Trusted Computing Group Offers Improved Security for Vulnerable Industrial Control Systems

Date Published: October 15, 2012

IF-MAP Metadata for ICS Security Specification Targets Existing and New Infrastructure in Energy, Public Utilities, Healthcare and Manufacturing

DENVER, Oct. 15, 2012 – Potentially vulnerable industrial control systems today got a big boost in security with the publication of a new specification from the Trusted Computing Group (TCG) that adds additional layers of security to standard shared network infrastructure. Such security will protect critical energy, utility, healthcare and manufacturing systems that have been increasingly targeted for attacks.

The specification will be introduced at this week’s Industrial Control Systems Joint Working Group (ISCJWG) 2012 Fall Meeting during a two-hour panel session on “Public Standards for Interoperable ICS Security”, led by Steven Venema of The Boeing Company (a TCG member company).

A 2011 NIST report on the topic of industrial control systems security notes that integration of traditional ICS systems - such as supervisory control and data acquisition (SCADA) systems, sensors, actuators, and controllers - with IT networks has opened these networks to external threats, and the problem is exacerbated by the growing use of wireless connectivity.

The TCG IF-MAP Metadata for ICS Security specification facilitates the deployment, management, and protection of large-scale industrial control systems by enabling creation of secure virtual layer 2 and/or layer 3 overlay networks on top of standard shared IP network infrastructure typically used in industrial control systems. Overlay networks isolate key components of these systems into protected enclaves.

The TCG specification builds on the soon-to-be-published ISA100.15 architectural model for secure ICS communications over untrusted shared networks (TR100.15.1, “Wireless Backhaul”), which contains a new architectural model, use cases, and functional requirements such as identity-based access policy, device identification, and certificate lifecycle management.
The TCG specification follows this ISA100 architecture and is intended for use in retrofitting existing industrial control systems, as well as incorporation directly into new ICS products, as an additional interoperable security capability.

For additional security, the TCG specification recommends IP networks support other TCG standards, including the Trusted Network Connect client functionality and the Trusted Platform Module (TPM) for remote attestation, but it can be used without those elements.

“The IF-MAP Metadata for ICS Security specification is a generational leap forward for adding secure connectivity to industrial automation devices,” said David Mattes, TCG invited expert and founder and CTO of Asguard Networks. “The philosophy and contents of this specification are guided by seven years of development and deployment experiences in a global manufacturing environment. Asguard Networks is implementing this specification as part of our SimpleConnect™ product line to make the full lifecycle management of segmented overlay networks easy and efficient, at both small and large scales."    

The specification and an FAQ can be found at and

TCG is an industry standards body formed to develop, define, and promote open standards for trusted computing and security technologies, including hardware building blocks and software interfaces, across multiple platforms, peripherals, and devices. TCG specifications are designed to enable more secure computing environments without compromising functional integrity with the primary goal of helping users to protect their information assets from compromise due to external software attack and physical theft. More information and the organization’s specifications are available at


Brands and names are the property of their respective owners.

Tweet this: TCG to help secure vulnerable industrial control systems #ICS #SCADA 

Back to News Listing