Late last month, the President’s Council of Advisors on Science and Technology (PCAST) delivered a report to the President, titled Immediate Opportunities for Strengthening the Nation’s Cybersecurity.
PCAST is a pretty heady group of mostly senior and well-respected academics, but also includes people like Eric Schmidt, Google’s Executive Chairman, and Craig Mundle at Microsoft.
The report cut to the chase by reporting “The Federal Government rarely follows accepted best practices. It needs to lead by example and accelerate its efforts to make routine cyberattacks more difficult by implementing best practices for its own systems.” The report also recommended the government “Encourage the universal adoption of the TPM … including for phones and tablets.”
I couldn’t agree more.
Historically, the issuance of a report like this hasn’t prompted immediate action. Look for the President or OMB to issue an executive order around March mandating the implementation of key findings in the report – that is the call to action for agencies. It’s critical, however, that we not just mandate TPMs, but we also include enterprise management of those chips if we really want to reap the benefits. We know key elements are already in place at the DoD and the NSA pushing for TPM adoption. An executive order will push it over the top. (See recent Dark Reading piece on PCAST report)
Corporate America can (and should) act now. TPMs represent an already deployed investment in cybersecurity. TPMs present both a solid business case and highly recommended best-practices protection for corporate America.
Just a few more steps and I expect the TPM movement towards implementation will happen at scale. Since the hard part is already deployed, the roll-out can be substantial and fast. Wave is the recognized global leader in TPM management so expect the excitement to begin in the coming months.
Look for more on the PCAST report next week.