Cyber Resilient Technologies

Formed in June 2018, the TCG Cyber Resilient Technology (CyRes) workgroup focuses on supporting three primary principles for resilience:

  • Protecting updatable persistent code and configuration data
  • Detecting when vulnerabilities are not patched or when corruption has occurred
  • Recovering reliably to a known good state even if the platform is compromised.

Protection techniques lessen the likelihood that malware is able to persist itself and provide techniques for better protecting code and data.  Detection techniques identify whether a platform is healthy and work when the device is disconnected, using standalone techniques (like secure boot), or connected, by using technologies like remote attestation.  Detection involves the creation of evidence about the kind of platform and where a verifier could obtain health information.  If detection identifies a problem, recovery is triggered to remedy the platform and try to return it to a functional state.  Remediation could involve updating code or changing security settings.

For connected cyber resilient platforms, the protection, detection and recovery capabilities help identify misconfigured or unpatched code and reliably deploy updates.  For consumer scenarios this may be done directly by the manufacturer, service provider or end user.  In organizational settings, management may be done by the IT department or its delegates.  Policies may be defined for recovery actions that are device and domain specific.

The CyRes workgroup intends to develop new technologies, promote existing best-practices, and coordinate efforts in other groups inside and outside TCG.  The goal is to improve the resilience of future platforms by applying trusted computing technologies.

The concepts of using protection, detection and recovery to support resilience are not new.  Many existing techniques and solutions work to address them in different ways today, often in a platform specific or proprietary manner.  The output of the CyRes workgroup will generally be platform independent.  CyRes plans to formalize concepts of widely useful resilient technologies, specify building blocks and recommend baselines to meet stakeholder expectations for resilient computing platforms and their subcomponents.  Complex platforms could have a mixture of subcomponents with varying levels of resilience and interdependencies.

The output of the workgroup will complement other publications on resilience.  For example, the NIST SP 800-193 publication has technology independent requirements for resilient platforms that could be met in a plethora of ways.  The CyRes workgroup will develop TCG technologies to provide protection, detection and recovery capabilities in the context of end to end scenarios.  In conjunction with other TCG platform workgroups, the workgroup may help TCG publish resilient requirements for specific classes of platforms.

As of October 2018, the group is focused on scope and scenario definitions for representative examples for IoT devices and for subcomponents of computing platforms.  Work is focused on definitions, architecture and scenarios regarding how a platform or a subcomponent of a computing platform will perform better if enhanced with cyber resilient capabilities.  The workgroup will use the scenario work to publish resilient technology specifications useful for a wide variety of platform types and subcomponents.  The workgroup may then collaborate with other TCG workgroups to produce platform specific specifications as appropriate.

Chairs

Rob Spiger
Principal Security Strategist
Microsoft
Mr. Rob Spiger is a Principal Security Strategist at Microsoft on the Digital Diplomacy team inside the Customer Security and Trust  organization.  Previously Rob was a Senior Program Manager at Microsoft, responsible for technical program management of Windows security features as a part of the Security and Identity Team in the Windows Division. Rob is an industry security expert with in-depth understanding of the trusted computing technology and standard development. He has participated for over a decade in the Trusted Computing Group, a global standards organization. He enjoys collaboration with global technologists from industry, government and academic institutions who are devoted to advancing security technology research and innovation.  Rob’s substantial industry experience also include his contributions at Avanade, Advanced Technical Resources, and Lockheed Martin.   He has degrees in Computer Science with Honors and Electrical Engineering from the University of Washington.
Nick Grobelny
Engineering Technologist
Dell, Inc.
Nick is an Engineering Technologist  at Dell with 19 years of experience in the PC Client organization.  His current role in the Security Strategy team focuses on system firmware resilience and roots of trust, aligned to NIST800-193.  Throughout his career at Dell, he has worked on PC Client motherboard electrical engineering, firmware and driver systems engineering, software architecture, and UEFI BIOS architecture, with the last 10 years being focused primarily on delivering security solutions.   His familiarity with TCG came from working on TPM, as the TPM engineering lead for the Dell Client portfolio, he led the effort to transition Dell’s platforms from TPM 1.2 to TPM 2.0.  Nick has been involved in reviewing TCG specifications for PC Client and TPM, and in the last couple years, he has been an active contributor to the Cyber Resilience Work Group, as well as the newly founded Attestation Work Group.
Jeff Jeansonne
Technology Strategist
Hewlett Packard
Jeff’s is a Technology Strategist at HP where he leads hardware and firmware security architecture for business PC platforms, as well as the company’s commercial portfolio of advanced firmware security and resiliency features. With 27 years of experience in the PC industry, Jeff has a track record of delivering industry firsts and unique value-add capabilities in HP products (and Compaq before that). He is the principal architect for the HP Endpoint Security Controller (HP EpSC) hardware used as a hardware security foundation for HP’s core security functionality, from HP Sure Start, to HP Sure Run, HP Sure Recover and beyond. The HP EpSC also acts as the hardware root of trust for update, detection, and recovery that underpins HP’s hardware design for Firmware Resilience, in line with NIST SP800-193 guidelines for critical platform devices. As the principal architect of the HP Sure Start feature that has provided firmware self-healing since first introduction in 2013, Jeff has almost a decade of real-world experience in what it takes to create and deploy hardware building blocks to deliver cyber resilient platforms in the commercial mass market.