Unsecured industrial equipment has been the entry point for many recent attacks, including widely reported ones on a steel mill, the Ukrainian power grid, nuclear facilities and much more. Traditionally, most industrial systems were stand-alone and not connected to the wider Internet or sometimes not even to other equipment. That, of course, has changed, making this equipment highly vulnerable to criminal, nation-state, mischievous and other attacks.
With its deep expertise in trusted computing and security and widely vetted standards already deployed across enterprise systems, TCG is a natural to extend its mission to securing industrial equipment, connected or not. It has formed a new subgroup to focus on this challenge.
What will this new subgroup do? First, it will provide guidance to implementers and users regarding the use of Trusted Computing technologies for Industrial applications – it will show people how to use Trusted Computing to Industrial applications.
The group will create and publish some guidance documents on how to use existing TCG technologies. Some new specs will need to be created, such as a Platform Firmware Profile that says how PCRs s(Platform Configuration Registers) should be used in Industrial equipment. The subgroup will create new technical specifications as needed and work with existing work groups to provide input on specific industrial needs. The group also will create new marketing and educational materials.
Existing resources about using various TCG specifications for industrial equipment and related applications include:
TCG IoT Architect’s Guide: http://bit.ly/1RzLRa6
TCG Guidance for Securing IoT: http://bit.ly/2f8RYkK
TNC IF-MAP Metadata for ICS Security
Architects Guide: ICS Security Using TNC Technology
Industrial Internet Security Framework: https://www.iiconsortium.org/IISF.htm
Learn more about this subgroup, including a new overview document illustrating a typical industrial environment, here: https://trustedcomputinggroup.org/work-groups/industrial/
*** This is a Security Bloggers Network syndicated blog from Trusted Computing Group authored by TCG Admin. Read the original post at: https://trustedcomputinggroup.org/tcg-tackles-industrial-equipment-security/