Risk
2/21/2012
05:12 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

NIST Cybersecurity Center Tackles Public And Private Threats

Researchers will use National Cybersecurity Center of Excellence to develop new products and services to combat cybersecurity threats faced by U.S. government agencies and companies.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters
The organization that sets federal technology standards is establishing a new center devoted to cybersecurity technology research across both the public and private sectors.

A partnership between the National Institute for Standards and Technology (NIST), the state of Maryland, and Montgomery County, Md., will create the National Cybersecurity Center of Excellence, where NIST researchers can exclusively work to improve cybersecurity in the United States, according to NIST.

The goals of the center, which is being funded by $10 million of NIST's budget for fiscal-year 2012, will be to establish more trust in U.S. IT communications, data, and storage systems; lower the risk for companies and people using those systems; and develop new cybersecurity products and services, according to NIST.

To do this, the center will team researchers with users and vendors of cybersecurity products and services to do specific work that considers use cases to address challenges in particular sectors. For example, researchers might create interoperable templates that can be used across industries or government agencies in areas such as cloud computing, cryptography, or continuous monitoring of IT systems, according to NIST.

[ Find out how NIST works to protect mobile devices. See NIST Tests Ways To Secure iPhones, iPads. ]

"Cyber crime hurts individuals, businesses and government agencies," NIST undersecretary of commerce for standards and technology and director Patrick Gallagher said in a press statement to launch the center. "We want to bring together the best minds and provide them with the best tools to create and test solutions that will make online transactions of all kinds safer."

NIST is encouraging IT vendors and members of the public to help develop and refine the use cases, and researchers will share results from the center's projects with the IT and vendor communities, according to NIST.

A new computing facility near NIST's campus in Gaithersburg, Md., will house the center, which will host collaborative research efforts that institutions from both public and private-sector computer scientists can participate in. NIST already has done a significant amount of cybersecurity work in the area of setting standards for the federal government, and the center will provide a new venue for the organization to broaden its research to the private sector.

Some recent moves NIST has made include providing guidance to help agencies assess risk within their IT systems to prevent federal cybersecurity breaches. It has also offered guidelines for protecting a computer's Basic Input/Output System (BIOS).

As federal agencies embrace devices and apps to meet employee demand, the White House seeks one comprehensive mobile strategy. Also in the new Going Mobile issue of InformationWeek Government: Find out how the National Security Agency is developing technologies to make commercial devices suitable for intelligence work. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1421
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

CVE-2013-2105
Published: 2014-04-22
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

CVE-2013-2187
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVE-2013-4116
Published: 2014-04-22
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

CVE-2013-4472
Published: 2014-04-22
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Best of the Web