|
||
 |
In the Boardroom™ |  |
|
||
 |
TCG |  |
In The Boardroom™ With...
Dr. Joerg Borchert
President and Chairman, TCG
Vice President
Chip Card & Security ICs
Infineon Technologies North America Corporation
www.trustedcomputinggroup.org
SecuritySolutionsWatch.com: Thank you for joining us today, Joerg.
It is an honor to speak with you as President and Chairman of TCG and a contributor
to four patent filings in this area. Please give us an overview of your background
and a brief history of TCG.
Dr. Joerg Borchert: My company, Infineon, has been involved with TCG since the organization was formally announced in 2003 and prior to that, we were involved in a predecessor organization that developed the cornerstone technology of TCG, the Trusted Platform Module. I have been involved in the semiconductor business for most of my career and the last 10 years have been focused on embedded security and related topics, such as the secure payment cards used in Europe. Since moving to the U.S. with my company, I worked for three years in the mobile semiconductor area and have since 2004 directed a team focused on semiconductor security solutions for the US electronic ePassport program and mission critical embedded security implementations.
SecuritySolutionsWatch.com: One will read on
www.trustedcomputinggroup.org that,
“Trusted Computing is a category of technology developed and promoted by the Trusted Computing
Group. The term is taken from the field of trusted systems. Trusted Computing is the
industry's answer to growing security problems in the enterprise and is based in a hardware
root of trust. From this, enterprise systems, applications and networks can be made more
secure. With Trusted Computing, the computer or system will consistently behave in
specific ways, and those behaviors will be enforced by hardware and software when the
owner of those systems enables these technologies”. Please elaborate for us regarding the
goals of TCG.
Dr. Joerg Borchert: TCG was founded on the core concept
of a hardware-based root of trust. Some years ago, security experts, researchers
and cryptographers, among others in technology, began to see that software
is inherently vulnerable to attacks. At that time, most security approaches
were based on software. However, there was evidence that systems with
a hardware root of trust would be more secure and less prone to attacks,
malware, spoofing and other attacks. TCG was created to provide interoperable,
industry standards based on that concept of hardware-based trust for all
aspects of enterprise computing. While we started with one specification,
for the Trusted Platform Module (TPM),TCG has, by plan, extended its efforts
to extend Trusted Computing into network security, data protection, mobile
security, and most recently, embedded device security. Embedded security
became after recent incidents - like STUXNET in industrial controls or
the attacks on automotive embedded control systems - an area of major
importance. We also have work groups addressing the internal infrastructure
needs to enable the trusted enterprise and to develop use cases for trusted
multi-tenant infrastructures, known as cloud computing, and for tying
together our various specifications.
SecuritySolutionsWatch.com: We understand that “The
Trusted Computing Group (TCG) provides open standards that enable a safer
computing environment across platforms and geographies.” Please give
us an overview of TCG Standards and Trusted Computing benefits.
Dr. Joerg Borchert: The computing industry has long benefitted from standards, which by nature provide interoperable, baseline capabilities that add significant value to end products. Manufacturers typically benefit from standards, because each vendor does not have to reinvent the wheel to provide a specific technology, and with large numbers of vendors supporting standards, end users benefit not only from access to a variety of compatible products but from cost efficiencies in these products. TCG has produced a number of standards that now are widely used in a variety of systems and products. These standards include those for the Trusted Platform Module, typically a silicon-based product embedded into PCs, servers and other computing systems; the Trusted Network Connect architecture for network security supported by hundreds of vendors in networking gear and software; and the Trusted Storage Opal specification, now offered in hard disk and solid-state drives from most vendors in that industry. We also have published use cases for cloud security, a specification for a mobile version of the TPM, and a number of infrastructure specifications to tie together other TCG specifications. We also provide an extensive education and awareness program to help educate members and potential end users of our members' products about the benefits of Trusted Computing and how it can be used.
In terms of the general benefits of Trusted Computing, we believe that most aspects of computing, whether individual PCs, enterprise data centers, vast networks, the utility and manufacturing infrastructure and non-PC systems can, and should be, trusted systems. This means, fundamentally, that the nature and state of each element of the infrastructure is "trusted" - we know what it is, whether it's infected with malware or viruses, whether it should be attached to a specific network, and whether it's vulnerable to attacks. Through Trusted Computing, we can offer that benefit, thereby reducing the potential for incidences such as Stuxnet, infiltration of the power grid or theft of sensitive corporate data.SecuritySolutionsWatch.com: Are there any particular TCG achievements or milestones you would like to discuss?
Dr. Joerg Borchert: TCG is unique in its mission and deliverables, and some of our milestones include the first comprehensive and industry-standard architecture for network security, called TNC or Trusted Network Connect; development of the industry standard for self-encrypting drives that automatically and continuously encrypt data directly on a drive; and the widespread adoption of the TPM, in more than 500 million PCs, servers and other devices. We also have an active program to support and monitor research into Trusted Computing and related topics at leading institutions worldwide. Much of this research has resulted in the availability of open source support for various TCG specifications, but also in the creation of additional avenues for TCG to explore with future specifications.
SecuritySolutionsWatch.com: What about international standards?Dr. Joerg Borchert: As an industry standards group, we are truly global in scope and presence. Our board, for example, includes most of the multi-national computing companies and we have regional forums active in the Japan and Greater China regions. Research is conducted across the globe, and we participate in conferences and events in North America, Europe, India, Greater China, Japan and other countries and regions. Specific to our standards, the TPM specification is an ISO/IEC standard. Our TNC standards have been adopted by the global Internet Engineering Task Force (IETF).
SecuritySolutionsWatch.com: The list of current list of current TCG members TCG members is truly quite impressive. For those companies that are not yet members, what are the benefits at the various membership levels.
Dr. Joerg Borchert: For companies involved in any kind of security efforts - and that is one of the fastest growing segments of IT and computing - TCG offers an opportunity to participate in the cutting edge of solutions that will be adopted over time by most companies. As contributor members, companies provide input and direction to existing and future specifications and help guide the future of the organization. We also offer membership at an attractive rate to small companies and for academia and researchers, we have a very active liaison program.
SecuritySolutionsWatch.com: Are there any upcoming TCG events you care to mention?
Dr. Joerg Borchert: TCG recently participated as a sponsor
in the NSA (National Security Agency) Trusted Computing Conference. This
is the second year for this event, which is unique in its focus on the
role of Trusted Computing in not only national cybersecurity but in commercial
enterprises. In addition to dozens of demonstrations of available Trusted
Computing solutions, we had a number of speakers addressing the business
case for Trusted Computing, real-world examples, emerging technologies
and even a Trusted Computing "basics" session. We also attend a number
of other conferences; more information is on our website at
http://www.trustedcomputinggroup.org/media_room/events . We also
have hosted several webcasts recently, including one on Sept. 27
on authentication with user PwC and one on October 5 on market
research for the self-encrypting drive segment. I’d also like to
point out our next members meeting is in Hong Kong from October 18-20th
with a keynote address by Chief Inspector Frank Law, of the Hong Kong
Police Force.
SecuritySolutionsWatch.com: Thanks again for joining us today.
Are there any other subjects you would like to discuss?
Dr. Joerg Borchert: We appreciate your interest and hope your readers are encouraged to learn more about this organization. We offer a number of resources - case studies, white papers, a blog, FAQs and other documents, on our web site and encourage anyone interested to check that out. www.trustedcomputinggroup.org.