Unsecured industrial equipment has been the entry point for many recent attacks, including widely reported ones on a steel mill, the Ukrainian power grid, nuclear facilities and much more. Traditionally, most industrial systems were stand-alone and not connected to the wider Internet or sometimes not even to other equipment. That, of course, has changed, making this equipment highly vulnerable to criminal, nation-state, mischievous and other attacks.
With its deep expertise in trusted computing and security and widely vetted standards already deployed across enterprise systems, TCG is a natural to extend its mission to securing industrial equipment, connected or not. It has formed a new subgroup to focus on this challenge.
What will this new subgroup do? First, it will provide guidance to implementers and users regarding the use of Trusted Computing technologies for Industrial applications – it will show people how to use Trusted Computing to Industrial applications.
The group will create and publish some guidance documents on how to use existing TCG technologies. Some new specs will need to be created, such as a Platform Firmware Profile that says how PCRs s(Platform Configuration Registers) should be used in Industrial equipment. The subgroup will create new technical specifications as needed and work with existing work groups to provide input on specific industrial needs. The group also will create new marketing and educational materials.
Existing resources about using various TCG specifications for industrial equipment and related applications include:
TCG IoT Architect’s Guide: http://bit.ly/1RzLRa6
TCG Guidance for Securing IoT: http://bit.ly/2f8RYkK
TNC IF-MAP Metadata for ICS Security
Architects Guide: ICS Security Using TNC Technology
Industrial Internet Security Framework: https://www.iiconsortium.org/IISF.htm
Learn more about this subgroup, including a new overview document illustrating a typical industrial environment, here: https://trustedcomputinggroup.org/work-groups/industrial/
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.