Blog

Blog
March 07, 2017  |  Joshua M. Franklin and Christopher Brown

The 2017 RSA Conference offered great opportunities, as usual, for the NCCoE staff to learn from the cyber community and engage with industry. The conference supported an entire track of mobile security talks, and common themes included the intersection of mobile security/IoT, and the (lack) of privacy within mobile ecosystems. As the NCCoE continues its work in mobile device security, we were excited to see mobile security gaining more traction at the RSA Conference.

Blog
February 16, 2017  |  NIST

As part of their current cybersecurity efforts, many electric utilities monitor data from the various systems and devices they rely on to keep the power flowing and to secure both their information technology and facilities. Pulling these data together and correlating events across data streams can be a time-consuming process, so the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology collaborated with a team of experts from industry, academia and government to develop a guide utilities can use to improve situational awareness and better respond to potential cyber attacks.

Blog
February 09, 2017  |  Sarah Kinling

The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute for Standards and Technology (NIST), will demonstrate its current projects in San Francisco Feb. 13-17 at the RSA Conference and Orlando Feb 19-23 at the Healthcare Information and Management Systems Society Annual Conference & Exhibition (HIMSS17).

Blog
December 22, 2016  |  William Fisher and Marc Schneider

At approximately 7:00 a.m. ET on October 21, popular websites on the east coast appeared to go down, propelling a new type of distributed denial of service (DDoS) attack into the public spotlight. The malware involved in this incident, named Mirai leveraged Internet of Things (IoT) devices, such as DVRs and IP cameras, to form botnets. These botnets were used to target and disrupt core Internet services from domain name system (DNS) provider Dyn. As a malware strain, Mirai was already well known.

Blog
November 14, 2016  |  Bill Newhouse

We know the importance of safeguarding our credit cards—we don’t leave them laying around in plain sight and we don’t share our PIN numbers. We are discriminating about where we save our credit card information online, and most of us try to use good passwords. However, we also know that there are malicious actors that want this information and are increasingly adept at retrieving it despite our best efforts.

Blog
November 10, 2016  |  Tania Copper

On Wednesday November 9, 2016, the National Cybersecurity Center of Excellence (NCCoE) hosted “Cybersecurity in the Health Community,” part of the NCCoE Speaker Series. The event brought together a variety of cybersecurity professionals to the NCCoE campus to further the discussion on cybersecurity in the healthcare environment.

Blog
October 13, 2016  |  Kori Fisk

Cyberattacks are on the rise, and a staggering 41% of them target the energy sector. In order to protect the nation’s critical infrastructure, the sector must contend with a diverse set of unique challenges, from aging and disparate networks to a lack of awareness of threats and vulnerabilities. The National Cybersecurity Center of Excellence (NCCoE), in collaboration with energy sector stakeholders and cybersecurity technology vendors, has developed example solutions that utilities can use to help bolster their security postures. The NCCoE, a part of the National Institute of Standards and Technology (NIST), will host a workshop on October 18, 2016 at the North American Electric Reliability Corporation’s (NERC) Grid Security Conference (GridSecCon) in Quebec City, Canada. GridSecCon brings together cybersecurity and physical security experts from industry and government to share emerging security trends, policy advancements, and lessons learned related to the electric utility sector.

Blog
October 06, 2016  |  Joshua Franklin

On September 13, 2016, the National Cybersecurity Center of Excellence (NCCoE) hosted a workshop to review the recently released Mobile Threat Catalogue (MTC) with industry partners and identify missing areas of interest, new countermeasures, and potential mitigations. More than 50 mobile security industry members participated, including hardware manufacturers, operating system developers, malware detection companies, and mobile network operators. There was definitely expertise to go around!

Blog
July 17, 2016  |  Don Tobin

Criminal enterprises involved in distributing ransomware are making a large profit, with some studies showing profits in the hundreds of millions worldwide. In the Bitdefender study, more than 50 percent of the United States targets paid the ransom, while 40 percent said they would pay if they were hit. However, an effective data recovery strategy and business continuity plan would eliminate the need to pay the ransoms. Developing a process to detect and recover from a data integrity attack is too significant and costly a challenge for a single company to address in isolation. Therefore, the NCCoE has begun collaborating with technology partners and business leaders to develop a comprehensive, cross-industry solution.

Blog
May 04, 2016  |  Sarah Kinling

Last week, the National Cybersecurity Center of Excellence (NCCoE) presented at the 2016 Retail Cyber Intelligence Summit in Chicago. Hosted by the Retail Cyber Intelligence Sharing Center (R-CISC), a nonprofit resource for retailers that collects and shares threat intelligence in a safe and secure way, this two-day event brought together nearly 200 information security leaders representing many prominent retail and consumer services organizations.