
The prevention of cyber attacks throughout a device’s lifetime has been made easier today, as the Trusted Computing Group (TCG) released its specification: Cyber Resilient Module and Building Block Requirements.
With society becoming increasingly connected, technology must have the ability to protect itself, respond to attacks, and recover. Achieving this will result in huge savings of time, resources, and cost.
TCG’s new specification enables device manufacturers or designers to easily take steps to achieve cyber resilience by implementing a minimal set of capabilities. It also outlines the concept of a Cyber Resilient Module with the ability to recover multiple layers and components within a device while keeping them safeguarded.
“Manual intervention for device servicing, or recovery from compromise, is an expensive and sometimes even physically dangerous endeavour. The proliferation of internet connected devices we’re seeing today is only increasing this cost,” said Dennis Mattoon, Member of TCG’s Cyber Resilient (CyRes) Technologies Work Group. “Technology must be implemented to safeguard devices in the modern threat landscape. We often hear that resource constraints, such as the cost of the device, its form factor, or power needs, are challenges that are difficult to overcome, and security usually suffers. With this in mind, we have created a set of building blocks that allow for cyber resilient devices to be built with a more limited range of resources.”
The specification encourages the consideration of a cyber resilient architecture from the beginning of the design process, rather than it being left as an afterthought. With the implementation of CyRes building blocks, a device can be recovered even if it has been compromised and hacked.
This will have a dramatic impact on the security posture of today’s connected digital ecosystems. Devices with cyber resilience built-in will be safer against attacks from other systems connected to the network, and if compromised, can be recovered without manual intervention.
Mattoon added: “As the dependence on technology grows, cyber resilience will prove critical for the future security of all interconnected devices and systems. Adopting cyber resiliency principles for protection, detection, and recovery is an important first step if we want to stay ahead of increasingly sophisticated threats.”
To be successful, the implementation of proper definitions, architectures, and scenarios is key. Manufacturers and developers can follow the guidelines outlined by TCG in the draft specification, which is now out for public review.
More information is available at the TCG website, www.trustedcomputinggroup.org
Fachartikel

Cyberkrieg aus den Schatten: Verschleierungstechniken als ultimative Waffe

Kubernetes und Container im Visier: Die aktuelle Bedrohungslage im Überblick

Forscher entdecken universellen Trick zur Umgehung von Sicherheitsvorgaben bei KI-Chatbots

Phishing-Angriffe über OAuth: Russische Hacker zielen auf Microsoft 365 ab

Ransomware-Banden setzen auf professionelle Geschäftsmodelle
Studien

Quantencomputer: Eine wachsende Bedrohung für Cybersicherheit und Unternehmensstabilität

Zwischen Aufbruch und Alarm: Künstliche Intelligenz stellt Europas Datenschutz auf die Probe

DefTech-Startups: Deutschland kann sich derzeit kaum verteidigen

Gartner-Umfrage: 85 % der CEOs geben an, dass Cybersicherheit für das Unternehmenswachstum entscheidend ist

Studie: Mehrheit der beliebten Chrome-Erweiterungen mit riskanten Berechtigungen
Whitepaper

Forschungsbericht: Trends im Bereich Erpressung und Ransomware

Internet unter Beschuss: Über 1.000 bösartige Domains pro Tag

Google warnt vor zunehmender Raffinesse bei Cyberangriffen: Angreifer nutzen verstärkt Zero-Day-Exploits zur Kompromittierung von Systemen

FBI: USA verlieren 2024 Rekordbetrag von 16,6 Milliarden US-Dollar durch Cyberkriminalität

EMEA-Region im Fokus: Systemangriffe laut Verizon-Report 2025 verdoppelt
Hamsterrad-Rebell

Das CTEM-Framework navigieren: Warum klassisches Schwachstellenmanagement nicht mehr ausreicht

Cybersicherheit im Mittelstand: Kostenfreie Hilfe für Unternehmen

Anmeldeinformationen und credential-basierte Angriffe

Vermeiden Sie, dass unbekannte Apps unnötige Gefahren für Ihre Organisation verursachen
