Presentation is loading. Please wait.

Presentation is loading. Please wait.

An Overview of the NIST’s Cyber Security Program Donna F. Dodson Deputy Chief Cyber Advisor October 2009.

Published byAsher Patrick Modified over 8 years ago

Similar presentations

Presentation on theme: "An Overview of the NIST’s Cyber Security Program Donna F. Dodson Deputy Chief Cyber Advisor October 2009."— Presentation transcript:

1 An Overview of the NIST’s Cyber Security Program Donna F. Dodson Deputy Chief Cyber Advisor October 2009

2 NIST’s Mission To promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology … … in ways that enhance economic security and improve our quality of life. ©Geoffrey Wheeler ©Robert Rathe

3 NIST At A Glance 2,800 employees (Gaithersburg, Maryland; Boulder, Colorado; Charleston, South Carolina) 1,800 guest researchers NIST Laboratories Advanced Technology Program Hollings Manufacturing Extension Partnership Program Baldrige National Quality Program ©Robert Rathe Photo by Barry Gardner

4 The NIST Laboratories NIST’s work enables Science Technology innovation Trade Public benefit NIST works with Industry Academia Government agencies Measurement laboratories Standards organizations

5 Information Technology Laboratory ITL Director Computer Security Division Director ITL Programs Deputy ITL Director Cyber Security Advisor Cryptographic Technology Group Security Research & Emerging Tech Group Security Management and Assurance Group Enabling Scientific Discovery Pervasive Computing Complex Systems Identity Management Cyber and Network Security Trustworthy Computing Virtual Measurement Information Discovery, Use, & Sharing Software And Systems Division Advanced Networks Division Mathematics Division Information Access Division

6 Responsibilities for Cyber Security NIST is responsible for developing standards and guidelines, including minimum requirements, that provide adequate information security for all agency operations and assets in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347, but such standards and guidelines shall not apply to national security systems. Under FISMA NIST shall “conduct research, as needed, to determine the nature and extent of information security vulnerabilities and techniques for providing cost-effective information security.” NIST develops guidelines consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130, Section 8b(3), Securing Agency Information Systems, as analyzed in A-130, Appendix IV: Analysis of Key Sections. Supplemental information is provided in A-130, Appendix III. In accordance with the Cyber Security Research and Development Act, The National Institute of Standards and Technology develops, and revises as necessary, checklists setting forth settings and option selections that minimize the security risks associated with each computer hardware or software system that is, or is likely to become, widely used within the Federal Government. Homeland Security Presidential Directive 7; “The Department of Commerce will work with private sector, research, academic, and government organizations to improve technology for cyber systems and promote other critical infrastructure efforts, including using its authority under the Defense Production Act to assure the timely availability of industrial products, materials, and services to meet homeland security requirements.” Homeland Security Presidential Directive 12: “The Secretary of Commerce shall promulgate in accordance with applicable law a Federal standard for secure and reliable forms of identification (the "Standard")”

7 Development Model Research – Internal – Collaborations Development – Prototypes – Test beds Standards and Guidelines Metrics Testing and Validations Education and Outreach

8 Core Focus Areas Research, Development, and Specification – Security Mechanisms (e.g. protocols, cryptographic, access control, auditing/logging) – Security Mechanism Applications Confidentiality Integrity Availability Authentication Non-Repudiation Secure System and Component configuration Assessment and assurance of security properties of products and systems

9 Risk Management Framework and FISMA - Federal Information Processing Standard (FIPS) 199 and FIPS 200 are standards that specify minimum security requirements for Federal information and information systems – Ongoing research and outreach efforts to keep SP 800-53, which contains the detailed requirements, up-to-date Security Automation Tools – Support for Vulnerability Management through automation specifications and automated checklists in support of continuous system monitoring – Includes work related to the National Vulnerability Database and Secure Content Automation Protocol Internet Protocol Version 6 (IPv6) – Providing test and measurement tools for hardening existing Internet protocols: Standards, deployment, and testing of Internet Protocol (IPv6) – Published the U.S. Government IPv6 Profile, and developed strategies for conformance and interoperability testing 9

10 Seamless and Secure Mobility – Standards and tools to provide users with ubiquitous connectivity and the ability to roam seamlessly and securely across networks of different types – Collaborating on IEEE 802.21 Media Independent Handover standards, IETF mobility optimization specification Cryptography and Cryptographic Mechanisms – Provides cryptographic algorithms and protocols to support confidentiality, integrity, authentication and digital signatures – Develop specifications for tools and establish testing methodology – Currently, running an international competition of a new Cryptographic Hash Algorithm Key Management – Developing a key management framework to include scalable, usable and secure key management technologies – Foster better use of established technologies; explore emerging techniques – SP 800-56 Key Management Guidelines 10

11 Usability of Security – Performing groundwork research to define factors that enable usability in the area of multifactor authentication and developing a framework for determining metrics that are critical to the success of usability Usability of Biometric Systems – Standardize and improve usability of user interfaces of biometric systems to enhance performance and user satisfaction – Developing a methodology and guidelines for capturing user requirements and transforming them into a design appropriate for small platforms Identity Management Systems – Standards development work in biometrics, smart cards, identity management, and privacy framework. – R&D: Personal Identity Verification, Match-On-Card, ontology for identity credentials, development of a workbench – ID Credential Interoperability 11 © Peto Zvonar | Dreamstime.com © Graeme Dawes | Dreamstime.com

12 Security for emerging virtualization technologies – Research for viable security isolation techniques including platform virtualization, process sandboxes, virtual networks and encrypted storage Voting security – Foster the development of voluntary consensus guidelines on implementing election-related technologies – Establish accreditation program for voting system testing 12 © Lisa F. Young/Dreamstime.com

13 Smart grid security – Coordinate development of cybersecurity elements of a framework of protocols and model standards; continuously coordinated with networking standards and guidance – Selecting use cases from existing sources, e.g., IntelliGrid, Electric Power Research Institute (EPRI), and Southern California Edison (SCE) – Use cases provide a common framework for performing the risk assessment, developing the security architecture, and selecting and tailoring the security requirements Healthcare information technology – NIST provides security specifications for enabling communicating parties to transmit health information securely and to ensure privacy and confidentiality – Developing guidelines for HIPAA Security Rule and Security Architecture Design Process for Health Information Exchanges – Leveraging prior cybersecurity efforts 13 © Shutterstock © Andrzej Tokarski | Dreamstime.com

14 Quantum Communications – Demonstrate and test secure, commercial-grade communication components, systems and protocols for the quantum era Foundations of Measurement Science for Information Systems – Large-scale systems (e.g., the Internet, power grid) deployed without fundamental understanding of their range of behaviors, security; Information systems lack same foundations as physical sciences – Basic research program: mathematical foundations underlying development of a measurement science for information systems; Initial Focus: Abstract models of information systems structure, dynamics 14 ISP connection topology. Source: caida.org

15 Future and Ongoing Challenges Long Term Research – Advanced Cryptography (e.g., hash, public key, quantum, light footprint) – Inherently Secure, High Assurance, and Provably Secure Systems and Architectures – Composable and Scalable Secure Systems – Autonomic Systems – Ad-hoc Networks and Wireless Security – Network Measurement and Visualization Tools – Secure Distributed Systems – Infrastructure for Information Security R&D 18

16 For Additional Information NIST  http://www.nist.gov/ NIST’s Information Technology Lab  http://www.itl.nist.gov/ Computer Security Resource Center – http://csrc@nist.gov National Vulnerability Database – http://nvd.nist.gov Biometrics Resource Center – http://www.itl.nist.gov/div893/biometrics Biometrics Research – Finger: http://fingerprint.nist.gov – Face: http://face.nist.gov – Iris: http://iris.nist.gov 22

Download ppt "An Overview of the NIST’s Cyber Security Program Donna F. Dodson Deputy Chief Cyber Advisor October 2009."

Similar presentations

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.

NISTs Role in Securing Health Information AMA-IEEE Medical Technology Conference on Individualized Healthcare Kevin Stine, Information Security Specialist.
Programs, Plans and Perspectives Cita M. Furlani, Director, Information Technology Laboratory March 17, 2011.

Programs, Plans and Perspectives Cita M. Furlani, Director, Information Technology Laboratory March 17, 2011.
Joint CASC/CCI Workshop Report Strategic and Tactical Recommendations EDUCAUSE Campus Cyberinfrastructure Working Group Coalition for Academic Scientific.

Joint CASC/CCI Workshop Report Strategic and Tactical Recommendations EDUCAUSE Campus Cyberinfrastructure Working Group Coalition for Academic Scientific.
15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.

15June’061 NASA PKI and the Federal Environment 13th Fed-Ed PKI Meeting 15 June ‘06 Presenter: Tice DeYoung.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Cybersecurity Blueprints

Cybersecurity Blueprints
GENI: Global Environment for Networking Innovations Larry Landweber Senior Advisor NSF:CISE Joint Techs Madison, WI July 17, 2006.

GENI: Global Environment for Networking Innovations Larry Landweber Senior Advisor NSF:CISE Joint Techs Madison, WI July 17, 2006.
4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.

4.1.5 System Management Background What is in System Management Resource control and scheduling Booting, reconfiguration, defining limits for resource.
National Infrastructure Protection Plan

National Infrastructure Protection Plan
Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce

Cyber Security and the Smart Grid George W. Arnold, Eng.Sc.D. National Institute of Standards and Technology (NIST) U.S. Department of Commerce
NIST Computer Security Activities William C. Barker April 2009 U.S. Department of Commerce.

NIST Computer Security Activities William C. Barker April 2009 U.S. Department of Commerce.
DHS, National Cyber Security Division Overview

DHS, National Cyber Security Division Overview
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Hardware-Rooted Security in Mobile Devices Andrew Regenscheid Lead, Hardware-Rooted Security Computer Security Division.

Hardware-Rooted Security in Mobile Devices Andrew Regenscheid Lead, Hardware-Rooted Security Computer Security Division.
November 9, 19991 NIST’s Role in Computer Security Ed Roback Computer Security Division NIST Information Technology Laboratory.

November 9, NIST’s Role in Computer Security Ed Roback Computer Security Division NIST Information Technology Laboratory.
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Applied Cryptography for Network Security

Applied Cryptography for Network Security
Emerging Research Dimensions in IT Security Dr. Salar H. Naqvi Senior Member IEEE Research Fellow, CoreGRID Network of Excellence European.

Emerging Research Dimensions in IT Security Dr. Salar H. Naqvi Senior Member IEEE Research Fellow, CoreGRID Network of Excellence European.
Cloud Usability Framework

Cloud Usability Framework
National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.

National Information Assurance Partnership NIAP 2000 Building More Secure Systems for the New Millenium sm.

Similar presentations

Ads by Google