Cyber Resilient Technologies

Cyber Resilient Technologies

Formed in June 2018, the TCG Cyber Resilient Technology (CyRes) workgroup focuses on supporting three primary principles for resilience:

  • Protecting updatable persistent code and configuration data
  • Detecting when vulnerabilities are not patched or when corruption has occurred
  • Recovering reliably to a known good state even if the platform is compromised.

Protection techniques lessen the likelihood that malware is able to persist itself and provide techniques for better protecting code and data.  Detection techniques identify whether a platform is healthy and work when the device is disconnected, using standalone techniques (like secure boot), or connected, by using technologies like remote attestation.  Detection involves the creation of evidence about the kind of platform and where a verifier could obtain health information.  If detection identifies a problem, recovery is triggered to remedy the platform and try to return it to a functional state.  Remediation could involve updating code or changing security settings.

For connected cyber resilient platforms, the protection, detection and recovery capabilities help identify misconfigured or unpatched code and reliably deploy updates.  For consumer scenarios this may be done directly by the manufacturer, service provider or end user.  In organizational settings, management may be done by the IT department or its delegates.  Policies may be defined for recovery actions that are device and domain specific.

The CyRes workgroup intends to develop new technologies, promote existing best-practices, and coordinate efforts in other groups inside and outside TCG.  The goal is to improve the resilience of future platforms by applying trusted computing technologies.

The concepts of using protection, detection and recovery to support resilience are not new.  Many existing techniques and solutions work to address them in different ways today, often in a platform specific or proprietary manner.  The output of the CyRes workgroup will generally be platform independent.  CyRes plans to formalize concepts of widely useful resilient technologies, specify building blocks and recommend baselines to meet stakeholder expectations for resilient computing platforms and their subcomponents.  Complex platforms could have a mixture of subcomponents with varying levels of resilience and interdependencies.

The output of the workgroup will complement other publications on resilience.  For example, the NIST SP 800-193 publication has technology independent requirements for resilient platforms that could be met in a plethora of ways.  The CyRes workgroup will develop TCG technologies to provide protection, detection and recovery capabilities in the context of end to end scenarios.  In conjunction with other TCG platform workgroups, the workgroup may help TCG publish resilient requirements for specific classes of platforms.

As of October 2018, the group is focused on scope and scenario definitions for representative examples for IoT devices and for subcomponents of computing platforms.  Work is focused on definitions, architecture and scenarios regarding how a platform or a subcomponent of a computing platform will perform better if enhanced with cyber resilient capabilities.  The workgroup will use the scenario work to publish resilient technology specifications useful for a wide variety of platform types and subcomponents.  The workgroup may then collaborate with other TCG workgroups to produce platform specific specifications as appropriate.

Rob Spiger

PRINCIPAL SECURITY STRATEGIST, MICROSOFT;  WORK GROUP CO-CHAIR

Mr. Rob Spiger is a Principal Security Strategist at Microsoft on the Digital Diplomacy team inside the Customer Security and Trust  organization.  Previously Rob was a Senior Program Manager at Microsoft, responsible for technical program management of Windows security features as a part of the Security and Identity Team in the Windows Division. Rob is an industry security expert with in-depth understanding of the trusted computing technology and standard development. He has participated for over a decade in the Trusted Computing Group, a global standards organization. He enjoys collaboration with global technologists from industry, government and academic institutions who are devoted to advancing security technology research and innovation.  Rob’s substantial industry experience also include his contributions at Avanade, Advanced Technical Resources, and Lockheed Martin.   He has degrees in Computer Science with Honors and Electrical Engineering from the University of Washington.

Jim Mann

DISTINGUISHED TECHNOLOGIST & SECURITY STRATEGIST, HP INC.; WORK GROUP CO-CHAIR

Mr. Jim Mann is a 28-year veteran of HP Inc, currently a Distinguished Technologist and Security Strategist in the Office of the Chief Engineer.  Jim leads the company’s product security quality governance programs, HP’s firmware security requirements, and serves as a key technical resource for HP business units in bringing secure products to market.  He has contributed to numerous industry consortia efforts, standards development and other government-commercial forums related to security, including contributions to the US National Institute of Standards and Technology (NIST) Special Publication 800-193, Platform Firmware Resiliency Guidelines.  Jim holds 23 patents and a B.S. and M.S. in Computer Engineering from Iowa State University where he graduated with Distinction and performed graduate work in the fields of non-destructive evaluation and artificial intelligence.

Silviu Vlasceanu

SECURITY TECHNOLOGIST, HUAWEI TECHNOLOGIES CO., LTD.; WORK GROUP CO-CHAIR

Mr. Silviu Vlasceanu is an Expert Engineer at Huawei, leading the Trusted Computing team within the Cyber Security and Privacy Lab. Silviu is responsible for driving and executing the research strategy for trusted computing and platform cyber-resilience and to ensure technology adoption in a wide range of platforms and solutions, from traditional telecom devices to cloud infrastructure and industrial IoT. He has 10 years of experience in system security, network security and PKI. Co-author of 5 patents in the field of system integrity, he has been developing in the past security technology for IBM System X and for the Special Telecommunications Service. Silviu has a M.S. in Electronics from Military Technical Academy in Bucharest and a M.S. with High Honors in Telecommunications and Networks from National Polytechnic Institute in Toulouse.