The Security Ledger Podcast
Spotlight Podcast: Building Resilience into the IoT with Rob Spiger
In this Spotlight edition of the Security Ledger Podcast, sponsored by Trusted Computing Group*: we’re joined by Rob Spiger, a principal security strategist at Microsoft and co-chair of the cyber resilient technologies working group at Trusted Computing Group. Rob talks to us about efforts to make more resilient connected devices and how the advent of the Internet of Things is changing TCG’s approach to building cyber resilient systems.
When the trusted computing group first hit the scene 20 years ago, the idea was to provide a so-called “root of trust” from which security operations might be launched, and a secure enclave from which devices could recover should all else fail.
But attacks these days aren’t as simple as removing malware from a windows system and getting it back up and running. Destructive malware like Shamoon, NotPetya and WannaCry have shown that disruption and even physical destruction of devices may be the objective of malware infections and hacks. At the same time, so-called “advanced persistent threat” (APT) actors have made a practice of stealthy, long-lived compromises designed to harvest information or extend control over compromised environments.
A Focus on Cyber Resilience
And, as Internet of Things devices permeate both commercial and private networks, the cyber physical consequences of comprises mount. That’s why the Trusted Computing Group is expanding its work on what it calls “cyber resilient technologies” that can help restore connected devices to a working state in the event of a cyber attack or other disruption.
In this spotlight edition of the podcast, we invited Rob Spiger of Microsoft into the studio to talk about this concept of “cyber resilience.” Rob is a 17 year veteran of Microsoft and the co-chair of the Cyber Resilient Technologies Working Group at TCG.
Breaking the Ice on DICE: scaling secure Internet of Things Identities
Rob Spiger is a principal security analyst at Microsoft and co-chair of the Cyber Resilient Technologies Working Group at Trusted Computing Group.
In this conversation, Rob and I talk about how the importance of cyber resilience has grown in recent years and how TCG is adapting to address the unique challenges of the Internet of Things, including the need to manage physically remote devices and devices deployed at massive scale.
Rob notes that the concept of resilience is not so much different today from what it was 20 years ago when TCG was first setting up shop, even though technology use cases have changed dramatically.
“The concept is that devices could be come compromised and you need re-establish them to a trusted stage and resume normal or limited operations if mitigations are not available immediately,” Spiger told me. “The basic concept is to provide better protections and detect if an attack has occurred and then to recover from that attack to a trusted state.”