News and Events

October 01, 2017

NCCoE Senior Engineer Harry Perper will present "Ransomware Recovery and Privileged Account Management Improve Resilience" on October 4 from 1:45pm to 2:30pm at the FS-ISAC Fall Summit in Baltimore, Md. Malware and insider threat actors often make use of privileged accounts to enable their activities. Recovery from ransomware is complicated by the lack of consistent and protected file and system back-ups. And access rights policies are difficult to enforce using manual processes. This session will explore  the NCCoE's research and projects related to Data Integrity (ransomware recovery), Access Rights Management, and Privileged Account Management.

September 08, 2017

Draft guidelines for ransomware recovery have been issued by the National Cybersecurity Center of Excellence (NCCoE) and the National Institute of Standards and Technology (NIST). The guidelines – NIST Special Publication 1800-11 – apply to all forms of data integrity attacks. SP 1800-11 is a detailed, standards-based guide that can be used by organizations of all sizes to develop recovery strategies to deal with data integrity attacks and establish best practices to minimize the damage caused and ensure a speedy recovery.

September 08, 2017

The US National Institute of Standards and Technology's (NIST's) National Cybersecurity Center of Excellence (NCCOE) has published a draft guidance document titled Data Integrity: Recovering from Ransomware and Other Destructive Events. The guide "demonstrates how organizations can develop and implement appropriate actions following a detected cybersecurity event."

September 07, 2017

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) along with vendors and businesses within the cybersecurity community teamed up to develop a recovery guide for firms hit with ransomware attacks. Researchers said the goal of the guide is to help organizations recover data from cybersecurity events, facilitate smooth recovery in the event of a compromise, and manage enterprise risks, according to the Data Integrity Recovering from Ransomware and Other Destructive Events report.

September 06, 2017

To help companies and organizations prepare and recover from cyberattacks, the U.S. government has issued a guidance in collaboration with members of the business community and vendors in the cybersecurity industry. The National Cybersecurity Center of Excellence at the National Institute of Standards and Technology released “Data Integrity: Recovering from Ransomware and Other Destructive Events.” 

February 09, 2017

The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute for Standards and Technology (NIST), will demonstrate its current projects in San Francisco Feb. 13-17 at the RSA Conference and Orlando Feb 19-23 at the Healthcare Information and Management Systems Society Annual Conference & Exhibition (HIMSS17).

Individuals and organizations interested in learning more about the NCCoE’s work and how they can participate are encouraged to visit the booth and attend the presentations and demonstrations listed below.

RSA Conference: February 13-17, 2017

October 19, 2016

The CyberMaryland Conference is an annual two-day event presented jointly by The National Cyber Security Hall of Fame and Federal Business Council (FBC) in conjunction with academia, government, and private industry organizations. NCCoE Senior Security Engineer Don Tobin will lead a Cyber Threat Intelligence Forum on "Restoring Data Integrity After a Destructive Malware or Ransomware Attack" on Thursday, October 20 at 9 a.m. This presentation will cover the work being done at the NCCoE on methods to effectively recover and restore systems to normal operations after a data corruption attack. The conference will take place at the Baltimore Hilton Hotel.

July 21, 2016

The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence on Thursday established a new “community of interest” for data integrity, part of a Data Integrity Project aimed at assuring data is not altered or destroyed by malware, ransomware, insider activity, and other risks.

July 17, 2016

Criminal enterprises involved in distributing ransomware are making a large profit, with some studies showing profits in the hundreds of millions worldwide. In the Bitdefender study, more than 50 percent of the United States targets paid the ransom, while 40 percent said they would pay if they were hit. However, an effective data recovery strategy and business continuity plan would eliminate the need to pay the ransoms. Developing a process to detect and recover from a data integrity attack is too significant and costly a challenge for a single company to address in isolation. Therefore, the NCCoE has begun collaborating with technology partners and business leaders to develop a comprehensive, cross-industry solution.

June 01, 2016

The National Data Integrity Conference is a gathering of people sharing new challenges and solutions regarding research data and integrity. NCCoE Senior Security Engineer Donald Tobin will discuss "Recovering Data Integrity After a Destructive Malware Attack" in a lightning talk on June 3 from 1:15-3:00pm. The conference will be held at the University of Colorado in Denver. 

June 01, 2016

The National Institute of Standards and Technology is requesting proposals for cybersecurity-related products and technical expertise that would help organizations recover from incidents that alter or destroy data.

The effort is being pursued through NIST's National Cybersecurity Center of Excellence and seeks to develop an “example solution” under the Data Integrity Building Block.

May 31, 2016

The National Institute of Standards and Technology is looking for products and expertise to help organizations reliably recover corrupted or destroyed data.

The search is being conducted by NIST’s Data Integrity project, which is part of the National Cybersecurity Center of Excellence. The project is working to develop ways organizations can prevent or recover from data loss or alteration resulting from malware or human error.

January 21, 2016

The National Institute of Standards and Technology today will close a public comment period on a white paper about data integrity and methods to recover IT systems from cyber attacks and audit data to ensure integrity.

The NIST Cybersecurity White Paper “Data Integrity: Reducing the Impact of an Attack” was developed by NIST’s National Cybersecurity Center of Excellence.

December 14, 2015

The threat of ransomware is one of three example scenarios highlighted in a recent white paper released by the National Institute of Standards and Technology (NIST), titled Data Integrity: Reducing the Impact of an Attack. The paper launches a joint project led by the National Cybersecurity Center of Excellence (NCCoE), with participation by the Financial Services Information Sharing and Analysis Center (FS-ISAC) and several private sector organizations.

November 29, 2015

As the year nears its close, the data breaches that came to light in the past 12 months remain top of mind. To help combat that cyber threat, the National Institute of Standards and Technology is seeking comments on a new project that would help organizations prepare for and recover from data attacks.

NIST's National Cybersecurity Center of Excellence is asking for comments on a white paper titled "Data Integrity: Reducing the impact of an attack," (pdf) released Nov. 23, according to a press release.

November 25, 2015

The National Institute of Standards and Technology has released a white paper that suggests various methods for companies to avoid and recover from a data integrity attack.

NIST said Tuesday its National Cybersecurity Center of Excellence produced the draft document with the Financial Services Information Sharing and Analysis Center and several technology vendors in an effort to help businesses protect their data from insider threats and malicious software.

November 25, 2015

Washington, DC - Businesses face a near-constant threat of destructive malware, ransomware and malicious insider activities that can alter or destroy critical data. Even honest mistakes can alter data in ways that cause a significant loss to a company’s reputation, business operations and bottom line. To reduce this risk, organizations need to be able to recover quickly from a data integrity attack and trust the accuracy and precision of the recovered data.

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) is seeking comments on a new project to help organizations prepare for, and recover from, attacks that might compromise their data.

November 24, 2015

The National Institute of Standards and Technology on Tuesday released a new draft white paper titled "Data Integrity: Reducing the impact of an attack," highlighting practices to prepare for and recover from cyber attacks that compromise data.

According to NIST, the guide outlines technical challenges of ensuring accurate and complete backup data when recovering from a cyber attack.

November 23, 2015

The Financial Services Information Sharing and Analysis Center (FS-ISAC) announced Monday the availability of a guide for financial services entities that want to bolster their operational continuity and reduce risks associated with a destructive cyber attack.

An interagency working group comprised of the FS-ISAC, the National Institute of Standards and Technology and other agencies has assembled materials that map the currently available resources for financial institutions, the center said in a statement. The four-page executive summary is online. In addition, a detailed paper is available upon request, according to the center.

November 23, 2015

Businesses face a near-constant threat of destructive malware, ransomware and malicious insider activities that can alter or destroy critical data. Even honest mistakes can alter data in ways that cause a significant loss to a company’s reputation, business operations and bottom line. To reduce this risk, organizations need to be able to recover quickly from a data integrity attack and trust the accuracy and precision of the recovered data.

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) is seeking comments on a new project to help organizations prepare for, and recover from, attacks that might compromise their data.