and NEC Corporation (Head Office: Minato-ku, Tokyo, President and CEO: Takayuki Morita, “NEC") will begin field experiments aimed at applying Security Transparency Assurance Technology (Hereafter, "the Technology") to business operations.

NTT and NEC have promoted development of the Technology in order to ensure transparency regarding the security of ICT infrastructure by sharing information that enables visibility of the configuration of and risks to communication devices and information systems that constitute ICT infrastructure throughout the supply chain. Since it is important for the Technology to be promoted throughout the supply chain through cooperation among various companies and organizations related to the supply chain, NTT and NEC have made it possible to use various tools and systems by utilizing a Software Bill of Materials (SBOM) format * 1, a list of ingredients that make up software components. In the first half of fiscal 2023, NTT and NEC plan to establish an open consortium of various companies and organizations. These plans are part of a capital and business alliance formed between NTT and NEC in June 2020 for the purpose of joint research and development and global rollout of ICT products utilizing innovative optical and wireless technologies * 2.

1. Background In recent years, supply chain security risks have emerged in which products, services, and business environments are compromised through the supply chain in the procurement, maintenance, and operation of network devices and information systems constituting ICT infrastructure. In Japan, promulgation of the Economic Security Act has also increased interest in and needs to address these risks.

Under these circumstances, in October 2021, NTT and NEC developed the Technology * 3, which ensures security transparency by generating and utilizing visualization data regarding the configuration of and risks to information and communications services and systems, as well as the devices that form them.

1. Advancement of technology to promote the generation and utilization of visualization data This technology consists of Configuration Analysis Technology from NTT, which visualizes the software configuration of devices and systems, Backdoor Inspection Technology from NEC, which detects threats caused by unauthorized functions of software inside devices, and Automatic Cyber Attack Risk Diagnosis Technology from NEC, which visualizes attack routes in information and communication systems. Therefore, for the visualization data to be generated and utilized, the SBOM format, which is attracting attention around the world, has been applied. This makes it possible to use various tool systems that support the SBOM format to manage and utilize information related to software configuration. Furthermore, this technology has unique functions to enhance the quantity and quality of visualized data and improve its usability, which are important issues in practical operations, and will contribute to the advancement of various security operations based on SBOMs.

2. Field Experiments for Business Application In November 2022, the NTT Group * 4 and NEC will begin field experiments aimed at applying the Technology to businesses, including NTT's Optical and Wireless Network (IOWN) concept for new communication infrastructure. Specifically, the NTT Group and NEC will examine and demonstrate operational procedures for generating and utilizing visualization data. The visualization data is related to the configuration of and risks to information and communications services and systems, and the equipment that forms them. Through this demonstration, the NTT Group and NEC will establish and evaluate practical operation procedures for the Technology in various business scenes, such as procurement, and operation and service provision of equipment and systems, and provide feedback for technology development by identifying issues, thereby helping to further advance the Technology.

3. Future Developments Through the use of the Technology, NTT and NEC are preparing to establish a "Security Transparency Consortium" (Hereafter, "the Consortium") that aims to enable various companies and organizations, including appliance vendors, system integrators, operators, and security providers, to work together to address supply chain security risks. Aiming to be established in the first half of fiscal 2023, the Consortium will start accepting applications from a wide range of participating companies and organizations.

The Consortium will work together to share technical specifications and know-how related to the use of the Technology and to solve problems. With the aim of creating an environment in which everyone can take advantage of the Technology to respond to risks, NEC and NTT will work with many companies and organizations involved in the supply chain to apply the Technology and the IOWN concept to their businesses.