Trusted Computing Group (TCG) has announced a new work group to focus on cyber resilient technology applicable to a wide array of platform types. TCG technologies will enable the development of platforms that withstand adverse cyber events.
The Cyber Resilient Technology Work Group will focus on three principles for building cyber resilient systems:
- Protection of code and configuration data;
- Detection of unpatched vulnerabilities or corruption of connected or disconnected devices;
- Recovery of components and systems to a known good state even after compromise, including update of code or revision of security settings.
These protection, detection and recovery capabilities, and the ability to attest to the provenance and configuration of IoT devices and hardware components inside a platform, will help find unpatched or misconfigured software and deploy updates whether by enterprise IT, the manufacturer, service provider or user. By enabling platforms to remain secure and operational, businesses and IoT systems maintain mission critical data and communications.
The work group will develop new technologies, promote best practices and coordinate supporting efforts in TCG. This work builds on the Trusted Platform Module (TPM) and the Device Identifier Composition Engine (DICE), as well as other TCG standards. TCG plans to publish use cases and specifications in 2019.
These TCG activities will complement existing initiatives like the NIST SP 800-193 requirements for platform firmware resiliency, and TCG intends to align with related standards organizations.
TCG is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global industry standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms.