In a strategic move to enhance cybersecurity, Japan’s prominent technology players, including KDDI Corporation, KDDI Research, Inc., Fujitsu Limited, NEC Corporation, and Mitsubishi Research Institute, Inc. (MRI), have joined forces to initiate a groundbreaking endeavor. The project, set to commence on August 1, 2023, entails a series of trials investigating the integration of a Software Bill of Materials (SBOM) into the realm of communication, encompassing 5G and LTE network equipment.
SBOM, which is essentially a comprehensive roster of software comprising various programs, is positioned as a potent tool to fortify cybersecurity. With the escalating intricacy and diverse functionalities demanded by communication systems, the core software’s composition has evolved from simple combinations to intricate amalgamations, incorporating open-source software (OSS). While OSS offers extensive functionality and adaptability due to its publicly accessible source code, the software supply chain’s transformation has inadvertently introduced vulnerabilities, including malicious code, leading to cyber threats.
Against this backdrop, the consortium aims to establish a robust framework to administer the project, initiating a comprehensive survey to address the gamut of technical and operational intricacies entailed in implementing SBOM within communication systems.
This initiative gains momentum following Japan’s Ministry of Internal Affairs and Communications’ decision on May 11, 2023, to commission KDDI for an extensive survey concerning the incorporation of SBOM in the communication field during FY 2023.
The project’s core objectives revolve around utilizing SBOM to comprehend the software supply chain intricacies and enable swift responses to vulnerabilities. To bolster cybersecurity in the communication domain, the following key aspects will be meticulously examined and discussed:
1. Survey of Trends and Guidelines: The consortium will conduct an in-depth analysis of global and domestic trends while formulating draft guidelines for SBOM’s seamless integration into communication equipment and software components.
2. SBOM Creation and Problem Investigation: By crafting SBOM for operational facilities utilized by carriers, the participants seek to uncover potential challenges and pitfalls.
3. Accuracy Evaluation of SBOM: Through a comprehensive assessment of the newly created SBOM and organizing domain-specific elements, the initiative aspires to pave the way for SBOM integration.
Amidst the evolving cybersecurity landscape, these five industry leaders remain resolute in their commitment to fortifying cybersecurity, ensuring the unwavering provision of communication services that underpin customer livelihoods. This collaborative stride underscores their collective dedication to creating a safer digital environment.