Blog

Blog
June 27, 2017  |  Donna Dodson

As its name suggests, the internet of things will connect all kinds of things, bringing us a wealth of data about, well, everything that we can use to improve our lives. For example, internet-connected smart parking meters are helping people find available parking spaces, saving time, fuel and probably more than a few relationships. People are using fitness trackers to log their daily activity and achieve their fitness goals, making them healthier and happier. And technologies that promise to make travel safer and more convenient, such as self-driving cars and highway sensors that detect and adapt to real-time road conditions, are quickly moving from concept to reality.

Blog
May 24, 2017  |  William Fisher

Motorola Solutions, Nok Nok Labs, Ping Identity, StrongAuth, and Yubico have joined the National Cybersecurity Center of Excellence (NCCoE) as technology collaborators in the Mobile Application Single Sign-On (SSO) project. As part of this collaboration, NIST will compose and release a publicly available Cybersecurity Practice Guide (Special Publication 1800 series) that will document the reference design and help public safety and first responder (PSFR) organizations implement multifactor authentication and mobile application SSO in their own environments.

Blog
May 05, 2017

As the world rapidly embraces the Internet of Things, properly securing medical devices has grown challenging for most healthcare delivery organizations (HDOs). That’s because medical devices, such as infusion pumps, have evolved from standalone instruments that interacted only with the patient and a medical provider into devices that now connect wirelessly to a variety of systems, networks, and other platforms to enhance patient care, as part of the broader Internet of Medical Things (IoMT). As a result, cybersecurity risks have risen. Wireless infusion pump ecosystems, which include the pump, the network, and the data stored in and on a pump, face a range of potential threats, such as unauthorized access to protected health information (PHI), changes to prescribed drug doses, and interference with a pump’s intended function.

In collaboration with the healthcare community and manufacturers, the NCCoE developed cybersecurity guidance, draft NIST Special Publication 1800-8: Securing Wireless Infusion Pumps in Healthcare Delivery Organizations, which uses standards-based, commercially available technologies and industry best practices to help HDOs strengthen the security of wireless infusion pumps within healthcare facilities. The draft guide is now open for public comment.  

Blog
March 07, 2017  |  Joshua M. Franklin and Christopher Brown

The 2017 RSA Conference offered great opportunities, as usual, for the NCCoE staff to learn from the cyber community and engage with industry. The conference supported an entire track of mobile security talks, and common themes included the intersection of mobile security/IoT, and the (lack) of privacy within mobile ecosystems. As the NCCoE continues its work in mobile device security, we were excited to see mobile security gaining more traction at the RSA Conference.

Blog
February 16, 2017  |  NIST

As part of their current cybersecurity efforts, many electric utilities monitor data from the various systems and devices they rely on to keep the power flowing and to secure both their information technology and facilities. Pulling these data together and correlating events across data streams can be a time-consuming process, so the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology collaborated with a team of experts from industry, academia and government to develop a guide utilities can use to improve situational awareness and better respond to potential cyber attacks.

Blog
February 09, 2017  |  Sarah Kinling

The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute for Standards and Technology (NIST), will demonstrate its current projects in San Francisco Feb. 13-17 at the RSA Conference and Orlando Feb 19-23 at the Healthcare Information and Management Systems Society Annual Conference & Exhibition (HIMSS17).

Blog
December 22, 2016  |  William Fisher and Marc Schneider

At approximately 7:00 a.m. ET on October 21, popular websites on the east coast appeared to go down, propelling a new type of distributed denial of service (DDoS) attack into the public spotlight. The malware involved in this incident, named Mirai leveraged Internet of Things (IoT) devices, such as DVRs and IP cameras, to form botnets. These botnets were used to target and disrupt core Internet services from domain name system (DNS) provider Dyn. As a malware strain, Mirai was already well known.

Blog
November 14, 2016  |  Bill Newhouse

We know the importance of safeguarding our credit cards—we don’t leave them laying around in plain sight and we don’t share our PIN numbers. We are discriminating about where we save our credit card information online, and most of us try to use good passwords. However, we also know that there are malicious actors that want this information and are increasingly adept at retrieving it despite our best efforts.

Blog
November 10, 2016  |  Tania Copper

On Wednesday November 9, 2016, the National Cybersecurity Center of Excellence (NCCoE) hosted “Cybersecurity in the Health Community,” part of the NCCoE Speaker Series. The event brought together a variety of cybersecurity professionals to the NCCoE campus to further the discussion on cybersecurity in the healthcare environment.

Blog
October 13, 2016  |  Kori Fisk

Cyberattacks are on the rise, and a staggering 41% of them target the energy sector. In order to protect the nation’s critical infrastructure, the sector must contend with a diverse set of unique challenges, from aging and disparate networks to a lack of awareness of threats and vulnerabilities. The National Cybersecurity Center of Excellence (NCCoE), in collaboration with energy sector stakeholders and cybersecurity technology vendors, has developed example solutions that utilities can use to help bolster their security postures. The NCCoE, a part of the National Institute of Standards and Technology (NIST), will host a workshop on October 18, 2016 at the North American Electric Reliability Corporation’s (NERC) Grid Security Conference (GridSecCon) in Quebec City, Canada. GridSecCon brings together cybersecurity and physical security experts from industry and government to share emerging security trends, policy advancements, and lessons learned related to the electric utility sector.