Presenter Tony Sager on right.
Trusted computing technologies and solutions are like fear-provoking bouncers who prevent anyone lacking the necessary credentials from entering a popular attraction - or, they quickly nab the rare gatecrasher. They're effective. They're available. And using them for cyber defense makes good business sense.
But when it comes to protecting critical information and network infrastructure, the adoption of these technologies has been slow. They're often misunderstood or viewed as not quite ready for prime time. In reality, they are essential to mounting a decisive defense in both the public and private sectors.
The National Security Agency held its 2nd Annual Trusted Computing Conference and Exposition from Sept. 20-22 in Orlando - advocating for the use and more robust development of such technologies not only to grow the market and better assess trends, but also to lift all boats in a rising tide of cybersecurity.
Cyber threats are real, enormous, and growing, agency officials emphasized to the event's 620 attendees. Presenter Tony Sager, NSA's Chief Operating Officer for the Information Assurance Directorate, noted that public and private efforts to enhance cybersecurity have made a huge difference. The trouble is, "the context is getting worse faster than we're getting better," he said, referring to the rate of change in the diversity and sophistication of cyber attacks.
Presenter Troy Lange on right.
The conference - which also featured exhibits by nearly 60 IT companies - highlighted the business case for trusted computing, real-world examples of its use, research, and emerging technologies. Generally speaking, trusted computing technologies ensure that hardware and software behave as designed. These solutions prevent malicious computer attacks by combining commercially available, off-the-shelf IT tools. The bad guys are forced to break a sweat, and they still lose.
Several chords were repeatedly struck each day of the event.
For starters, a single technical solution - one magic bullet - does not and will not exist, said Neil Kittleson, NSA's Trusted Computing Portfolio Manager. The best approaches are integrated, flexible, and dynamic, he said.
And vital to the entire effort are rigorous technical standards for how products and solutions should be designed or implemented in the most secure ways. Here, the federal government plays an important role to help bring order to the market by "defining goodness" in its standards, Sager said.
Additionally, trusted computing solutions should be built into devices as well as integrated across an enterprise. Troy Lange, NSA's Mobility Mission Manager, made that point in his presentation about the agency's pilot project to develop new smartphones that can access classified information and applications from almost anywhere. Solutions must also keep pace with IT advances, he said.
On the whole, public-private partnerships are key.
The problems require the "government as a participant, but industry as [the] lead," said Donna Dodson, chief of the Computer Security Division at the National Institute of Standards and Technology.