Trusted computing is an essential element when it comes to security. Covering the standards, specifications, components and technologies required to make computing more secure, the concept empowers users to trust that their devices will only boot and operate in a predictable manner.

Implementing a trusted computing approach better protects devices from threats like viruses and malware, ensuring sensitive data remains guarded from unauthorized individuals through Roots of Trust (RoT) and hardware-based trust mechanisms. Communication channels between the user and the software of a device are reinforced, while the use of encryption keys means data can only be accessible via systems with an identical hardware-software set-up, providing an additional layer of protection in the event data is lost or stolen by a malicious entity.

As technologies – and the sectors they are used in – continue to evolve, the concept of trusted computing remains integral. As a result, we now see trust as a cornerstone in a number of sectors, including finance, healthcare and industrial. In this blog, we cover three additional industries that can benefit from a trusted computing approach:

Energy
The Internet of Things (IoT) continues to drive advancements in the way electrical power is maintained and distributed. The development of ‘smart’ grids has enabled the use of information and operational technologies (IT/OT) to deliver real-time monitoring capabilities, as well has greater control over how energy is managed and delivered. The data collected by sensors, controls, and software deployed in the grid can be utilised by operators to carry out predictive maintenance and make informed decisions based on precise data.

Attacks on critical energy infrastructure are on the rise. For example, hackers levelled an unprecedented attack against Denmark’s energy infrastructure in 2023, breaching the systems of 22 operators in a short space of time. Infiltrating key industrial control systems, many of the affected operators were forced to disconnect from national and local distribution networks and operate in isolation.

A trusted computing approach may not be able to protect a smart grid from physical attacks, but it can play a pivotal role in protecting the IoT technologies found within them. Consider the sensors used to control power and protect system from overvoltage: with a Trusted Platform Module (TPM) – or Device Integrity Composition Engine (DICE) for lower functioning devices, these key components will only boot up so long as the firmware has been verified and deemed trusted. They will also authenticate other devices within the network to ensure nothing is connected that shouldn’t be.

To verify the integrity of the components within the smart grid, businesses can adopt the Firmware Integrity Measurement (FIM) specification, while using the Reference Integrity Manifest helps provide measurements to test authenticity. In the event the energy grid is compromized by an attack, the recovery capabilities offered through CyRes can ensure it can be brought back to a previous, trusted state.

Transportation and Logistics
The arrival of IoT technologies has also led to significant advancements in fleet management systems. Through these, businesses are now able to access real-time fleet monitoring applications, while having the means to analyse data coming from the vehicles out on the road.

Yet if these systems are breached, it can quickly lead to significant financial and operational detriment for businesses and their customers. In 2023, researchers at Xebia unearthed a major vulnerability – CVE-2023-6248 – in a popular management system which impacts the SyRus4 IoT gateway. Through this, hackers can gain access to the software and commands used to manage thousands of vehicles within the fleet. Not only can they gain access to live locations, vehicle diagnostics and speakers, but the vulnerability also enables attackers to set off the airbags and turn off vehicles entirely.

Applying a trusted computing approach to this industry can allow businesses to secure the fleet management and logistics inventory systems. Users can leverage the same benefits the TPM, DICE, FIM, RIM and CyRes seen in the energy sector to strengthen existing security measures and give them the means to recover successfully in the event of a successful attack.

Individual trucks, vans, and other vehicles can also be secured by a secure access and feature activation system developed by the Vehicle Services Work Group. The Trusted Platform Module (TPM) is used as a ‘trust anchor’ within the vehicle to enforce stringent security policies and secure systems against software and hardware attacks.

Media and Entertainment
Protecting digital content distribution is crucial in the media and entertainment sector, especially when it involves the use of Network Attached Storage (NAS) devices. A video or digital system which is used for efficient data management and centralised storage, NAS can be used to make content be accessible throughout the house, cinema or facility its used in.

However, with this convenience comes a significant risk of hacking and unauthorized access. Using a TPM can provide robust security to mitigate these, ensuring that only authorized devices can access the content stored in the NAS. Another effective measure capable through a TPM is the use of digital certificates, which expire after a predetermined period, essentially working in a similar manner to a licensing agreement. This ensures that access to the content is automatically revoked when it is no longer legally granted to a user.

Additionally, the Storage Work Group suggests encrypting both the digital content and distribution logs. This encryption not only protects the media files themselves but also prevents unauthorized copying and distribution of the content from the drives. By integrating these security measures, the media and entertainment sector can safeguard its digital assets against unauthorized access and distribution, ensuring that valuable content remains secure and accessible only to those with proper authorization.