The Security Ledger Podcast
Episode 224: Engineering Trust In The Cyber Executive Order
In this spotlight edition of the podcast, sponsored by Trusted Computing Group* Thomas Hardjono and Henk Birkholz join us to talk about President Biden’s Cyber Executive Order and how the EO’s call for increasing trust in federal IT systems is creating demand for TCG technologies.
President Joe Biden threw down the gauntlet last May in the form of a Presidential Executive Order on cybersecurity. Issued amidst the fallout from the Colonial Pipeline ransomware attack, the EO laid out an aggressive schedule of big changes to federal IT, including identifying critical software in use by the government, verifying trust relationships between federal and private sector entities and demanding that IT firms selling software and services to the federal government develop software bill of materials (SBOM).
In an environment of rampant cyber attacks on federal agencies, porous networks and vulnerable software and services, “trust” is a key concept in the Cyber Executive Order. In fact, the term appears more than 20 times in the EO alone.
Thomas Hardjono is the CTO of Connection Science and Technical Director of the MIT Trust-Data ConsortiumHenk Birkholz is a researcher at the Fraunhofer Institute for Secure Information Technology
But it is a lot easier to invoke the concept of trust than it is to engineer it into IT systems. Alas, if the federal government is serious about achieving the goals laid out in the EO, it will need to find a way to do just that. In the process, it will likely build upon the work of our guests this week.
Henk Birkholz is a researcher at the Fraunhofer Institute for Secure Information Technology – located in Germany and Co-chair of the Attestation Working Group, at the Trusted Computing Group. He also chairs the Operations and Management Area working group and the IoT Operations working group at IETF.
Thomas Hardjono is the CTO of Connection Science and Technical Director of the MIT Trust-Data Consortium at the Massachusetts Institute of Technology. He is an invited expert at the Trusted Computing Group and former co-chair of the Embedded systems working group.
Use the button below to download the MP3 or listen using the player above.
Download the MP3
(*) Disclosure: This podcast and blog post were sponsored by Trusted Computing Group. For more information on how Security Ledger works with its sponsors and sponsored content on Security Ledger, check out our About Security Ledger page on sponsorships and sponsor relations.
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You