Beaverton, OR, USA, October 19, 2021 – Trusted Computing Group (TCG) has today announced a new work group that will define how TCG technologies can be implemented to address supply chain security challenges. Led by representatives from Microsoft, Intel, and Goldman Sachs, the work group will create guidance that defines, implements, and upholds security standards for the entire supply chain.
With the number of cyber-attacks attempting to compromise the supply chains of industries and governments rising, the Supply Chain Security work group will bring together industry experts from across the technology ecosystem.
The hardware supply chain is difficult to secure due to the number of stages, organizations, and individuals involved and current security methods are mostly subjective and require human intervention. As malicious and counterfeit hardware is extremely difficult to identify, most organizations do not have access to the tools, knowledge, or expertise to successfully detect it. With guidance from the Supply Chain Security work group, those in the supply chain will be better equipped to protect against cyber threats.
Dennis Mattoon, Co-Chair of the new Supply Chain Security work group and Principal Software Development Engineer at Microsoft said: “For nearly 20 years, TCG has guided the industry in adopting technologies that enable secure computing, with specifications for IoT and embedded systems, PCs and servers, mobile, and storage. The supply chain is the one thing that spans all of these verticals and experts from TCG work groups are now coming together to create industry-wide guidance that seeks to make the supply chain more secure.”
Two key areas that the work group will be focusing on are provisioning, ensuring devices are genuine and from a trusted source at every step of the supply chain, and recovery, helping companies to recover their systems, devices, and networks quickly in the event of a cyber-attack. Whilst these solutions can be costly to organizations in the short-term, they are much more cost-effective than the alternative of a single cyber-attack bringing down the entire supply chain. TCG’s solutions, such as its Cyber Resilient technologies, can significantly reduce the recovery time and costs following an attack, but they must be properly implemented at every level of the supply chain. Industry experts must come together to address the issue and provide a solution for the whole industry, rather than creating smaller solutions that only address specific areas.
Michael Mattioli, Co-Chair of the Supply Chain Security work group and Vice President at Goldman Sachs said: “Securing the hardware supply chain is no easy task, as no single company has end-to-end control of the modern technology supply chain. This is why the new TCG work group is so important, as we are bringing together experts from a wide range of companies to define industry guidance that can be implemented across the ecosystem.”
For more information, please visit the TCG website.
TCG is a not-for-profit organization formed to develop, define and promote open, vendor-neutral, global industry specifications and standards, supportive of a hardware-based root of trust, for interoperable trusted computing platforms. More information is available at the TCG website, www.trustedcomputinggroup.org. Follow TCG on Twitter and on LinkedIn. The organization offers a number of resources for developers and designers at develop.trustedcomputinggroup.org.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.