For many companies, the weakest security link the company is the manufacturing network. A recently published blog post in Embedded Computing Design (http://embedded-computing.com/guest-blogs/securing-a-factorys-ot-network-and-the-role-of-trust/#) by TCG expert Stacy Cannady notes, “…trusted and secure manufacturing must include protection of both the IT and OT networks with IoT, ICS, SCADA and related environments being the most vulnerable.”
The blog examines the differences between OT and IT networks, including that OT networks are not often, if ever patched; security suites are not installed; and there are significant safety and latency issues compared to IT networks. How do TCG specifications and standards apply here? In short, “…(to) establish trustworthiness for enclaves and conduits, TCG uses dedicated security hardware to protect secrets and integrity information (hash values). This includes the Trusted Platform Module (TPM) and self-encrypting drives (SEDs). With this technology, devices can police each other and authenticate credentials before any communication occurs.
For legacy products that do not support TCG-compliant hardware, TCG’s Trusted Network Communications (TNC) can be used to create trust evidence.”
Learn more about this topic in the complete article, http://embedded-computing.com/guest-blogs/securing-a-factorys-ot-network-and-the-role-of-trust/#). Additional resources can be found on TCG’s website, www.trustedcomputinggroup.org.
Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.
Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.
Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.