Trusted Computing Fortifies Cyber-Defenses

Nearly every week brings news that a corporate or government network has been penetrated by cyber-criminals, unfriendly nation-states or malicious hackers, resulting in the theft of trade secrets, personal information or sensitive public documents.

Government agencies and the private sector are coming under additional pressure to increase their vigilance and to implement new technologies to protect sensitive information and critical infrastructure.

One of the prominent conclusions that emerged from the September National Security Agency (NSA) Trusted Computing Conference & Exposition in Orlando, Fla., was that Trusted Computing technologies would play an important role in making cyber-defenses strong enough to thwart the latest cyber-threats.

Consumers and organizations are facing a constant barrage of attacks, and the NSA is calling on the security industry to do "something different" to address the problem, Brian Berger, executive vice president at Wave Systems and a member of the Trusted Computing Group's board, told eWEEK.

People and their devices around the world are being targeted by spear-phishing, social engineering, malware exploiting zero-day vulnerabilities and crimeware, Anthony Stramella, special assistant to the director at the NSA's Central Service Threat Operations Center, said in his opening keynote speech at the conference. Mobile security is a concern, as malicious apps can collect personal data and transmit the harvested data to remote servers.

"How much security is built into a 99-cent golf app?" Stramella asked his audience before adding, "And people are using these devices for banking and everything else too."

Malware is becoming more sophisticated, he said, with more than 68,000 tools available for developing malware and launching attacks-many of which don't require special technical knowledge or skills to use. Stramella also said that people are exposing too much of their personal information online, putting them at risk for targeted attacks.

"The collective impact of his message was that the bad guys have something of an upper hand in a world in which people are surprisingly trusting and careless in their online behavior," wrote Neil Roiter, a contributor to the Wave Systems blog.

One of the central messages of the conference was that it's time to take advantage of Trusted Computing technologies to develop security countermeasures, said Wave's Berger. Trusted Computing uses hardware-based security to protect the endpoint, network, data, mobile devices and other non-PC computing devices.