Japan Industry Partners Launch Trials To Strengthen Cybersecurity Against Threats In The Telecoms Industry
Japan KDDI Corporation, KDDI Research, Inc., Fujitsu Limited, NEC Corporation, and Mitsubishi Research Institute, Inc. (MRI), today announced that they will embark on a series of trials exploring the introduction of Software Bill of Materials (SBOM)(1), a list of programs that comprise software, into the communications field including 5G and LTE network equipment with the aim of strengthening cybersecurity, on August 1, 2023. The five companies plan to establish a framework to manage this project and start a survey to address different technical and operational issues surrounding the use of SBOM.
The project follows the decision on May 11, 2023 by Japan's Ministry of Internal Affairs and Communications to commission KDDI to conduct "a survey on the introduction of SBOM in the communications field in FY 2023."
Background
With the increasing sophistication and diversity of functions required in communications systems, the composition of core software in communications systems used by telecommunication operators has changed from a simple combination of a few software components to a complex combination of many software components, including open source software (OSS). OSS can be used by anyone because the source code of the software is publicly available, and its use cases are expanding because of its rich functionality and flexibility.
On the other hand, changes in the software supply chain have led to the introduction of malicious code into software components, including OSS, and cyberattacks targeting vulnerabilities.
Similarly, the risk of being attacked is becoming apparent in communication systems. A database that collects and provides vulnerability information on software components in response to attacks is already in operation, but if the configuration of software components in the communication system is not understood, it is difficult to respond quickly when vulnerabilities are identified. As a result, the importance of SBOM, which provide a list of the various parts that make up software, version information, and dependencies between parts, is rapidly increasing.
Initiatives of the Project
Under this initiative, the companies will use the SBOM to grasp the software supply chain and quickly respond to vulnerabilities. To strengthen cybersecurity in the communications field, the following items will be investigated and discussed.
1. Survey of domestic and
overseas trends and study of draft guidelines for the
introduction of SBOM in the communications field
The
companies will investigate initiatives and existing
guidelines related to SBOM by government agencies and
private organizations in Japan and internationally and will
consider draft guidelines for utilizing SBOM for
communications equipment and software components for such
equipment.
2. Creation of SBOM for communication
equipment and investigation of problems
The companies
will create SBOM for some of the facilities actually
operated by carriers through this project.
3. Evaluation
of accuracy of SBOM for communication equipment
By
evaluating the accuracy of the newly created SBOM and
organizing items specific to the communications field, the
participants aim to solve problems for the introduction of
SBOM.
Amid the foreseeable changes in the environment surrounding cybersecurity, the five companies will continue to contribute to strengthening cybersecurity to ensure the stable provision of communications services that support the lives of customers.