Risk
2/21/2012
05:12 PM
50%
50%

NIST Cybersecurity Center Tackles Public And Private Threats

Researchers will use National Cybersecurity Center of Excellence to develop new products and services to combat cybersecurity threats faced by U.S. government agencies and companies.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters
The organization that sets federal technology standards is establishing a new center devoted to cybersecurity technology research across both the public and private sectors.

A partnership between the National Institute for Standards and Technology (NIST), the state of Maryland, and Montgomery County, Md., will create the National Cybersecurity Center of Excellence, where NIST researchers can exclusively work to improve cybersecurity in the United States, according to NIST.

The goals of the center, which is being funded by $10 million of NIST's budget for fiscal-year 2012, will be to establish more trust in U.S. IT communications, data, and storage systems; lower the risk for companies and people using those systems; and develop new cybersecurity products and services, according to NIST.

To do this, the center will team researchers with users and vendors of cybersecurity products and services to do specific work that considers use cases to address challenges in particular sectors. For example, researchers might create interoperable templates that can be used across industries or government agencies in areas such as cloud computing, cryptography, or continuous monitoring of IT systems, according to NIST.

[ Find out how NIST works to protect mobile devices. See NIST Tests Ways To Secure iPhones, iPads. ]

"Cyber crime hurts individuals, businesses and government agencies," NIST undersecretary of commerce for standards and technology and director Patrick Gallagher said in a press statement to launch the center. "We want to bring together the best minds and provide them with the best tools to create and test solutions that will make online transactions of all kinds safer."

NIST is encouraging IT vendors and members of the public to help develop and refine the use cases, and researchers will share results from the center's projects with the IT and vendor communities, according to NIST.

A new computing facility near NIST's campus in Gaithersburg, Md., will house the center, which will host collaborative research efforts that institutions from both public and private-sector computer scientists can participate in. NIST already has done a significant amount of cybersecurity work in the area of setting standards for the federal government, and the center will provide a new venue for the organization to broaden its research to the private sector.

Some recent moves NIST has made include providing guidance to help agencies assess risk within their IT systems to prevent federal cybersecurity breaches. It has also offered guidelines for protecting a computer's Basic Input/Output System (BIOS).

As federal agencies embrace devices and apps to meet employee demand, the White House seeks one comprehensive mobile strategy. Also in the new Going Mobile issue of InformationWeek Government: Find out how the National Security Agency is developing technologies to make commercial devices suitable for intelligence work. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9710
Published: 2015-05-27
The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time windo...

CVE-2014-9715
Published: 2015-05-27
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that trig...

CVE-2015-2666
Published: 2015-05-27
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to t...

CVE-2015-2830
Published: 2015-05-27
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate...

CVE-2015-2922
Published: 2015-05-27
The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but youíll never have complete information and youíll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?