Last week, TCG attended the IoT Evolution Expo in Las Vegas. With member representatives from Infineon and Mocana, we demonstrated multiple TCG standards and specifications and how they’re used to protect the IoT. We also participated in three panel sessions about trust and industrial IoT security and the role of standards. TCG was awarded Best of Show, Security or Privacy Solutions, on the final day of the event.

Mocana showed its implementation of TPM security specifications in a small form-factor (Intel NUC) computing system with key Mocana software modules.  This enables secure communications from a browser to an embedded Web server using keys generated and protected by the TPM, automated certification of the key, and remote attestation of the TPM-based device with trust measurements.

Infineon demonstrated protecting a typical smart building with the TPM and the TCG TNC network security architecture. Data across the network and in the cloud is protected and authentication ensures authorized access to the smart building application. The demo includes the Infineon TPM, a Cisco industrial router with TPM and TCG’s Trusted Network Communications standards deployed and open source software by the Technical University of Rapperswil, Switzerland.

Demos were well-received by attendees and awareness of TCG, the TPM and SEDs seemed high among this group of vendors and attendees. Also on the show floor, Virtium promoted the TPM and SEDs in protecting data in the IoT, embedded and industrial applications. There was much talk with and of the Industrial Internet Consortium and its Security Framework (http://www.iiconsortium.org/IISF.htm), released recently and including recommendations for the TPM.

In panel after panel, experts from around networking, communications, cloud services, storage and other segments noted that security is the leading concern in the IoT. Panelists, including TCG’s Steve Hanna, Infineon, reinforced that security must be end-to-end and while there is no panacea, security embedded rather than added later is effective. Another topic that came up again and again was how to protect legacy devices, given the proliferation of them in ICS and industrial IoT environments. The ISA/IEC approach(http://isa99.isa.org/ISA99%20Wiki/Home.aspx)  of overlay networks, zones and conduits, supported by TCG (learn more from some previous work by TCG members here:https://trustedcomputinggroup.org/architects-guide-ics-security-using-tnc-technology/)

Big thanks to support from member companies for demos, promotion and speakers. For more on securing the insecure IoT and TCG, go to https://trustedcomputinggroup.org/securing-insecure-iot/.