Building Trust with TCG Technologies: From Supply Chain to End of Life and Beyond
Joshua Schiffman [HP, Inc.]
Abstract:
In recent years, supply chain attacks have been levelled with increased frequency – between 2021 and 2023, attacks surged by approximately 431%, and this number is certain to grow further. The impact of these attacks can be devastating, resulting in significant financial losses for businesses, alongside reputational damage and severe data breaches.
Mitigating risk in the supply chains requires the adoption of strict security controls across any product’s lifecycle. This is not a simple process however, as there are many frameworks and compliance regimes created to define these controls, and their implementation often relies on manual processes, sparse audits, and weak evidence of compliance. As a result, the effectiveness and scalability of these frameworks are unfortunately limited.
Enter the Trusted Computing Group (TCG), a not-for-profit industry consortium focused on specifying hardware roots of trust critical for building both verifiable and trustworthy component, devices and systems. To overcome growing threat levels and the current issues regarding compliance regimes, it has established a Supply Chain Security Subgroup which will produce guidance on how to use the latest standards and technology to improve controls across a product’s lifecycle. This will make them more automated, verifiable, and – most importantly – secure.
In this presentation, Josh Schiffman, Distinguished Technologist and Research Director at HP and the TCG Supply Chain Security Subgroup Co-Chair, will provide attendees with a broad overview of how TCG standards, specifications and technologies map on to controls in common supply chain security frameworks, and give examples of their application to typical lifecycle scenarios.
Biography:
Dr. Joshua Schiffman is a Distinguished Technologist and Research Director at HP Labs' Security Lab. He leads the company's Supply Chain and Device Lifecycle Management Security research agenda. As a technology strategist in system security, Dr. Schiffman collaborates with business leaders across HP Inc. to develop security innovation roadmaps and adopt emerging technologies that address critical challenges for HP's customers.
Dr. Schiffman is a lifelong innovator in security, with deep contributions to trusted computing, embedded platforms, distributed systems, infrastructure security, and virtualization. Recently, he has focused on the intersection of supply chain risk and resilient, verifiable device architectures. His technical experience and leadership extend to standards development, academic collaborations, and government public-private partnerships to advance the state of the art in cybersecurity.
Dr. Schiffman received his PhD in Computer Science and Engineering from Pennsylvania State University. He is the Co-Chair of the Trusted Computing Group's Technical Committee and Supply Chain Security Workgroup. He also represents HP Inc. on the TCG's Board of Directors. His other research efforts include verifiably secure cloud computing infrastructures, cryptographic key management, and post-quantum cryptographic migration in trusted systems.

Dr. Diganta Das
For more information or questions regarding the technical program (including Professional Development Courses), contact the Conference Chair, Dr. Diganta Das

Kristin Nafstad
For more information or questions regarding event logistics, exhibitions, and sponsorship, contact Kristin Nafstad.
Top