As we look forward to the upcoming Members Meeting in Boston this October, we had the opportunity to sit down with TCG President, Joe Pennisi, to discuss the progression of TCG over the past nine months and his vision for the remainder of the year.

What makes TCG so important in today’s landscape?
The computing industry is evolving at an unprecedented pace, with advancements in technologies like Artificial Intelligence (AI) and the looming era of Post Quantum Computing (PQC). As these concepts continue to evolve, we can expect new challenges, especially in terms of security. TCG has always been at the forefront of providing the necessary guidance and technologies to protect companies worldwide, ensuring that security and integrity remain paramount in an increasingly interconnected world.

Over the past nine months, we’ve seen TCG make significant strides in the promotion of trusted computing across various industries. Our recent Members Meetings in Tokyo and Athens were pivotal moments where key discussions took place, particularly around cybersecurity in sectors like medical, automotive, and IoT. These meetings, along with our continuous collaboration with industry leaders and engagement with government agencies, have reinforced TCG’s role as a cornerstone in the trusted computing industry.

This has also been shown through our active engagement with governments in Japan, France, the UK, and the US to name a few. As the tech industry continues to evolve, staying aligned with government priorities and anticipating emerging requirements ensures that TCG remains ahead of the curve. For instance, Post-Quantum Cryptography (PQC) requirements will vary across countries, and TCG is factoring these differences into its specification development. Additionally, the cyber resilience principles outlined by the US government—reflected in recent legislation—align closely with the forward-thinking initiatives of TCG’s Cyber Resilience (CyRes) Work Group. These efforts shape our strategic priorities and drive meaningful progress across the organization.

What have been some key developments in your first nine months as President?
Since stepping into the role, one of my primary goals has been to continue TCG’s ongoing commitment to developing open and vendor-neutral technologies, standards, and specifications. This has been crucial as we navigate the challenges presented by an ever-expanding digital landscape.

So far, we’ve seen some exciting developments, such as our partnership with OpenSecurityTraining2 (OST2) to develop a comprehensive security training program focused on the TPM. This initiative aims to equip software developers and students with the knowledge they need to effectively utilize the TPM, addressing the growing demand for cybersecurity experts.

Moreover, our Work Groups have been advancing new standards and specifications. The TPM Work Group, for instance, released the new TPM 2.0 Library Specification, allowing vendors to detect and recover from errors in TPM firmware, verify firmware updates with cryptographic evidence, and enhance TPM capabilities This work is crucial as we continue to secure the ecosystem of devices that our standards support.

What are your primary aims for the rest of the year as TCG President?
As we approach the end of the year, my focus will be on sustaining the momentum we’ve built. One of our major upcoming events is the celebration of the 25th anniversary of the TPM. This milestone is a testament to the enduring relevance of our technology in ensuring the security and integrity of digital systems. We also have work for the upcoming ISO 11889 PAS submission of the newest TPM specification.

Looking ahead, I am excited about the upcoming Members Meeting in Boston, where we will continue to engage with our members and work on the key issues facing the industry. The discussions and collaborations that take place at these meetings are critical to driving our organization forward.

We’re also set to release several new documents and specifications in the coming months. We’ve already released the much-anticipated FIPS 140-3 Guidance Document from the Security Evaluation Work Group which aims to support vendors in meeting the latest federal security standards set by NIST. We look forward to seeing many vendors certify TPMs to ensure compliance and enhance the security of devices used in critical government and regulated environments. We have also increased our attention to supply chain security with new RIM and Platform Certificate specifications driven by the Infrastructure, PC Client and Server Work Groups. These releases will play a significant role in shaping the future of trusted computing.

What are you most looking forward to in the upcoming months?
There’s a lot on the horizon that I’m looking forward to. Our members will continue to represent TCG at various trade shows and conferences, sharing our latest advancements and engaging with the broader industry. For instance, we’ve had strong participation at events like Embedded World and the ISACA North America Conference, and I anticipate more engagements as the year progresses.

One of the exciting opportunities ahead is our collaboration with Embedded Computing Design for their upcoming webinars. We had the pleasure of taking part in the “AI or Not to AI” session during AI Day in September and are looking forward to the “Cybersecurity: What It Is and Why You Need It” session at the IoT Device Security Conference in November.

These sessions will provide us with a platform to discuss critical issues around AI and cybersecurity—topics that are increasingly relevant as we move into more complex technological landscapes. Our involvement in these events not only highlights our commitment to advancing trusted computing but also allows us to engage directly with industry leaders and professionals who are shaping the future of these fields.