News
Vendors

Japanese companies launch trials to boost cybersecurity across communications field

August 02, 2023
Japanese companies launch trials to boost cybersecurity across communications field

Japan KDDI Corp., KDDI Research Inc., Fujitsu Limited, NEC Corp., and Mitsubishi Research Institute Inc. (MRI) announced Tuesday that they will embark on a series of trials exploring the introduction of Software Bill of Materials (SBOM), covering a list of programs that comprise software, into the communications field including 5G and LTE network equipment. The project aims to help bolster cybersecurity. 

Furthermore, these companies plan to establish a framework to manage this project and start a survey to address different technical and operational issues surrounding the use of SBOM. The latest project follows the decision on May 11, 2023 by Japan’s Ministry of Internal Affairs and Communications to commission KDDI to conduct ‘a survey on the introduction of SBOM in the communications field in FY 2023.’

The trial was conducted on Aug. 1. KDDI will handle the overall management of the project, while MRI will conduct surveys of domestic and overseas trends and study draft guidelines for the introduction of SBOM in the communications field. Fujitsu and NEC will be responsible for creating the SBOM for communication equipment and investigating any related problems. On the other hand, KDDI and KDDI Research will be in charge of evaluating the accuracy of the SBOM for communication equipment.

Under this initiative, the companies will use the SBOM to grasp the software supply chain and quickly respond to vulnerabilities. To strengthen cybersecurity in the communications field, a survey of domestic and overseas trends and study of draft guidelines for the introduction of SBOM in the communications field. The companies will investigate initiatives and existing guidelines related to SBOM by government agencies and private organizations in Japan and internationally and will consider draft guidelines for utilizing SBOM for communications equipment and software components for such equipment.

Additionally, as part of this project, the companies will create a SBOM for communication equipment and investigate any problems. The SBOM will be created for some of the facilities that are currently operated by carriers. By evaluating the accuracy of the newly created SBOM and organizing items specific to the communications field, the participants aim to address the evaluation of accuracy of SBOM for communication equipment and solve problems related to its introduction.

With the increasing sophistication and diversity of functions required in communications systems, the composition of core software in communications systems used by telecommunication operators has changed from a simple combination of a few software components to a complex combination of many software components, including open source software (OSS). 

OSS can be used by anyone because the source code of the software is publicly available, and its use cases are expanding because of its rich functionality and flexibility.

On the other hand, changes in the software supply chain have led to the introduction of malicious code into software components, including OSS, and cyberattacks targeting vulnerabilities. 

Similarly, the risk of being attacked is becoming apparent in communication systems. A database that collects and provides vulnerability information on software components in response to attacks is already in operation, but if the configuration of software components in the communication system is not understood, it is difficult to respond quickly when vulnerabilities are identified. 

As a result, the importance of SBOM, which provides a list of the various parts that make up software, version information, and dependencies between parts, is rapidly increasing.

Amid the foreseeable changes in the environment surrounding cybersecurity, the five companies will continue to contribute to strengthening cybersecurity to ensure the stable provision of communications services that support the lives of customers.

Industrial Cyber News Desk
Industrial Cyber News Desk

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

CISA and FBI issue secure by design alert to urge manufacturers to remove directory traversal vulnerabilities
CISA and FBI issue secure by design alert to urge manufacturers to remove directory traversal vulnerabilities
GAO report indicates that NASA should update spacecraft acquisition policies and standards for cybersecurity
GAO report indicates that NASA should update spacecraft acquisition policies and standards for cybersecurity
Sygnia
Sygnia aligns with NVIDIA, revolutionizes OT security for energy and industrial sectors
Armexa adds John Cusimano as vice president to its leadership team
Armexa, ISA partner to offer standards-based OT cybersecurity training
House Committee emphasizes importance of CIRCIA implementation for cyber preparedness
House Committee emphasizes importance of CIRCIA implementation for cyber preparedness
Global cybersecurity agencies issue alert on threat to OT systems from pro-Russia hacktivist activity
Global cybersecurity agencies issue alert on threat to OT systems from pro-Russia hacktivist activity
Insane Cyber
Insane Cyber closes $4.2 million funding round to safeguard critical infrastructure installations
Building a Culture of Cyber Resilience in Manufacturing (WEF)
WEF playbook addresses cyber resilience in manufacturing and supply chains, provides three guiding principles
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience