TCG Advocates Root of Trust, TPM and ICS Specifications for Protecting Internet of Things (IoT) Against Attacks

Date Published: March, 01, 2015

PORTLAND, Ore., March 18, 2015Trusted Computing Group today announced a new initiative to secure the exploding Internet of Things (IoT) and associated endpoints, networks and data. This effort will focus on porting widely available and supported existing trusted computing solutions for the IoT.

Bill Morelli, IHS Technology, will moderate a TCG webcast on April 2, 1:00 p.m. Eastern/10:00 a.m. Pacific,, to discuss IoT security issues and applications of trust. Morelli is associate director with the IHS Information Technology and Telecommunications divisions and is the primary analyst responsible for examining the global market for the Internet of Things.

“The IoT connects a huge variety of IoT endpoints with cloud services and sends petabytes of sensitive data over networks,” noted Steve Hanna, co-chair of the IoT committee and Senior Principal at Infineon Technologies. “Here at TCG, we’ve long developed standards to protect data, networks and endpoints with roots of trust. These security standards are fundamental to IoT deployments.”

As with traditional enterprise computing environments, the IoT can be secured with two questions:

  • “Who are you?” to establish unique identity
  • “Can I trust you?” which gathers integrity information about device firmware and hardware. This information can indicate that the device has been compromised and action can be taken.

Stacy Cannady, co-chair of the IoT committee for TCG, said, “TCG’s approach lets IoT devices organize into closed networks based on both identity and integrity, thereby enabling compliance and audit of IoT devices and increasing the security and trustworthiness of IoT deployments.”

The TPM can be used in IoT devices as a hardware root of trust for strong device authentication, measured boot, and remote attestation.

For IoT devices without a TPM, TCG recommends the deployment of the IF-MAP Metadata for ICS (Industrial Control Systems) Security standard gateway architecture to establish secure and trusted communications for devices with no root of trust. For information, see the TCG Architect’s Guide for ICS Security.

Future TCG standards also will reflect consideration for the unique requirements of the IoT, including power consumption, footprint and cost.

TCG will host a panel on the IoT and security at its RSA Conference 2015 session April 20. Panelists include Rich Nass, Open Systems Media; Chuck Benson, University of Washington; Darin Andersen, CyberUnited; and Cannady.
Companies wishing to join TCG in its efforts can find more information on membership at

About TCG
More information and TCG’s specifications and work groups are available at the Trusted Computing Group’s website, Follow TCG on Twitter and on LinkedIn.

Brands and trademarks are the property of their respective owners.

Tweet this: Trust can play big role securing #IoT. @TrustedComputin webinar April 2 @IHS Bill Morelli


Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.

Join Now

Trusted Computing

Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.

Read more


Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.

Read More