In this Spotlight Edition of The Security Ledger Podcast, sponsored by Trusted Computing Group (TCG), we’re joined by Intel Fellow Claire Vishik to talk about the evolving concept of online “trust.” Vishik is a TCG Director and spent 14 years as the Director of Trusted Technologies at Intel. We talk about how the Internet of Things is rapidly changing conversations about online “trust” and “privacy,” and the challenge of securing devices from attacks.
You might not have heard of the Trusted Computing Group but you have definitely used technology it helped develop and deliver. The industry consortium pioneered technologies such as the Trusted Platform Modules that are in nearly every computer and personal electronic device made today, providing a hardware based “root of trust” that validates the identity, integrity and proper functioning of the device.
But, if you haven’t noticed, computing environments are becoming more diverse and complex. The Internet of Things is invading business and home networks and the built environment. Cloud based applications and resources have dissolved the network perimeter – and that was before the COVID pandemic sent millions of workers home to work.
For this podcast, we invited Claire Vishik into the Security Ledger studios to talk. Claire is an Intel Fellow and the Chief Technology Office at Intel’s Governments, Markets and Trade group (GMT). She spent 14 years as the Director of Trusted Technologies at Intel and is a Director at the Trusted Computing Group.
What does a concept like “trustworthiness” mean in the era of cloud computing, smart homes and cities and the Internet of Things? How are the notions of security, privacy and trust evolving?
In this conversation, Claire and I discuss the fast-evolving future of both the Trusted Computing Group and the notion of trusted computing, as both innovation and changing technology use patterns create opportunities and risks in areas like cyber security and privacy. I started by asking Claire to talk about some of her responsibilities at both Intel and TCG.
As Claire sees it, the challenge in answering that question is that concepts like “cyber security” and “online trust” are incredibly broad and resist simple or reductive solutions or formulations.
Connected Jewelry to Power Stations
“When the computing age started, the platforms were distinct and not connected,” Vishik notes. “Now we have a huge diversity in both the platforms and the environments. They are as different as connected jewelry and nuclear power stations and smart grid. They are as complex as smart cities or as simple as a single function, single use sensor. Both of these systems or systems of systems are connected and need to be protected, but in different ways.”
“In the safety area, the probabilities of failure are very low. Think about an airplane or a car and its brakes. In security, probability and impact are computed differently. And it’s different again in privacy. So how can you create a coordinated metric for cyberphysical systems that combine all three?”Claire Vishik, Trusted Computing Group
Claire said that Trusted Computing Group is working on a range of challenges raised by these new use cases – building on research by NIST and others to secure cyber-physical systems and exploring areas like “trust composition” that can help secure dynamic networks of heterogeneous connected devices in use cases like smart cities.
The challenge of defining “trust” in 2020 is that notions like “safety,” “security” and “reliability” “resilience” and “privacy” emerged from different domains and the ends don’t always line up.
(*) Disclosure: This podcast and blog post were sponsored by Trusted Computing Group. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on SoundCloud, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.