IEEE Power and Energy Society General Meeting

Sunday, August 4, 2019 to Thursday, August 8, 2019

NCCoE Cybersecurity Engineer Don Faatz will speak on a panel as part of the IEEE Power and Energy Society General Meeting’s Cyber-Physical Situational Awareness for the Power Grid session at 10:00 a.m. on Wednesday, August 7, 2019. Don will share practical cybersecurity guidance from NIST SP 1800-7 “Situational Awareness for Electric Utilities” along with other NCCoE energy sector project work.

EnergySec Security & Compliance Summit

Monday, August 19, 2019 to Wednesday, August 21, 2019

Join NCCoE Senior Engineer Harry Perper at the EnergySec Security & Compliance summit - the premier and longest-running security conference for critical infrastructure in the nation. Participants include a diverse audience of industry leaders and experts from around the globe. Attendees of the summit will benefit from a wide variety of perspectives, knowledge, and experiences.  Harry Perper will be featured in multiple presentations during the summit.

Presentations details:

Tuesday, August 20th at 2:45 p.m. - Main Stage Presentation

Wednesday, August 21st at 2:00-3:00 p.m. - Panelist, “Emerging Risk to the Grid”

Software and Supply Chain Assurance Forum (SSCA)

Wednesday, May 8, 2019 to Thursday, May 9, 2019

The Software and Supply Chain Assurance Forum (SSCA) is meeting on May 8th and 9th at the MITRE Corporation’s headquarters in McLean, VA. Nakia Grayson, NIST's PI for the Supply Chain Assurance project and Andy Regensheid, NIST's Hardware-Rooted Security project lead will be speaking on the 8th at 1pm about the NCCoE’s new “Validating the Integrity of Servers and Client Devices: Supply Chain Assurance” project.

The Software and Supply Chain Assurance Forum (SSCA) provides a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective practices and mitigation strategies, tools and technologies, and any gaps related to the people, processes, or technologies involved.

The effort is co-led by the National Institute of Standards and Technology (NIST), the Department of Homeland Security (DHS), the Department of Defense (DoD), and the General Services Administration (GSA). Participants represent a diverse group of career professionals including government officials, chief information security officers, those in academia with cybersecurity and supply chain specialties, system administrators, engineers, consultants, vendors, software developers, managers, analysts, specialists in IT and cybersecurity, and many more fields. 

This event is free and open to the public. Registration is required.

AlertEnterprise User Group Summit

Tuesday, May 14, 2019 to Wednesday, May 15, 2019

NCCoE Engineer Harry Perper will be presenting "Leveraging NIST's Standards-Based Cyber/Physical Security Convergence Guidance for Critical Infrastructure Protection" during The 2019 AlertEnterprise User Group Summit. 

Session Description
The 2019 AlertEnterprise User Group Summit will bring together some of the leading security minds from corporations, registered and regulating entities, as well as key industry stakeholders. Workshops, presentations and roundtable discussions will deliver unbiased, collaborative and impactful perspectives on tackling some of the most critical challenges facing the industry today.It’s an excellent opportunity to examine different and new approaches to common challenges and gain new tools to enhance your current and future strategies and tactics.

Connect IT Global

Monday, May 6, 2019 to Tuesday, May 7, 2019

Join NCCoE Engineer Harry Perper at the Connect IT Global Conference, hosted by Kaseya at Caesars Palace in Las Vegas, NV. 

On Tuesday, May 7, Harry will be participating in two presentations: 
2:30-3:30 pm      Panel: "Experts Security Panel: Explore Evolving World of Security and Its Impact on Our Lives"
4:00-4:40 pm      Session: "Learn about the Cybersecurity Framework (CSF)"

2019 GITEC Emerging Technology Conference

Sunday, April 28, 2019 to Tuesday, April 30, 2019

On April 28, NCCoE Security Engineer Gema Howell will participate in the Future Trends Panel GITEC Emerging Technology Conference. The 9:45 am session includes a discussion on leadership and management expertise in the field of innovation and future trends.

Additionally, she will discuss her involvement in various mobile security projects at NIST and the NCCoE and well as her role as the NIST Co-chair of the Federal Mobility Group.

Identiverse 2019

Tuesday, June 25, 2019 to Friday, June 28, 2019

Mobile Enterprises: Strategically Addressing Threats While Managing Risk

Description: Mobile devices provide access to data and resources vital for organizations to accomplish their mission while providing employees the flexibility to perform their daily activities. Securing the information that can be accessed through these devices is important to ensure the continuity of business. While mobile devices can increase organizations’ efficiency and employee productivity, they can also leave sensitive data vulnerable. Addressing such vulnerabilities requires mobile device management tools that help secure access to the network and resources that are different from those required to secure the typical computer workstation. Managing the security of mobile devices and minimizing the risk posed can be challenging because there are many mobile device management tools available and proper implementation of these tools can be ambiguous due to lack of consistency and unfamiliarity with the threats to mobile devices. To address the challenge of securing mobile devices while managing risks, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) built a reference architecture to show how various mobile security technologies can be collocated within an enterprise’s network.

Speaker: Gema Howell

Date: Wednesday, June 26

Time: 11:35 am - 12:00 pm

The Smart Conference

Wednesday, May 1, 2019 to Sunday, May 5, 2019

Join NCCoE engineers Bill Newhouse and Jeff Finke at the 1st International Conference on Smart Tourism and Enabling Technologies (The Smart Conference) jointly organized by the Rosen College of Hospitality Management (RCHM) and the College of Engineering and Computer Science (CECS) at the University of Central Florida (UCF). On Thursday, May 2 at 4:40 pm they will participate in a panel discussion on cybersecurity in hotel tech.



connect:ID 2019

Monday, April 29, 2019 to Wednesday, May 1, 2019

Join NIST and the NCCoE at the connectID: 2019 conference and expo on April 29 - May 1, 2019 in Washington, DC. connect:ID 2019 is an innovative international conference and free global exhibition focused on identity technologies and their management in both the physical and digital worlds. Drop by the NIST booth (Booth #808) and learn more from the NCCoE’s Chris Brown about our Derived Personal Identity Verification (PIV) Credentials and Multifactor Authentication for e-Commerce projects.

Utility Cyber Security Forum

Wednesday, June 26, 2019

NCCoE Senior Engineer Harry Perper will speak on a panel as part of Utility Cyber Security Forum's Converging Identity and Access Management Across IT, OT and PACS: A Reference Design session at 11:00 am.

Many utilities run separate IdAM systems managed by various departments whose employees often lack time and methods to coordinate access to devices and facilities across IT and OT silos. According to NCCoE's electric utility stakeholders, this inefficiency can result in security risks for the organization. Additionally, IdAM platforms spread across separate silos in a utility can lead to an increased risk of attack and service disruption, an inability to identify potential sources of a problem or attack, and a lack of overall traceability and accountability regarding who has access to both critical and noncritical assets. In response to this concern, the NCCoE has developed a converged IdAM reference design and example solution, using commercially available technologies, that utilities can use to increase security and efficiency in managing access to their interconnected devices and facilities. 

Key Takeaways: 

  • Highlight the reference design's security controls mapping to guidance and best practices from NIST and other standards organizations, and to NERC CIP standards 
  • Outline how a converged IdAM system allows rapid provisioning and de-provisioning of access from a centralized platform, so utility personnel can spend more time on other critical tasks 
  • Demonstrate how this reference design can help improve a utility's security posture by tracking and auditing access requests and other IdAM activity across all networks 
  • Share some real-world results from converged IdAM platforms