05:12 PM

NIST Cybersecurity Center Tackles Public And Private Threats

Researchers will use National Cybersecurity Center of Excellence to develop new products and services to combat cybersecurity threats faced by U.S. government agencies and companies.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters
The organization that sets federal technology standards is establishing a new center devoted to cybersecurity technology research across both the public and private sectors.

A partnership between the National Institute for Standards and Technology (NIST), the state of Maryland, and Montgomery County, Md., will create the National Cybersecurity Center of Excellence, where NIST researchers can exclusively work to improve cybersecurity in the United States, according to NIST.

The goals of the center, which is being funded by $10 million of NIST's budget for fiscal-year 2012, will be to establish more trust in U.S. IT communications, data, and storage systems; lower the risk for companies and people using those systems; and develop new cybersecurity products and services, according to NIST.

To do this, the center will team researchers with users and vendors of cybersecurity products and services to do specific work that considers use cases to address challenges in particular sectors. For example, researchers might create interoperable templates that can be used across industries or government agencies in areas such as cloud computing, cryptography, or continuous monitoring of IT systems, according to NIST.

[ Find out how NIST works to protect mobile devices. See NIST Tests Ways To Secure iPhones, iPads. ]

"Cyber crime hurts individuals, businesses and government agencies," NIST undersecretary of commerce for standards and technology and director Patrick Gallagher said in a press statement to launch the center. "We want to bring together the best minds and provide them with the best tools to create and test solutions that will make online transactions of all kinds safer."

NIST is encouraging IT vendors and members of the public to help develop and refine the use cases, and researchers will share results from the center's projects with the IT and vendor communities, according to NIST.

A new computing facility near NIST's campus in Gaithersburg, Md., will house the center, which will host collaborative research efforts that institutions from both public and private-sector computer scientists can participate in. NIST already has done a significant amount of cybersecurity work in the area of setting standards for the federal government, and the center will provide a new venue for the organization to broaden its research to the private sector.

Some recent moves NIST has made include providing guidance to help agencies assess risk within their IT systems to prevent federal cybersecurity breaches. It has also offered guidelines for protecting a computer's Basic Input/Output System (BIOS).

As federal agencies embrace devices and apps to meet employee demand, the White House seeks one comprehensive mobile strategy. Also in the new Going Mobile issue of InformationWeek Government: Find out how the National Security Agency is developing technologies to make commercial devices suitable for intelligence work. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
E-Commerce Security: What Every Enterprise Needs to Know
The mainstream use of EMV smartcards in the US has experts predicting an increase in online fraud. Organizations will need to look at new tools and processes for building better breach detection and response capabilities.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio