In this Spotlight edition of the Security Ledger Podcast, sponsored by Trusted Computing Group*: we’re joined by Rob Spiger, a principal security strategist at Microsoft and co-chair of the cyber resilient technologies working group at Trusted Computing Group. Rob talks to us about efforts to make more resilient connected devices and how the advent of the Internet of Things is changing TCG’s approach to building cyber resilient systems.
When the trusted computing group first hit the scene 20 years ago, the idea was to provide a so-called “root of trust” from which security operations might be launched, and a secure enclave from which devices could recover should all else fail.
But attacks these days aren’t as simple as removing malware from a windows system and getting it back up and running. Destructive malware like Shamoon, NotPetya and WannaCry have shown that disruption and even physical destruction of devices may be the objective of malware infections and hacks. At the same time, so-called “advanced persistent threat” (APT) actors have made a practice of stealthy, long-lived compromises designed to harvest information or extend control over compromised environments.
A Focus on Cyber Resilience
And, as Internet of Things devices permeate both commercial and private networks, the cyber physical consequences of comprises mount. That’s why the Trusted Computing Group is expanding its work on what it calls “cyber resilient technologies” that can help restore connected devices to a working state in the event of a cyber attack or other disruption.
In this spotlight edition of the podcast, we invited Rob Spiger of Microsoft into the studio to talk about this concept of “cyber resilience.” Rob is a 17 year veteran of Microsoft and the co-chair of the Cyber Resilient Technologies Working Group at TCG.
In this conversation, Rob and I talk about how the importance of cyber resilience has grown in recent years and how TCG is adapting to address the unique challenges of the Internet of Things, including the need to manage physically remote devices and devices deployed at massive scale.
Rob notes that the concept of resilience is not so much different today from what it was 20 years ago when TCG was first setting up shop, even though technology use cases have changed dramatically.
“The concept is that devices could be come compromised and you need re-establish them to a trusted stage and resume normal or limited operations if mitigations are not available immediately,” Spiger told me. “The basic concept is to provide better protections and detect if an attack has occurred and then to recover from that attack to a trusted state.”
Resilience re-imagined for Internet of Things
But IoT complicates that. IoT endpoints may be deployed remotely and spend long stretches of time disconnected from a network or the Internet. They also may be long-lived, with useful lives measured in decades, not years. And IoT endpoints have almost limitless use cases with different security requirements.
“Despite manufacturers best intentions, if you think about deploying a device for 7-10 years, there will be new techniques for attacks that are not even in peoples imaginations today,” Spiger said.
(*) Disclosure: This podcast and blog post were sponsored by Trusted Computing Group. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.