1 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

Juniper Networks Supply Chain and Product Integrity

Presented to:

Brad Minnis, CPP

Sr. Director, Corporate Security

May 12, 2011

2011 Annual IEEE CQR International Workshop

2 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

Juniper Networks Product Integrity Program Mission

Ensure the integrity of Juniper’s products throughout their lifecycle by understanding and minimizing the risk of the

insertion of intentional and unintentional vulnerabilities into our products during sourcing, development,

manufacturing and distribution.

3 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

Juniper Networks Product Integrity Program Focus

CONNECTED PROTECTION STRATEGY

Provides an innovative framework to ensure the integrity of Juniper Networks’

products by employing Security Best Practices at all stages of the product lifecycle

SILICON SYSTEMS SOFTWARE

4 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

Areas of Strategic FocusProtect the Product at all Stages of the Product Lifecycle

ESTABLISH PRODUCT PROTECTION STRATEGY

SECURITY SUPPORT YOU CAN RELY ON

Security

Research

Trusted/VettedPartners

Security StdsImplemented

Component Integrity Stds

IncidentResponse

CommunicationGlobal Threat

MonitoringMarket

Monitoring

Code ofConduct

SecurityAssessments

Contracts & Requirements

PartnerSelection

Technology Features

Secure DevEnvironment

Research and Intelligence

IMPLEMENT BEST PRACTICES FOR PREVENTION

INVOLVE PARTNERS IN THE SECURITY PROCESS

SALES CHANNELS

Development

Supply Chain

Concept and Feasibility

After Sales

Support

Distribution

IP Security Standards

Education & Awareness

Software Integrity Ass.

Education & Awareness

Communication

Market ProfileRisk

AssessmentProtection

PlanTraceabilityStandards

ContinualImprovement

5 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

Critical for Success

Individual product line ownership in a manner similar to corporate safety or quality processes

Education and Awareness conducted at all levels of the product lifecycle – both internal and external

Integrity Best Practices are integrated as a normal course of business - not something to do after you have a problem or find counterfeits and gray market products in the channel…and then call it “Brand Protection”…

Close communication and collaboration between Juniper, our partners and suppliers, and our customers in the security and integrity process

Leadership positions in industry coalitions which enhance integrity efforts

6 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

Industry Security Leadership

• Critical Partnerships and Alliances

• NSTAC, NSIE (U.S.A.)

• CPNI (U.K.)

• Chair, U.S. IT Sector Coordinating Council, National Plan for Critical Infrastructure and Key Resource Protection

• Coalition Against Counterfeiting and Piracy – U.S. Chamber of Commerce

• AGMA (Alliance for the Abatement of Counterfeiting and Gray Marketing)

• Software Assurance Forum for Excellence in Code (SAFECode)

• Enduring Security Framework (U.S.A.)

• ISMA Counterfeit Special Interest Group Leadership

• Overseas Security Advisory Council (OSAC) U.S. Dept. of State

• InfraGuard

• OSAC Pan Asia Regional Security Council

• Focus on High Performance Networking

7 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

What are the Results?

NO evidence of counterfeit Juniper products in the marketplace,

for more than five years.

� Previous incident relating to Netscreen 5GT firewalls in 2006

Minimal Gray Market issues

� Most reports are related to companies selling used or refurbished

gear

Close security partnership and cooperation between Juniper and

our partners both supply chain and sales/distribution

Security performance improvement by our supply chain partners

year over year for the past three years

Crisp intelligence and communications with our partners

8 Copyright © 2009 Juniper Networks, Inc. www.juniper.net

What Our Customers Should Know

Who you are purchasing your products from:

Authorized or not by the Manufacturer?

Where are THEY sourcing the product from?

Require them by contract to source only from authorized channels

Ask for documentation of product origin and who has touched the product during the distribution process

Confirm the legitimacy of the product with the manufacturer

Most can track products through to the customer

9 Copyright © 2009 Juniper Networks, Inc. www.juniper.net 9 Copyright © 2009 Juniper Networks, Inc. www.juniper.net