Risk
2/21/2012
05:12 PM
50%
50%

NIST Cybersecurity Center Tackles Public And Private Threats

Researchers will use National Cybersecurity Center of Excellence to develop new products and services to combat cybersecurity threats faced by U.S. government agencies and companies.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters
The organization that sets federal technology standards is establishing a new center devoted to cybersecurity technology research across both the public and private sectors.

A partnership between the National Institute for Standards and Technology (NIST), the state of Maryland, and Montgomery County, Md., will create the National Cybersecurity Center of Excellence, where NIST researchers can exclusively work to improve cybersecurity in the United States, according to NIST.

The goals of the center, which is being funded by $10 million of NIST's budget for fiscal-year 2012, will be to establish more trust in U.S. IT communications, data, and storage systems; lower the risk for companies and people using those systems; and develop new cybersecurity products and services, according to NIST.

To do this, the center will team researchers with users and vendors of cybersecurity products and services to do specific work that considers use cases to address challenges in particular sectors. For example, researchers might create interoperable templates that can be used across industries or government agencies in areas such as cloud computing, cryptography, or continuous monitoring of IT systems, according to NIST.

[ Find out how NIST works to protect mobile devices. See NIST Tests Ways To Secure iPhones, iPads. ]

"Cyber crime hurts individuals, businesses and government agencies," NIST undersecretary of commerce for standards and technology and director Patrick Gallagher said in a press statement to launch the center. "We want to bring together the best minds and provide them with the best tools to create and test solutions that will make online transactions of all kinds safer."

NIST is encouraging IT vendors and members of the public to help develop and refine the use cases, and researchers will share results from the center's projects with the IT and vendor communities, according to NIST.

A new computing facility near NIST's campus in Gaithersburg, Md., will house the center, which will host collaborative research efforts that institutions from both public and private-sector computer scientists can participate in. NIST already has done a significant amount of cybersecurity work in the area of setting standards for the federal government, and the center will provide a new venue for the organization to broaden its research to the private sector.

Some recent moves NIST has made include providing guidance to help agencies assess risk within their IT systems to prevent federal cybersecurity breaches. It has also offered guidelines for protecting a computer's Basic Input/Output System (BIOS).

As federal agencies embrace devices and apps to meet employee demand, the White House seeks one comprehensive mobile strategy. Also in the new Going Mobile issue of InformationWeek Government: Find out how the National Security Agency is developing technologies to make commercial devices suitable for intelligence work. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4231
Published: 2015-07-03
The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.

CVE-2015-4232
Published: 2015-07-03
Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.

CVE-2015-4234
Published: 2015-07-03
Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127.

CVE-2015-4237
Published: 2015-07-03
The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv0...

CVE-2015-4239
Published: 2015-07-03
Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13(0.21) allows remote attackers to cause a denial of service (device reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCus84220.

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report