New TCG guidance simplifies creating cyber resilient devices

The prevention of cyber attacks throughout a device’s lifetime has been made easier today, as the Trusted Computing Group (TCG) released its specification: Cyber Resilient Module and Building Block Requirements.

With society becoming increasingly connected, technology must have the ability to protect itself, respond to attacks, and recover. Achieving this will result in huge savings of time, resources, and cost.

TCG’s new specification enables device manufacturers or designers to easily take steps to achieve cyber resilience by implementing a minimal set of capabilities. It also outlines the concept of a Cyber Resilient Module with the ability to recover multiple layers and components within a device while keeping them safeguarded.

“Manual intervention for device servicing, or recovery from compromise, is an expensive and sometimes even physically dangerous endeavour.  The proliferation of internet connected devices we’re seeing today is only increasing this cost,” said Dennis Mattoon, Member of TCG’s Cyber Resilient (CyRes) Technologies Work Group. “Technology must be implemented to safeguard devices in the modern threat landscape. We often hear that resource constraints, such as the cost of the device, its form factor, or power needs, are challenges that are difficult to overcome, and security usually suffers. With this in mind, we have created a set of building blocks that allow for cyber resilient devices to be built with a more limited range of resources.”

The specification encourages the consideration of a cyber resilient architecture from the beginning of the design process, rather than it being left as an afterthought. With the implementation of CyRes building blocks, a device can be recovered even if it has been compromised and hacked.

This will have a dramatic impact on the security posture of today’s connected digital ecosystems. Devices with cyber resilience built-in will be safer against attacks from other systems connected to the network, and if compromised, can be recovered without manual intervention.

Mattoon added: “As the dependence on technology grows, cyber resilience will prove critical for the future security of all interconnected devices and systems. Adopting cyber resiliency principles for protection, detection, and recovery is an important first step if we want to stay ahead of increasingly sophisticated threats.”

To be successful, the implementation of proper definitions, architectures, and scenarios is key.  Manufacturers and developers can follow the guidelines outlined by TCG in the draft  specification, which is now out for public review.

More information is available at the TCG website, www.trustedcomputinggroup.org