NSA teams with Trusted Computing Group on software could help secure the supply chain
FORT MEADE, Md. – The U.S. National Security Agency (NSA) and the Trusted Computing Group (TCG) industry consortium in Beaverton, Ore., have come up with validation software that could go a long way to securing the supply chain for computing devices. Security Boulevard reports. Continue reading original article
The Military & Aerospace Electronics take:
25 March 2019 -- NSA Research and TCG worked for two years with Intel to develop the software and standards for a supply chain validation process, NSA said. Essentially, certificates defined by TCG and containing attributes about a device are created during manufacturing and delivered with that device in the Trusted Platform Module (TPM), which keeps the information secure during the process. NSA’s Host Integrity at Runtime and Startup (HIRS) software taps into that information in order to validate the source of components, linking it to the manufacturer.
The validation process can be applied to any device through multi-stage productions involving multiple vendors, NSA said, and is capable of identifying a wide range of possible risks, including the swapping of malicious components for legitimate ones.
“The development of open source tools for trusted computing-based supply chain validation provides the U.S. government with greater confidence in the security of our mission critical systems,” said Peg Mitchell, NSA CISO.
Related: Trusted computing: application development, testing, and analysis for optimal security
Related: Developing a secure COTS-based trusted computing system: an introduction
John Keller, chief editor
Military & Aerospace Electronics
Ready to make a purchase? Search the Military & Aerospace Electronics Buyer's Guide for companies, new products, press releases, and videos