Risk
2/21/2012
05:12 PM
50%
50%

NIST Cybersecurity Center Tackles Public And Private Threats

Researchers will use National Cybersecurity Center of Excellence to develop new products and services to combat cybersecurity threats faced by U.S. government agencies and companies.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters
The organization that sets federal technology standards is establishing a new center devoted to cybersecurity technology research across both the public and private sectors.

A partnership between the National Institute for Standards and Technology (NIST), the state of Maryland, and Montgomery County, Md., will create the National Cybersecurity Center of Excellence, where NIST researchers can exclusively work to improve cybersecurity in the United States, according to NIST.

The goals of the center, which is being funded by $10 million of NIST's budget for fiscal-year 2012, will be to establish more trust in U.S. IT communications, data, and storage systems; lower the risk for companies and people using those systems; and develop new cybersecurity products and services, according to NIST.

To do this, the center will team researchers with users and vendors of cybersecurity products and services to do specific work that considers use cases to address challenges in particular sectors. For example, researchers might create interoperable templates that can be used across industries or government agencies in areas such as cloud computing, cryptography, or continuous monitoring of IT systems, according to NIST.

[ Find out how NIST works to protect mobile devices. See NIST Tests Ways To Secure iPhones, iPads. ]

"Cyber crime hurts individuals, businesses and government agencies," NIST undersecretary of commerce for standards and technology and director Patrick Gallagher said in a press statement to launch the center. "We want to bring together the best minds and provide them with the best tools to create and test solutions that will make online transactions of all kinds safer."

NIST is encouraging IT vendors and members of the public to help develop and refine the use cases, and researchers will share results from the center's projects with the IT and vendor communities, according to NIST.

A new computing facility near NIST's campus in Gaithersburg, Md., will house the center, which will host collaborative research efforts that institutions from both public and private-sector computer scientists can participate in. NIST already has done a significant amount of cybersecurity work in the area of setting standards for the federal government, and the center will provide a new venue for the organization to broaden its research to the private sector.

Some recent moves NIST has made include providing guidance to help agencies assess risk within their IT systems to prevent federal cybersecurity breaches. It has also offered guidelines for protecting a computer's Basic Input/Output System (BIOS).

As federal agencies embrace devices and apps to meet employee demand, the White House seeks one comprehensive mobile strategy. Also in the new Going Mobile issue of InformationWeek Government: Find out how the National Security Agency is developing technologies to make commercial devices suitable for intelligence work. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
Dark Reading Live EVENTS
INsecurity - For the Defenders of Enterprise Security
A Dark Reading Conference
While red team conferences focus primarily on new vulnerabilities and security researchers, INsecurity puts security execution, protection, and operations center stage. The primary speakers will be CISOs and leaders in security defense; the blue team will be the focus.
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: No, you were supposed to display UNICODE characters!
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.