In The News

In the news
November 14, 2016  |  Professional Mariner

The U.S. Coast Guard, the National Institute of Standards and Technology (NIST), and maritime industry stakeholders have developed a voluntary cybersecurity “profile” for maritime bulk liquid transfer (MBLT) facilities. This profile will be released at the American Petroleum Institute’s 11th Annual Cybersecurity Conference in Houston. The profile implements the NIST Cybersecurity Framework, which was developed in 2014 to address and manage cybersecurity risk in a cost-effective way based on business needs and without placing additional regulatory requirements on businesses.

In the news
November 14, 2016  |  Inside Cybersecurity

The National Institute of Standards and Technology and the U.S. Coast Guard have issued a final version of a cybersecurity “profile” mapping the federal framework of cybersecurity standards to ports that manage hazardous liquids. The document, released Nov. 10, is the first in a series that will provide guidance to the maritime industry in implementing the NIST cybersecurity framework to specific maritime settings.

In the news
November 11, 2016  |  SC Magazine

The dangers involved in shifting volatile liquids from ship to shore may not appear to have a cybersecurity angle, but according to the U.S. Coast Guard (USCG) many transfter facilities are computer controlled and thus vulnerable to cyberattack. With this in mind the USCG, National Institute of Standards and Technology (NIST) and the maritime industry came together to create a voluntary framework to help protect these computer systems. 

In the news
November 11, 2016  |  Phys.org

The document is the first in a series of planned profiles that will help maritime industry organizations make the most of the voluntary Framework for Improving Critical Infrastructure Cybersecurity, published by NIST in February 2014. The profile pulls into one document recommended  safeguards to provide a starting point for organizations to review and adapt their risk management processes, and it describes a desired minimum state of cybersecurity.

In the news
November 10, 2016  |  Data Privacy & Security Insider

The National Cybersecurity Center of Excellence (NCCoE) has released a draft Project Description for the manufacturing sector entitled: Capabilities Assessment for Securing Manufacturing Industrial Control Systems. This document is the first of a four-part series and addresses only behavioral anomaly detection capabilities. NCCoE is seeking comment on the guidance until December 7, 2016.

In the news
November 08, 2016  |  Cyberscoop

In a release Monday, the National Cybersecurity Center of Excellence said they were seeking comment by Dec. 7 on their draft project description: Capabilities Assessment for Securing Manufacturing Industrial Control Systems.

Industrial control systems, or ICS, are specialized IT systems — with both software and hardware elements — that run industrial processes. Because ICS controls physical plant like factory assembly lines or chemical processing, hackers can have real world effects by attacking it.

In the news
November 07, 2016  |  Inside Cybersecurity

Federal officials will discuss healthcare cybersecurity, oil and gas security, and more following Election Day, while numerous industry events around the world this week will tackle issues from data protection to federal agency IT security. On Wednesday at the National Cybersecurity Center of Excellence in Rockville, MD, Suzanne Schwartz, the Food and Drug Administration's lead on medical device cybersecurity, will speak on cybersecurity in the healthcare sector.

In the news
November 07, 2016  |  SC Magazine

The U.S. National Cybersecurity Center of Excellence (NCCoE) and the National Institute of Standards and Technology (NIST) released a draft guide that examines methods of making email more secure. The guide, entitled DNS-Based Email Security, examines the Domain Name System Security Extensions (DNSSEC) specifications and DNS-Based Authentication of Named Entities (DANE) protocol.

In the news
November 03, 2016  |  Inside Cybersecurity

The National Institute of Standards and Technology's National Cybersecurity Center of Excellence on Wednesday issued a new draft NIST Cybersecurity Practice Guide on Domain Name Systems-Backed Electronic Mail Security, offering a security protocol to ensure trusted email exchanges.

The guide, which is available for public comment through Dec. 19, outlines a “proof of concept security platform” that improves email security and defenses against email-focused cyber attacks such as phishing schemes.

In the news
November 02, 2016  |  CircleID

The National Cybersecurity Center of Excellence (NCCoE) has invited comments on a draft practice guide to help organizations improve email security and defend against phishing, man-in-the-middle, and other types of email-based attacks. The draft of the National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide titled, Domain Name Systems-Based Electronic Mail Security(NIST Special Publication 1800-6), demonstrates how commercially available technologies can help email service providers improve the security of email communications.