khillo (and others),
My initial reaction to this National Strategy document was one of enthusiasm, hoping that finally the feds were going to kickstart hardware security. But at least my initial review and consideration of this 26 page missive is a lot more downbeat for a variety of reasons:
1) The agency mentioned for opinion gathering is the Dept. of Homeland Security, hardly the greatest backer of hardware security thus far. Perhaps the submitted opinions are only window dressing for a politically correct aura of democracy anyway, but I would have liked to have seen a reference to the NSA instead.
2) While TPM's are mentioned several times, they are hardly represented as the mainstay to this policy. They are promoted on an equal basis as software security, via software credentials. Unless these credentails are rooted in hardware security, they will be subject to all the flaws we are very familiar with. In fact, when TPM's are reported in this document as being present in a cell phone, we are presented with totally erroneous information, unless there has been a miraculous change in technology that we aren't aware of. Wouldn't one expect Howard Schmidt, at least, to have understood the difference between an instanchiation (sp?) and an actual TPM?
I'm beginning to worry that our government bureaucrats are just too plain incompetent to bring about the cybersecurity this country actually needs.
Sorry for being so downbeat (and I hope my instincts are wrong), but I found this document woefully inadequate.
Svenm
AI
