Cyber Security Needs a Fortress, Not a Sandcastle: A View from the Trenches

Date Published: June, 10, 2015

The most recent high-profile data breach, of government workers’ personal information, has frustrated some cybersecurity experts. Many experts had previously pointed out a number of security issues to the agency that was breached. This breach joins many others that have resulted in considerable cost, harm and future damage to individuals, governments and companies.

In a Huffington Post in an article penned by Wave Systems, a long-time trusted computing and cybersecurity advocate and member of TCG,  (http://www.huffingtonpost.com/bill-solms/national-cybersecurity-we-need-a-fortress-_b_7518986.html), new cybersecurity bills for consideration attempt some fixes. “…H.R. 1560, Protecting Cyber Networks Act, and H.R. 1731, National Cybersecurity Protection Advancement Act of 2015, were passed on April 22 and 23, respectively, during what was dubbed “Cyber Week” by House leaders. The decision to pass these two bills and send them to the Senate is welcome. These bills support the obvious need for cooperation, collaboration, and information sharing between the government and corporations…”

But as the Huff Post article notes, both bills are based on the porous approaches that thus far have not stopped breaches or attackers. As TCG has supported for years, a better approach is available and can be implemented, one that approaches security from a hardware perspective – and as such, is inherently more secure than software: “Our cybersecurity defenses built on the old status quo of simple, software-based security are built on sand. It’s time for our leaders to lay a new foundation. It is time to abandon the pretense that software and passwords alone are keeping us safe. We need a fortress, not a sandcastle.”

The article continues, explaining “…The terms multifactor authentication and hardware-based security should be the guiding tenets here…The good news is that a new foundation is available to us. It lies dormant in many millions of devices we already own, devices we each use every day. Close to one billion Trusted Platform Module chips have been shipped over roughly the last 7 years on standard business desktops, laptops and tablets. And on some highly secure smart phones. These very powerful hardware-based security chips could provide a very capable and very quickly implemented hardening of our cyber defenses, not just in the U.S. but world-wide. So while we debate about cybersecurity, worry about data collection, and read about the latest mega hacks, what we should really be doing is asking our politicians a simple question. If there are solutions available to protect us, why aren’t you turning them on?”

TPMs indeed are available in almost every enterprise PC shipped in many years, and in many consumer PCs, including the Chromebook and others. TPMs are shipped in servers and used in networking gear, from enterprise-class equipment to wireless routers. And millions of boards that are embedded into ATMs, kiosks, industrial systems, printers, copiers and other devices have been shipped – and software and solutions exist to make the systems more secure, based on the available hardware root of trust.

Learn more about TPM here: http://www.trustedcomputinggroup.org/solutions/authentication

Tags:

Join

Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.

Join Now

Trusted Computing

Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.

Read more

Specifications

Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.

Read more