NSA teams with Trusted Computing Group on software could help secure the supply chain

FORT MEADE, Md. – The U.S. National Security Agency (NSA) and the Trusted Computing Group (TCG) industry consortium in Beaverton, Ore., have come up with validation software that could go a long way to securing the supply chain for computing devices. Security Boulevard reports.

Mar 25th, 2019
ByDavid Sheets
ByDavid Sheets
FORT MEADE, Md. – The U.S. National Security Agency (NSA) and the Trusted Computing Group (TCG) industry consortium in Beaverton, Ore., have come up with validation software that could go a long way to securing the supply chain for computing devices. Security Boulevard reports. Continue reading original article

The Military & Aerospace Electronics take:

25 March 2019 -- NSA Research and TCG worked for two years with Intel to develop the software and standards for a supply chain validation process, NSA said. Essentially, certificates defined by TCG and containing attributes about a device are created during manufacturing and delivered with that device in the Trusted Platform Module (TPM), which keeps the information secure during the process. NSA’s Host Integrity at Runtime and Startup (HIRS) software taps into that information in order to validate the source of components, linking it to the manufacturer.

The validation process can be applied to any device through multi-stage productions involving multiple vendors, NSA said, and is capable of identifying a wide range of possible risks, including the swapping of malicious components for legitimate ones.

“The development of open source tools for trusted computing-based supply chain validation provides the U.S. government with greater confidence in the security of our mission critical systems,” said Peg Mitchell, NSA CISO.

Related: Trusted computing: application development, testing, and analysis for optimal security

Related: Developing a secure COTS-based trusted computing system: an introduction

Related: Curtiss-Wright receives encryption certification for secure data storage in trusted computing uses

John Keller, chief editor
Military & Aerospace Electronics

Ready to make a purchase? Search the Military & Aerospace Electronics Buyer's Guide for companies, new products, press releases, and videos

More in Computers