The Open Group Trusted Technology Forum (OTTF)
Objective of Meeting
The Forum devoted this entire member meeting to evolving the Open Trusted Technology Provider Standard (O-TTPS) Snapshot, scheduled for release in February 2012, with the exception of the Open Track session on Tuesday that is summarized below. For a summary of the member meeting sessions, please refer to the Monday or Wednesday proceedings.
There were two objectives for this Open Track session. The first was to increase awareness for the work of the OTTF on the Standard they are developing for Mitigating Risks of Tainted and Counterfeit Products – and to present some of the challenges – from a threat perspective – in developing best practices for the global supply chain. The second objective was to learn about other supply chain activities in the industry that the US government is looking at (one of them being the OTTF) with the objective for the OTTF members to determine where they might best harmonize their work as appropriate.
The Global Supply Chain: Presentation and Discussion on OTTF and the Challenges of Protecting Products Against Counterfeit and Tampering
Mary Ann Davidson, Chief Security Officer, Oracle
Mary Ann gave an excellent delivery and thought-provoking presentation on the work the OTTF is doing in this space. She presented the history of the OTTF, the challenges it faces, the intended scope of the work, along with the planned deliverables and a timeline for those. She also focused on: the concept of fit-for-purpose COTS ICT products - recognizing the limitations of COTS ICT products in high assurance scenarios, the challenges and benefits that come with a global supply chain, and the limitations on eliminating vulnerabilities and risks associated with tainted and counterfeit products.
Overview of the Comprehensive National Cybersecurity Initiative on Supply Chain Risk Management (CNCI-SCRM), with an Additional Focus on Counterfeiting
Don Davidson, Chief, Outreach, Science & Standards, Trusted Mission Systems & Networks – TMSN/DoD-CIO
Don Davidson provided an excellent presentation of the various activities that the DoD is looking at in the supply chain space. The charts he presented really gave a comprehensive picture of the DoD’s efforts in supply chain. Don is involved in many of the activities and was able to give a very insightful talk on the perspective of each. He also talked about where he sees the OTTF fitting in the Big Picture. He believes that the DoD continues to be interested in the work of the OTTF and believes that the Standard we are working on aligns with much of the DoD perspective in this space.
The output of this session is the presentations.
Submit the O-TTPS proposed Snapshot to The Open Group Snapshot Approval Process, with the goal of having the Snapshot approved for publication prior to the RSA Conference at the end of February. Additionally, to work on conformance criteria for the best practice requirements as specified in the standard the OTTF is developing.
The OTTF has a Global Outreach and Standards Harmonization Work Stream that will continue to work with the other standards activities in this space as highlighted in Don’s presentation to harmonize the work of the OTTF.