TCG launches work group with Microsoft, Intel for supply chain cybersecurity protocols

TCG launches work group with Microsoft, Intel for supply chain cybersecurity protocols
Photo Credit: 123RF.com

Oregon-based Trusted Computing Group (TCG), an alliance to implement trusted computing concepts, has launched a new work group aimed at how TCG Technologies can be used to mitigate the supply chain security challenges.  

Led by Microsoft, Intel and Goldman Sachs, the group will create implementation guidelines for security standards in global supply chain.  

“The supply chain is the one thing that spans all verticals and the TCG work groups are now coming together to create industry-wide guidance that seeks to make the supply chain more secure,” said Dennis Mattoon, co-chair of the new Supply Chain Security work group and Principal Software Development Engineer at Microsoft.  

There has been a rise in the number of cyberattacks who attempt to compromise the supply chains of industries and governments.

An October 2021 report by cyber security company Acronis said that 53% of companies are left exposed to supply chain attacks, and have critical security gaps.  

The hardware supply chain is a challenge in terms of security owing to the many stages, multiple players and individuals involved, with current security methods requiring multiple human interventions to process properly.  

“Securing the hardware supply chain is no easy task, as no single company has end-to-end control of the modern technology supply chain,” said Michael Mattioli, Co-Chair of the Supply Chain Security work group and Vice President at Goldman Sachs.  

The new work group, will focus on two key areas, provisioning and recovery.

In terms of provisioning, TCG, founded in 2003, will build solutions to ensure devices are genuine and from a trusted source. Secondly, they will ensure that companies have the tools to recover systems, devices and networks quickly in the event of an attack.  

“Whilst these solutions can be costly to organizations in the short-term, they are much more cost-effective than the alternative of a single cyber-attack bringing down the entire supply chain,” TCG said.