San Francisco, September 13, 2016 – The EastWest Institute (EWI) today released “Purchasing Secure ICT Products and Services: A Buyers Guide” – a unique, breakthrough resource intended for all organizations interested in acquiring more secure information and communications technology (ICT) products and services. This document offers a structure for conversations between ICT buyers and suppliers, enabling organizations to manage the risks they face from cybersecurity vulnerabilities in the commercial products and services they use. It is also designed to assist governments in objectively evaluating the security of technologies irrespective of where they are developed or built.
“Buyers want more secure ICT products and services and ICT suppliers want to become trusted sources of technology for their customers,” said Bruce McConnell, EWI Global Vice President who heads the institute’s Global Cooperation in Cyberspace Initiative. “These guidelines recognize the significance of the global ICT supply chain. They have been developed to improve cybersecurity while avoiding the creation of unnecessary trade barriers.”
The ICT Buyers Guide was created by EWI’s Breakthrough Group on Increasing the Global Availability and Use of Secure ICT Products and Services. Breakthrough group leaders represent Microsoft, Huawei Technologies and The Open Group.
“The Guide will help buyers and suppliers of technology better understand and manage cybersecurity risks,” added Angela McKay, Director, Cybersecurity Policy and Strategy, Microsoft. “It focuses on the important conversations business leaders need to have about how purchasing decisions, including the security and integrity of the technology they choose, affects their overall risk.”
“The Buyers Guide delivers a valuable as well as a practical set of recommendations on how the buyers and operators of ICT services and products can objectively evaluate the risk associated with such procurements. In addition, it allows buyers to make acquisitions consistent with their particular organization’s risk management profile,” said Andy Purdy, Chief Security Officer, Huawei Technologies USA. “Importantly, substantial attention is given to the use of international standards which can provide a basis for trust while potentially reducing costs for all participants.”
“As cybersecurity vulnerabilities continue to increase, every corporation and government needs guidance to better understand the impact of their purchasing decisions on the security and integrity of their enterprises,” said Steve Nunn, CEO and President, The Open Group. “Every organization should be questioning their suppliers concerning risk management, product development, cyber and supply chain security and best practices. This Buyers Guide supports conformance with international standards and, where appropriate, process-based certification programs that help answer some of these critical questions.”
This Guide is divided into three main sections: a) Enterprise Security Governance; b) Product and Service Lifecycle – from Design through Sustainment and Response; and c) Creating Assurance. Each section includes a brief introduction of the topic and a series of subsections that highlight common sources of risk and associated processes and practices to mitigate them, as well as guidance on advancing the buyer-supplier conversation.
“More and more companies, regardless of the industry, will increasingly depend on expert guidance and insights on how best to acquire secure ICT products and services,” said Tom Patterson, Chief Trust Officer and VP/GM of Unisys Global Security. “This Guide will prove invaluable to companies across the globe, serving as a ready reference tool for CIOs, CTOs and engineers that need to redefine and extract the maximum value from their exchange with ICT suppliers.”
The group will continue to update this Guide to provide more comprehensive and accurate support. The next iteration will be issued in early 2017, in advance of the Seventh EWI Global Cyberspace Cooperation Summit, March 14-16 at the University of California, Berkeley.