
The prevention of cyber attacks throughout a device’s lifetime has been made easier today, as the Trusted Computing Group (TCG) released its specification: Cyber Resilient Module and Building Block Requirements.
With society becoming increasingly connected, technology must have the ability to protect itself, respond to attacks, and recover. Achieving this will result in huge savings of time, resources, and cost.
TCG’s new specification enables device manufacturers or designers to easily take steps to achieve cyber resilience by implementing a minimal set of capabilities. It also outlines the concept of a Cyber Resilient Module with the ability to recover multiple layers and components within a device while keeping them safeguarded.
“Manual intervention for device servicing, or recovery from compromise, is an expensive and sometimes even physically dangerous endeavour. The proliferation of internet connected devices we’re seeing today is only increasing this cost,” said Dennis Mattoon, Member of TCG’s Cyber Resilient (CyRes) Technologies Work Group. “Technology must be implemented to safeguard devices in the modern threat landscape. We often hear that resource constraints, such as the cost of the device, its form factor, or power needs, are challenges that are difficult to overcome, and security usually suffers. With this in mind, we have created a set of building blocks that allow for cyber resilient devices to be built with a more limited range of resources.”
The specification encourages the consideration of a cyber resilient architecture from the beginning of the design process, rather than it being left as an afterthought. With the implementation of CyRes building blocks, a device can be recovered even if it has been compromised and hacked.
This will have a dramatic impact on the security posture of today’s connected digital ecosystems. Devices with cyber resilience built-in will be safer against attacks from other systems connected to the network, and if compromised, can be recovered without manual intervention.
Mattoon added: “As the dependence on technology grows, cyber resilience will prove critical for the future security of all interconnected devices and systems. Adopting cyber resiliency principles for protection, detection, and recovery is an important first step if we want to stay ahead of increasingly sophisticated threats.”
To be successful, the implementation of proper definitions, architectures, and scenarios is key. Manufacturers and developers can follow the guidelines outlined by TCG in the draft specification, which is now out for public review.
More information is available at the TCG website, www.trustedcomputinggroup.org
Fachartikel

ChatGPT bei der Arbeit nutzen? Nicht immer eine gute Idee

Das Aktualisieren von Software-Agenten als wichtige Praktik der Cyberhygiene auf MSP-Seite

Kosteneinsparungen und Optimierung der Cloud-Ressourcen in AWS

CVE-2023-23397: Der Benachrichtigungston, den Sie nicht hören wollen

Wie sich kleine und mittlere Unternehmen proaktiv gegen Ransomware-Angriffe wappnen
Studien

Studie zeigt 193 Millionen Malware-Angriffe auf Mobilgeräte von Verbrauchern im EMEA-Raum

2023 State of the Cloud Report

Trotz angespannter Wirtschaftslage: die Security-Budgets steigen, doch der IT-Fachkräftemangel bleibt größte Hürde bei Erreichung von Security-Zielen

BSI-Studie: Viele Software-Produkte für Onlineshops sind unsicher

Wie Cloud-Technologie die Versicherungsbranche revolutioniert
Whitepaper

Aufkommende Trends in der externen Cyberabwehr

Cyber-Sicherheit für das Management – Handbuch erhöht Sicherheitsniveau von Unternehmen

Aktueller Datenschutzbericht: Risiko XXL am Horizont

Vertrauen in die Lieferkette durch Cyber-Resilienz aufbauen

TXOne Networks und Frost & Sullivan veröffentlichen Jahresbericht 2022 über aktuelle Cyberbedrohungen im OT-Bereich
Unter4Ohren

Optimierung der Cloud-Ressourcen und Kosteneinsparungen in AWS

DDoS – der stille Killer

Continuous Adaptive Trust – mehr Sicherheit und gleichzeitig weniger mühsame Interaktionen

Datenschutz und -kontrolle in jeder beliebigen Cloud bei gleichzeitiger Kostensenkung, Reduzierung der Komplexität, Verbesserung der Datenverfügbarkeit und Ausfallsicherheit
