Formed in June 2018, the TCG Cyber Resilient Technology (CyRes) workgroup focuses on supporting three primary principles for resilience:
Protection techniques lessen the likelihood that malware is able to persist itself and provide techniques for better protecting code and data. Detection techniques identify whether a platform is healthy and work when the device is disconnected, using standalone techniques (like secure boot), or connected, by using technologies like remote attestation. Detection involves the creation of evidence about the kind of platform and where a verifier could obtain health information. If detection identifies a problem, recovery is triggered to remedy the platform and try to return it to a functional state. Remediation could involve updating code or changing security settings.
For connected cyber resilient platforms, the protection, detection and recovery capabilities help identify misconfigured or unpatched code and reliably deploy updates. For consumer scenarios this may be done directly by the manufacturer, service provider or end user. In organizational settings, management may be done by the IT department or its delegates. Policies may be defined for recovery actions that are device and domain specific.
The CyRes workgroup intends to develop new technologies, promote existing best-practices, and coordinate efforts in other groups inside and outside TCG. The goal is to improve the resilience of future platforms by applying trusted computing technologies.
The concepts of using protection, detection and recovery to support resilience are not new. Many existing techniques and solutions work to address them in different ways today, often in a platform specific or proprietary manner. The output of the CyRes workgroup will generally be platform independent. CyRes plans to formalize concepts of widely useful resilient technologies, specify building blocks and recommend baselines to meet stakeholder expectations for resilient computing platforms and their subcomponents. Complex platforms could have a mixture of subcomponents with varying levels of resilience and interdependencies.
The output of the workgroup will complement other publications on resilience. For example, the NIST SP 800-193 publication has technology independent requirements for resilient platforms that could be met in a plethora of ways. The CyRes workgroup will develop TCG technologies to provide protection, detection and recovery capabilities in the context of end to end scenarios. In conjunction with other TCG platform workgroups, the workgroup may help TCG publish resilient requirements for specific classes of platforms.
As of October 2018, the group is focused on scope and scenario definitions for representative examples for IoT devices and for subcomponents of computing platforms. Work is focused on definitions, architecture and scenarios regarding how a platform or a subcomponent of a computing platform will perform better if enhanced with cyber resilient capabilities. The workgroup will use the scenario work to publish resilient technology specifications useful for a wide variety of platform types and subcomponents. The workgroup may then collaborate with other TCG workgroups to produce platform specific specifications as appropriate.