Enhancing Information and Communications Networks Safety

This technical report discusses the increasing threats to information and communications networks, particularly in relation to critical infrastructures. It outlines the necessity for security transparency to mitigate risks associated with cyberattacks, especially those targeting supply chains. The report emphasizes the obligation of operators to communicate their security measures effectively, as mandated by the Economic Security Promotion Bill. It introduces the concept of security transparency, which is defined as the understanding of configurations and associated risks within network systems. The report details the challenges in achieving security transparency, including the limitations of the Software Bill of Materials (SBOM) in identifying unauthorized functionalities. Furthermore, it presents NEC's Security Transparency Assurance Technology, which includes backdoor inspection technology, cyber-attack risk assessment technology, and an information sharing platform aimed at enhancing security management across the supply chain. Each technology is explained in terms of its role in improving security transparency and facilitating effective risk management.