National Cybersecurity Center of Excellence

Similar documents
NCCoE TRUSTED CLOUD: A SECURE SOLUTION

National Cybersecurity Center of Excellence

Securing Wireless Medical Infusion Pumps A Use Case

The NIST Cybersecurity Framework

National Institute of Standards and Technology

Smart Manufacturing and Standards: The NIST Role

Framework for Improving Critical Infrastructure Cybersecurity

National Cybersecurity Center of Excellence (NCCoE) Mobile Application Single Sign

National Cybersecurity Challenges and NIST. Matthew Scholl Chief Computer Security Division

The Road Ahead for Healthcare Sector: What to Expect in Cybersecurity Session CS6, February 19, 2017 Donna F. Dodson, Chief Cybersecurity Advisor,

National Cybersecurity Center of Excellence (NCCoE) Energy Sector Asset Management

Track 4A: NIST Workshop

Cybersecurity Risk Management:

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

NIST Cybersecurity Testbed for Transportation Systems. CheeYee Tang Electronics Engineer National Institute of Standards and Technology

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

Updates to the NIST Cybersecurity Framework

A Government Health Agency Trusts Tenable to Protect Patient Data and Manage Expanding Attack Surface

Mission: Continuity BUILDING RESILIENCE AGAINST UNPLANNED SERVICE INTERRUPTIONS

Cyber Resilience. Think18. Felicity March IBM Corporation

NCSF Foundation Certification

Framework for Improving Critical Infrastructure Cybersecurity

Measurement Challenges and Opportunities for Developing Smart Grid Testbeds

Implementing the Administration's Critical Infrastructure and Cybersecurity Policy

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

PIPELINE SECURITY An Overview of TSA Programs

standards and frameworks and controls oh my! Mike Garcia Senior Advisor for Elections Best Practices

Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Effectively Measuring Cybersecurity Improvement: A CSF Use Case

Cybersecurity Framework Manufacturing Profile

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Protecting the Nation s Critical Assets in the 21st Century

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

IoT & SCADA Cyber Security Services

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Software & Supply Chain Assurance: Enabling Enterprise Resilience through Security Automation, Software Assurance and Supply Chain Risk Management

OCNI Workshop. Kathryn A. McCarthy, VP R&D 2017 September 6. Petawawa Golf Club UNRESTRICTED -1-

Why you should adopt the NIST Cybersecurity Framework

Securing Your Digital Transformation

Federal Mobility: A Year in Review

National Policy and Guiding Principles

Continuity of Operations During Disasters: Electronic Systems and Medical Records

Enhancing the Cybersecurity of Federal Information and Assets through CSIP

Cybersecurity Overview

Directive on security of network and information systems (NIS): State of Play

Les joies et les peines de la transformation numérique

Implementing Executive Order and Presidential Policy Directive 21

NCSF Foundation Certification

HPH SCC CYBERSECURITY WORKING GROUP

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

NIS Directive : Call for Proposals

FPM-IT-420B: FAC-P/PM-IT Planning & Acquiring Operations of IT Systems Course Details

MITIGATE CYBER ATTACK RISK

Medical Device Cybersecurity: FDA Perspective

Poor PAM processes and policies leave the crown jewels susceptible to security breaches Global Survey of IT Security Professionals

Information Security Continuous Monitoring (ISCM) Program Evaluation

Robert Hayes Senior Director Microsoft Global Cyber Security & Data Protection Group

Business Model for Global Platform for Big Data for Official Statistics in support of the 2030 Agenda for Sustainable Development

Cybersecurity & Privacy Enhancements

The HITRUST CSF. A Revolutionary Way to Protect Electronic Health Information

Building a Cybersecurity R&D Ecosystem in Singapore

The NIS Directive and Cybersecurity in

Cyber Partnership Blueprint: An Outline

California Cybersecurity Integration Center (Cal-CSIC)

Federal-State Connections: Opportunities for Coordination and Collaboration

NW NATURAL CYBER SECURITY 2016.JUNE.16

December 10, Statement of the Securities Industry and Financial Markets Association. Senate Committee on Banking, Housing, and Urban Development

Transforming IT: From Silos To Services

10/18/2016. Preparing Your Organization for a HHS OIG Information Security Audit. Models for Risk Assessment

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Rocky Mountain Cyberspace Symposium 2018 DoD Cyber Resiliency

Executive Order & Presidential Policy Directive 21. Ed Goff, Duke Energy Melanie Seader, EEI

EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use

Transport and ICT Global Practice Smart Connections for All Sandra Sargent, Senior Operations Officer, Transport & ICT GP, The World Bank

The MEP National Network: Providing Hands-on Technical Assistance to U.S. Manufacturers

Views on the Framework for Improving Critical Infrastructure Cybersecurity

Virtustream Managed Services Drive value from technology investments through IT management solutions. Tim Calahan, Manager Managed Services

HITRUST CSF: One Framework

POSITION DESCRIPTION

Suzanne B. Schwartz, MD, MBA Director Emergency Preparedness/Operations & Medical Countermeasures (EMCM Program) CDRH/FDA

Cyber Defense Operations Center

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

The Office of Infrastructure Protection

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Architecture and Standards Development Lifecycle

Verizon Software Defined Perimeter (SDP).

Technical Conference on Critical Infrastructure Protection Supply Chain Risk Management

SOLUTION BRIEF Virtual CISO

Cloud Customer Architecture for Securing Workloads on Cloud Services

Optus Macquarie University Cyber Security Hub A/Prof Christophe Doche Executive Director

Putting security first for critical online brand assets. cscdigitalbrand.services

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

Mapping Your Requirements to the NIST Cybersecurity Framework. Industry Perspective

Department of Homeland Security Science & Technology

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

TD01 - Enabling Digital Transformation Through The Connected Enterprise

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

K12 Cybersecurity Roadmap

Transcription:

The 3rd Annual Intelligence and National Security Forum Jim McCarthy NIST / NCCoE 05/11/2018 This presentation is unclassified in its entirety

Foundations Collaborative Hub The NCCoE assembles experts from businesses, academia, and other government agencies to work on critical national problems in cybersecurity. This collaboration is essential to exploring the widest range of concepts. As a part of the NIST cybersecurity portfolio, the NCCoE has access to a wealth of prodigious expertise, resources, relationships, and experience. 2

NIST Information Technology Laboratory Cultivating Trust in IT and Metrology through measurements, standards and tests Fundamental research in mathematics, statistics, and IT ITL Programs Advanced Networking Applied and Computational Mathematics Cybersecurity Information Access Collaborations with Industry Federal/State/Local Governments Academia Applied IT research and development Standards development and technology transfer Software and Systems Statistics 3

NIST Applied Cybersecurity Division (ACD) Implements practical cybersecurity and privacy through outreach and effective application of standards and best practices necessary for the U.S. to adopt cybersecurity capabilities ACD Programs Cybersecurity and Privacy Applications Cybersecurity Framework National Initiative for Cybersecurity Education Privacy Engineering and Risk Management Trusted Identities Group 4

Mission Accelerate adoption of secure technologies: collaborate with innovators to provide real-world, standards-based cybersecurity capabilities that address business needs 5

Engagement & Business Model DEFINE ASSEMBLE BUILD ADVOCATE OUTCOME: Define a scope of work with industry to solve a pressing cybersecurity challenge OUTCOME: Assemble teams of industry orgs, govt agencies, and academic institutions to address all aspects of the cybersecurity challenge OUTCOME: Build a practical, usable, repeatable implementation to address the cybersecurity challenge OUTCOME: Advocate adoption of the example implementation using the practice guide 6

SP 1800 Series Volume A: Executive Summary High-level overview of the project, including summaries of the challenge, solution, and benefits Volume B: Approach, Architecture, and Security Characteristics Deep dive into challenge and solution, including approach, architecture, and security mapping to NIST Cyber Security Framework (CSF) and other relevant standards Volume C: How-To Guide Detailed instructions on how to implement the solution, including components, installation, configuration, operation, and maintenance 7

National Cybersecurity Excellence Partnership 8

NCCoE Tenets Standards-based Apply relevant industry standards to each security implementation; demonstrate example solutions for new standards Modular Develop components that can be easily substituted with alternates that offer equivalent input-output specifications Repeatable Provide a detailed practice guide including a reference design, list of components, configuration files, relevant code, diagrams, tutorials, and instructions to enable system admins to recreate the example solution and achieve the same results Commercially available Work with the technology community to identify commercially available products that can be brought together in example solutions to address challenges identified by industry Usable Design blueprints that end users can easily and cost-effectively adopt and integrate into their businesses without disrupting day-to-day operations Open and transparent Use open and transparent processes to complete work; seek and incorporate public comments on NCCoE publications 9

Portfolio Attribute Based Access Control (SP 1800-3) Consumer/Retail: Multifactor Authentication for e- Commerce Data Integrity: Recovering from a Destructive Malware Attack Derived Personal Identity Verification Credentials DNS-Based Email Security (SP 1800-6) Energy: Identity and Access Management (SP 1800-2) Energy: Situational Awareness (SP 1800-7) Financial Services: Access Rights Management Financial Services: IT Asset Management (SP 1800-5) Healthcare: Securing Electronic Health Records on Mobile Devices (SP 1800-1) Healthcare: Securing Wireless Infusion Pumps (SP 1800-8) Hospitality: Securing Property Management Systems Manufacturing: Capabilities Assessment for Securing Manufacturing Industrial Control Systems Mobile Device Security (SP 1800-4) Privacy-Enhanced Identity Federation Public Safety/First Responder: Mobile Application Single Sign-On Secure Inter-Domain Routing Transportation: Maritime: Oil & Natural Gas Trusted Geolocation in the Cloud (NISTIR 7904) 10

Sector-Based Projects Commerce/Retail Energy Financial Services Health Care Hospitality Manufacturing Public Safety/First Responder Transportation 11

Energy Sector Projects Identity and Access Management (SP 1800-2) Situational Awareness (SP 1800-7) Join our Community of Interest Email us at energy_nccoe@nist.gov 12

Identity and Access Management: SP 1800-2 Securing networked infrastructure for the energy sector Overview Electric companies need to be able to control access to their networked resources Identity and Access Management (IdAM) implementations are often decentralized and controlled by numerous departments within a company The IdAM Practice Guide shows how an electric utility can implement a converged IdAM platform to provide a comprehensive view of all users within the enterprise across all silos, and the access rights they have been granted DEFINE ASSEMBLE BUILD ADVOCATE DEFINE ASSEMBLE BUILD ADVOCATE Project Status Revising practice guide to publish final SP 1800-2 Collaborate with Us Download NIST SP 1800-2, Identity and Access Management for Electric Utilities Email energy_nccoe@nist.gov to join the Community of Interest for this project 13

Situational Awareness: SP 1800-7 Improving security for electric utilities Overview Energy companies rely on operational technology to control the generation, transmission, and distribution of power A network monitoring solution that is tailored to the needs of control systems would reduce security blind spots This project explores methods energy providers can use to detect and remediate anomalous conditions, investigate the chain of events that led to the anomalies, and share findings with other energy companies DEFINE ASSEMBLE BUILD ADVOCATE Project Status Accepting public comments on draft Practice Guide SP 1800-7 through April 17, 2017 Collaborate with Us Read SP 1800-7 Situational Awareness for Electric Utilities Practice Guide Draft Email energy_nccoe@nist.gov to join the Community of Interest for this project 14

ENERGY SECTOR ASSET MANAGEMENT Energy Sector Asset Management (ESAM) Focuses on asset management capability for the Energy Sector Will include electric utilities, oil and gas, and other sub-sectors Additional focus given to remote and geographically dispersed assets Collaborator selection completed: May, 2018 Build Architecture: July, 2018 Draft ESAM Practice Guide Public Release: March, 2019 15

ESAM CONCEPTUAL ARCHITECTURE 16

University of Maryland 17

MANUFACTURING Manufacturing Behavioral Anomaly Detection Use Case : NIST Engineering Lab (EL) and Information Technology Lab (ITL) Will leverage existing EL Robotics and Process Control infrastructure Projected Draft Practice Guide Release Date: 06/2018 https:///sites/default/files/library/projectdescriptions/mf-ics-1-project-description-final.pdf 18

Questions? Jim McCarthy, Senior Security Engineer James.McCarthy@nist.gov 301-975-0228 http:// 301-975-0200 nccoe@nist.gov 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback