The prevention of cyber attacks throughout a device’s lifetime has been made easier today, as the Trusted Computing Group (TCG) released its specification: Cyber Resilient Module and Building Block Requirements.
With society becoming increasingly connected, technology must have the ability to protect itself, respond to attacks, and recover. Achieving this will result in huge savings of time, resources, and cost.
TCG’s new specification enables device manufacturers or designers to easily take steps to achieve cyber resilience by implementing a minimal set of capabilities. It also outlines the concept of a Cyber Resilient Module with the ability to recover multiple layers and components within a device while keeping them safeguarded.
“Manual intervention for device servicing, or recovery from compromise, is an expensive and sometimes even physically dangerous endeavour. The proliferation of internet connected devices we’re seeing today is only increasing this cost,” said Dennis Mattoon, Member of TCG’s Cyber Resilient (CyRes) Technologies Work Group. “Technology must be implemented to safeguard devices in the modern threat landscape. We often hear that resource constraints, such as the cost of the device, its form factor, or power needs, are challenges that are difficult to overcome, and security usually suffers. With this in mind, we have created a set of building blocks that allow for cyber resilient devices to be built with a more limited range of resources.”
The specification encourages the consideration of a cyber resilient architecture from the beginning of the design process, rather than it being left as an afterthought. With the implementation of CyRes building blocks, a device can be recovered even if it has been compromised and hacked.
This will have a dramatic impact on the security posture of today’s connected digital ecosystems. Devices with cyber resilience built-in will be safer against attacks from other systems connected to the network, and if compromised, can be recovered without manual intervention.
Mattoon added: “As the dependence on technology grows, cyber resilience will prove critical for the future security of all interconnected devices and systems. Adopting cyber resiliency principles for protection, detection, and recovery is an important first step if we want to stay ahead of increasingly sophisticated threats.”
To be successful, the implementation of proper definitions, architectures, and scenarios is key. Manufacturers and developers can follow the guidelines outlined by TCG in the draft specification, which is now out for public review.
More information is available at the TCG website, www.trustedcomputinggroup.org
Fachartikel
Sind alle Konvergenzen gleich?
Erhöhte Cloud-Sicherheit mit Saviynt und AWS IAM Access Analyzer
Ja, es gibt sie!! Eine Lösung zur Abwehr von Ransomware!
So sichern Unternehmen ihre MFA-Workflows gegen die neuesten Cyberangriffe
Eine Festung im Datenmeer: Cloud-Immutabilität als Schild gegen Ransomware-Bedrohungen
Studien
Studie von BlueVoyant zeigt: Cyberangriffe auf die Lieferkette wirken sich weiterhin negativ auf Unternehmen weltweit aus
Deutschland weltweit einziges Land mit schrumpfender Cyber-Belegschaft bei wachsendem Personalbedarf
Neue Trellix-Studie deckt auf: 63 Prozent der weltweiten CISOs nach Cyber-Attacke erneut betroffen
Studie: Fehlende Rechtssicherheit für Big Data und KI
