National Institute of Standards and Technology

Similar documents
National Cybersecurity Center of Excellence

NCCoE TRUSTED CLOUD: A SECURE SOLUTION

National Cybersecurity Challenges and NIST. Matthew Scholl Chief Computer Security Division

Smart Manufacturing and Standards: The NIST Role

The NIST Cybersecurity Framework

Measurement Challenges and Opportunities for Developing Smart Grid Testbeds

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

The Road Ahead for Healthcare Sector: What to Expect in Cybersecurity Session CS6, February 19, 2017 Donna F. Dodson, Chief Cybersecurity Advisor,

National Cybersecurity Center of Excellence

Innovation policy for Industry 4.0

The NIS Directive and Cybersecurity in

5G Security. Jason Boswell. Drew Morin. Chris White. Head of Security, IT, and Cloud Ericsson North America

EPRI Research Overview IT/Security Focus. Power Delivery & Energy Utilization Sector From Generator Bus Bar to End Use

National Strategy for Trusted Identities in Cyberspace

CSD Project Overview DHS SCIENCE AND TECHNOLOGY. Dr. Ann Cox. March 13, 2018

Cyber, An Evolving Ecosystem: Creating The Road For Tomorrows Smart Cities

Protecting the Nation s Critical Assets in the 21st Century

Doug Couto Texas A&M Transportation Technology Conference 2017 College Station, Texas May 4, 2017

What makes a hot topic hot? An NSF Perspective

MASP Chapter on Safety and Security

Featured Articles II Security Platforms Hitachi s Security Solution Platforms for Social Infrastructure

Cisco Connected Factory Accelerator Bundles

Cybersecurity ecosystem and TDL Antonio F. Skarmeta

NIST & CATEGORY THEORY

Timing in Cyber Physical Systems. Marc Weiss, Ph.D. NIST, Time and Frequency Division WSTS 2015

Big Data Analytics: Research Needs. Ali Ghassemian

[NEC Group Internal Use Only] IoT Security. - Challenges & Standardization status. Sivabalan Arumugam.

Secure Technology Alliance Response: NIST IoT Security and Privacy Risk Considerations Questions

Integrated Security Management Framework

IoT & SCADA Cyber Security Services

Matt Quinn.

Securing Wireless Medical Infusion Pumps A Use Case

UNCLASSIFIED. FY 2016 Base FY 2016 OCO

INTERNET OF BIG THINGS : SMART INFRASTRUCTURES FOR IMPROVED MOBILITY. Sarah WELDON

Achieving a Secure and Resilient Cyber Ecosystem: A Way Ahead

Toward All-Hazards Security and Resilience for the Power Grid

An Overview of Smart Sustainable Cities and the Role of Information and Communication Technologies (ICTs)

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

5G Revolution & Service security in Korea

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Grid Modernization at the Department of Energy

Authentication with Privacy for Connected Cars - A research perspective -

NSF Transition to Practice Challenges. Anita Nikolich National Science Foundation Program Director, Advanced Cyberinfrastructure November, 2015

NCSF Foundation Certification

Copyright 2017 Ford Motor Company, All Rights Reserved

Smart Cities & The 4th Industrial Revolution

Strategies for the Implementation of PIV I Secure Identity Credentials

Addressing Cybersecurity in Infusion Devices

Connected Medical Devices

Next Generation Distribution Automation Phase III, Intelligent Modern Pole (IMP) Field Demonstration

IEEE-SA Internet of Things - Security & Standards

A Perspective on V2X in the United States

IOT FLAGSHIP PROJECT. Dr. Mario Drobics, AIT

IoT, Cloud and Managed Services Accelerating the vision to reality to profitability

IoT with 5G Technology

Easy Incorporation of OPTIGA TPMs to Support Mission-Critical Applications

Information Security Continuous Monitoring (ISCM) Program Evaluation

SIMPLIFYING THE CAR. Helix chassis. Helix chassis. Helix chassis WIND RIVER HELIX CHASSIS WIND RIVER HELIX DRIVE WIND RIVER HELIX CARSYNC

General Framework for Secure IoT Systems

IoT privacy risk management in ANASTACIA project

Automotive Cyber Security

DOT/DHS: Joint Agency Work on Vehicle Cyber Security

IDC FutureScape: Worldwide Security Products and Services 2017 Predictions

Future Challenges and Changes in Industrial Cybersecurity. Sid Snitkin VP Cybersecurity Services ARC Advisory Group

Developing a Canadian ITS Program Voice of the Industry Workshop June 6, 2017

Framework for Improving Critical Infrastructure Cybersecurity. and Risk Approach

Updates to the NIST Cybersecurity Framework

SECURING THE CONNECTED ENTERPRISE.

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

In Accountable IoT We Trust

Transformation in Technology Barbara Duck Chief Information Officer. Investor Day 2018

Framework for Improving Critical Infrastructure Cybersecurity

Technology Forecast 2018: What State and Local Government Technology Officials Can Expect

Accelerating Innovation and Collaboration for the Next Stage

OUR VISION To be a global leader of computing research in identified areas that will bring positive impact to the lives of citizens and society.

USING DEVICE LIFECYCLE MANAGEMENT TO FUTURE PROOF YOUR IOT DEPLOYMENT

Future-Proof Security & Privacy in IoT

Encounter LATP-ETPs 19 October 2015, Lisbon, Portugal Ernestina Menasalvas, Universidad Politécnica de Madrid

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

Systemic Analyser in Network Threats

United States Government Cloud Standards Perspectives

National Cybersecurity Center of Excellence (NCCoE) Mobile Application Single Sign

Security and resilience in Information Society: the European approach

Smart Grid Standards and Certification

Internet-of-Things Conference. Andrew Bickley Technology Marketing Director

Medical Device Cybersecurity: FDA Perspective

1. Publishable Summary

Using the NIST Framework for Metrics 5/14/2015

The Benefits of Strong Authentication for the Centers for Medicare and Medicaid Services

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Cyber-Physical Chain (CPChain) Light Paper

Fujitsu World Tour 2018

Internet of Things. Internet of Everything. Presented By: Louis McNeil Tom Costin

European Union Agency for Network and Information Security

The Integrated Smart & Security Platform Powered the Developing of IOT

Staff Subcommittee on Electricity and Electric Reliability

Framework for Improving Critical Infrastructure Cybersecurity

Cyber Security in Europe

Securing the Smart Grid. Understanding the BIG Picture 11/1/2011. Proprietary Information of Corporate Risk Solutions, Inc. 1.

Transcription:

National Institute of Standards and Technology April 2017 1

ITL Mission ITL promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards, and related technology through research and development in information technology, mathematics, and statistics 2

ITL Technical Capabilities Advanced Networking Applied and Computational Mathematics Cybersecurity Information Access Software and Systems Statistics 3

ITL Approach Fundamental research in mathematics, statistics, and IT Applied IT research and development Standards development and technology transfer 4

ITL Purpose: Cultivate Trust in IT and Metrology 5 Photo - https://phys.org/news/2016-07-blockchainsfocusing-bitcoin-real-revolution-digital.html - Credit: Robert Bagnall/YouTube

The Internet of Things (IoT) There is no widely accepted definition of IoT one definition states: the connection of physical objects to the Internet and to each other through small, embedded sensors and wireless technologies, creating an ecosystem of ubiquitous computing and embedded intelligence in individual items that can detect changes in their physical state 1 Potential for enormous societal benefits in health, safety, energy, security, productivity, environment 1 - Internet of Things, Privacy & Security in a Connected World, Federal Trade Commission, January 2015, https://www.ftc.gov/system/files/documents/reports/federal-trade-commissionstaff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

The Internet of Things IoT adoption: early stages - but accelerating Standards and guidance needed to enable innovation so that the full benefits can be achieved. The NIST Information Technology Laboratory collaborates with industry, academia, and government to develop measurements and standards to enable IoT innovation has decades of research experience on technological underpinnings of the IoT works with the NIST CPS and manufacturing programs providing leadership on cybersecurity, privacy, and networking 1 - Internet of Things, Privacy & Security in a Connected World, Federal Trade Commission, January 2015, https://www.ftc.gov/system/files/documents/reports/federal-trade-commissionstaff-report-november-2013-workshop-entitled-internet-things-privacy/150127iotrpt.pdf

ITL IoT Research All ITL Divisions have expertise related to IoT Examples of ITL research areas include: Security and Privacy Networking Data Analytics Time, and Space 8 Image source: http://techliquids.com/the-importance-of-digital-trust-amidst-decreasing-loyalty/

9 IoT Security & Privacy Research Research, standards and guidance are needed so that the vast quantity of data generated and communicated by the IoT ecosystem can be delivered reliably and securely, while protecting privacy. Privacy Engineering and Risk Management: As with any system, when an IoT system is processing information about individuals (PII), privacy risks can arise from this processing. NIST s Privacy Engineering Program has defined a privacy risk model to support the identification of privacy risks in such systems. ITL conducts a wide range of research for cybersecurity, focusing on both fundamental and applied research with applicability to the IoT ecosystem some of which are in the following slides. ITL s work ranges from low level security considerations (e.g., BIOS security), to system security guidance (e.g., NIST SP 800-160) Systems Security Engineering (Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems) ITL s Cybersecurity for IoT Program builds on the decades of cybersecurity research and experience on the technological underpinnings of the IoT

ITL conducts fundamental cybersecurity research, work in standards and guidance Lightweight Encryption Project NIST hosted workshop and has published NISTIR 8114 Network of Things, NIST Special Publication (SP) 800-183 Networks of Things provides a basic model aimed at helping researchers better understand the Internet of Things (IoT) and its security challenges. Its vocabulary and science aims to help researchers understand how IoT components interoperate, and compare the security risks and reliability tradeoffs. Guide to Bluetooth Security, NIST Special Publication 800-121 Section that addresses specific needs for Bluetooth Low Energy (BLE) which could support constraints of IoT devices Hardware Roots of Trust Project The project is conducting research and develop guidelines (NIST SP 800-147/147B, NIST SP 800-155, NIST SP 800-164) on the use of Roots of Trust to secure information and information systems which could possibly tie into IoT by providing a mechanism for trusted devices

Applied cybersecurity research is ongoing that could support IOT security NCCoE - Wireless Medical Infusion Pumps Project The NCCoE is collaborating with the healthcare community to secure their medical devices on an enterprise network, with a specific focus on wireless infusion pumps. The project objectives are to perform a risk assessment, identify mitigating security technologies, and provide an example implementation. NIST Guide to Industrial Control Systems (ICS) Security SP 800-82 While the guidance broadly focuses on how to secure ICS, it could be applied to IOT security due to its focus on securing the unique devices within industrial control systems and provides specific guidance relating to the unique requirements for these (IOT type) devices. Trusted Identities Pilot Project NIST is funding a collaborative smart home pilot in apartment units in Portland, Oregon and San Francisco, CA to test individuals passwordless authentication to their IoT devices, as well as to securely share their IoT generated data through the use of a Personal Data Store Connected Vehicles NIST collaborates with a number of organizations (e.g., DOT, NHTSA, SAE ) on the development of smart transportation including considerations for security

Other cybersecurity areas we are exploring as applicable to IoT Security Special Publication 800-147 BIOS Protection Guidelines Special Publication 800-98 Guidelines for Securing Radio Frequency Identification (RFID) Systems Special Publication 800-150 Guide to Cyber Threat Information Sharing Special Publication 800-160 Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems NISTIR 7966, Security of Interactive and automated Access Management Using Secure Shell (SSH) Contains threat model and recommendations for implementations of SSH which could be applicable to security for IoT NHE-to-NHE, NHE-to-network and NHE-to-cloud communications The National Vulnerability Database which has extended its schema to include IoT devices where NIST assesses, scores, standardizes and openly publishes known IoT vulnerabilities. Cybersecurity Framework provides organizations with a framework to better understand, manage, and reduce its cybersecurity risks. Organizations should consider IoT devices in the organization's risk management Applicability of Blockchain to IoT

Physical considerations in cybersecurity NIST cybersecurity research considers the physical when anticipating cyber threats as well as leveraging the physical for detection and mitigation techniques. For example: Research into possible tools to adapt the constraints imposed by the dynamics of a physical process expressed in coupled differential equations into common networking specifications so that it can inform cybersecurity performance requirements Investigated the use of signatures derived from physical dynamics of complex systems for authentication and anomaly/intrusion detection Researched and produced an annex to FIPS 140-3 (standard for securing cryptographic modules) that paired non-invasive attacks such as timing attacks (TA), Simple Power Analysis (SPA), Simple Electro-Magnetic Analysis (SEMA), Differential Power Analysis (DPA) and Differential Electro-Magnetic Analysis (DEMA) to various symmetric and asymmetric algorithms and provided requirements based on the threats to those pairings. 13

IoT Networking Research The IoT demands scalability, reliability, and interoperability of communications. Networking standards are critical to enable interoperable systems of systems, and support innovation at the application layer. Software Defined Networking (SDN) and Information Content Networking (ICN) approaches for improving security, interoperability, and congestion control. Analysis of network control systems to identify where wireless infrastructure can reduce wiring costs without impacting performance. Controlled mobility algorithm for communication of smart cells in public safety networks. Body area networking, and energy harvesting 14

IoT Data Research The IoT will generate vast amounts of data for decision making, prediction, and autonomous physical action. NIST Big Data Interoperability Framework Big Data Public Working Group Phase II - Interfaces Seven volumes: 1 - Definitions; 2 -Taxonomies; 3 - Use Cases and General Requirements; 4 - Security and Privacy; 5 - Architectures White Paper Survey; 6 -Reference Architecture; 7 - Standards Roadmap Developing methods and testing infrastructure to measure and compare the performance of data analytic algorithms. 15

IoT Time & Space Research It s estimated that there will be over 30 billion 1 devices connected to the IoT by 2020, resulting in trillions of interactions presenting localization and interoperability challenges. Some devices will need to be synchronized in real time. Research in timing standards including security, Interoperability, localization, and real-time data analysis for IoT systems. 1 http://spectrum.ieee.org/tech-talk/telecom/internet/popular-internet-of-things-forecast-of-50-billion-devices-by-2020-isoutdated 16

NIST Cyber-Physical Systems Program Promoting the emergence of a globally interoperable Internet of Things 17 Measurement science & technology foundations Cyber-Physical Systems (CPS) Framework Powerful research & measurement infrastructure CPS/IoT Testbed CPS/IoT at-scale applications Smart cities Engineering Laboratory: www.nist.gov/el/cyber-physical-systems

Internet of Things ITL Research Future areas Usability and Human Interface. IOT systems won t be adopted unless they are usable. We need Research: how should IoT components best interact with users? Guidance: to aid developers in creating useable designs. Sensors. Sensors are critical components. Research on best practices for sensor data exchange New methods for remote sensor authentication, and quality control, and mitigation of sensor vulnerabilities (e.g., Kevin Fu et.al). 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback