When it comes to cybersecurity, federal agencies are awash in solutions, from basic tools like firewalls to sophisticated SIEM and SOAR solutions. It’s worthwhile, though, to take a step back and think about the role of the computer in cyber defense.
The hardware itself, the silicon chip(s) that lie at the heart of the compute device, can offer a foundation for establishing more robust cybersecurity.
How so? At the hardware level it’s possible to implement a range of key security capabilities and controls. These include secure boot, confidential computing, and hardware-enhanced malware detection. Each of these plays a vital role in securing data and systems in the enterprise.
Secure or trusted boot verifies that the system has come up in a known “good state.” Confidential computing concepts refer to the use of hardware to create isolated and protected domains for transactions and data protection in use, a trusted execution environment (TEE). Hardware-enhanced malware detection, meanwhile, leverages the chips themselves to speed the detection and identification of malware and anomalous activity, using the hardware to detect behaviors that would not be normally detectable within the OS or application domains.
In a trusted boot, the hardware uses mechanisms that are able to validate each stage of the boot process. From power-on to the firmware to the operating system and ultimately into the application stack, trusted boot ensures that nothing malicious has been inserted along the way.
With trusted boot, you know that the right workload, the right application, the right firmware all were running at the time the system came up. That way, as users deploy data or undertake transactions, they know that they are working from a solid, more secure starting point.
This helps to ensure safe operations, and it supports recovery in case of an adverse event, whether an error or an attack. In such a circumstance, it’s important to be sure that the computer is reverting to a known good state. That’s the “platform resiliency” defined in the NIST SP800-193 standard.
Confidential computing is about leveraging a trusted execution environment and being able to do it at cloud scale.
A trusted execution environment is a safe place to transact data and applications, with the ability to put business logic and associated data in a place that is protected from digital and even physical attacks. In a cloud-based environment, this is the means to protect data and transactions from rogue tenants, as well as from the cloud provider themselves —a rogue admin or someone with physical access to the system.