"It looks like Bartok might get his wish. In the day’s fourth session, “Making Mobile Devices Trusted,” Leslie Andresen with General Dynamics said she started work about 18 months ago with TCG partners on its Trusted Computing Based Insider Threat Protection and Assured Information Sharing (TCBITPAIS) project. TCBITPAIS uses strong authentication and remote attestation through – you guessed it – a hardware root of trust, Trusted Platform Modules (TPMs)."
Michael ArnoneFebruary 29, 2012
RSA 2012: Living up to a Legacy
Mr. Arnone is an independent security writer who will be blogging live from RSA Conference 2012. Look for his Security Matters posts all week as he gives an on-site view of conference sessions, exhibit highlights, and this year’s hot debates.
I’ve been to a lot of IT security conferences, heard hundreds of talks on dozens of topics I frankly will remember only vaguely, at best. Something unexpected happened Monday at the RSA 2012 Conference, though, that I’ll remember for a long, long time.
The Trusted Computing Group hosted a four-hour block of panel discussions on the challenges, successes and opportunities that organizations implementing trusted computing currently face. The second segment, “Securing Mission-Critical Networks and Automating Security in Enterprise Environments,” immediately swerved into new territory.
The opening speaker, Steve Hanna with Juniper Networks, announced that one of the scheduled presenters, Paul Bartok of the National Security Agency, died unexpectedly last week. Bartok was credited with creating a “grand vision for information security across government and commercial spaces for security automation with open standards.” A vision, incidentally, predicated on a hardware root of trust, as advocated by Wave and other TCG members. Hanna concluded his brief introduction with a sincere imperative: “May we work together to realize his vision.”
Chris Satter, Bartok’s NSA colleague and co-presenter, solemnly took the podium after Hanna. Satter said he and Bartok had spoken last week. Satter said he was worried about the difficulty of what he and Bartok were proposing: Getting industry consensus on concrete steps organizations need to take to implement security automation standards. Those standards, in turn, would enable IT security solutions to comprehensively understand devices, data and users and, more importantly, what their normal and abnormal behaviors are. Based on that real-time knowledge, IT security would become much more effective, cheaper, interoperable, and able to share information rapidly across entire enterprises.
“Paul was the first senior government official that didn’t say ‘It’s too hard,’ or ‘it’s not our culture,’” Satter reminisced. “The last thing he said to me was, ‘Christopher, we’re actually going to do this.’”
It looks like Bartok might get his wish. In the day’s fourth session, “Making Mobile Devices Trusted,” Leslie Andresen with General Dynamics said she started work about 18 months ago with TCG partners on its Trusted Computing Based Insider Threat Protection and Assured Information Sharing (TCBITPAIS) project. TCBITPAIS uses strong authentication and remote attestation through – you guessed it – a hardware root of trust, Trusted Platform Modules (TPMs).
Bartok took the project to the next level through sponsorship from the NSA’s NSA/CSS Commercial Solutions Center, Andresen said. She and her team delivered a proof of concept to NSA last December. Their next step is developing an operational pilot with either NSA or General Dynamic’s own Security Operations Center (SOC).
I hope that at the sessions and even the parties going on this week at RSA, someone will raise a glass with me to Paul Bartok. His legacy is worth remembering.
AI
