Conference

Software and Supply Chain Assurance Forum (SSCA)

Wednesday, May 8, 2019 to Thursday, May 9, 2019

The Software and Supply Chain Assurance Forum (SSCA) is meeting on May 8th and 9th at the MITRE Corporation’s headquarters in McLean, VA. Nakia Grayson, NIST's PI for the Supply Chain Assurance project and Andy Regensheid, NIST's Hardware-Rooted Security project lead will be speaking on the 8th at 1pm about the NCCoE’s new “Validating the Integrity of Servers and Client Devices: Supply Chain Assurance” project.

The Software and Supply Chain Assurance Forum (SSCA) provides a venue for government, industry, and academic participants from around the world to share their knowledge and expertise regarding software and supply chain risks, effective practices and mitigation strategies, tools and technologies, and any gaps related to the people, processes, or technologies involved.

The effort is co-led by the National Institute of Standards and Technology (NIST), the Department of Homeland Security (DHS), the Department of Defense (DoD), and the General Services Administration (GSA). Participants represent a diverse group of career professionals including government officials, chief information security officers, those in academia with cybersecurity and supply chain specialties, system administrators, engineers, consultants, vendors, software developers, managers, analysts, specialists in IT and cybersecurity, and many more fields. 

This event is free and open to the public. Registration is required.

AlertEnterprise User Group Summit

Tuesday, May 14, 2019 to Wednesday, May 15, 2019

NCCoE Engineer Harry Perper will be presenting "Leveraging NIST's Standards-Based Cyber/Physical Security Convergence Guidance for Critical Infrastructure Protection" during The 2019 AlertEnterprise User Group Summit. 

Session Description
The 2019 AlertEnterprise User Group Summit will bring together some of the leading security minds from corporations, registered and regulating entities, as well as key industry stakeholders. Workshops, presentations and roundtable discussions will deliver unbiased, collaborative and impactful perspectives on tackling some of the most critical challenges facing the industry today.It’s an excellent opportunity to examine different and new approaches to common challenges and gain new tools to enhance your current and future strategies and tactics.
 

Connect IT Global

Monday, May 6, 2019 to Tuesday, May 7, 2019

Join NCCoE Engineer Harry Perper at the Connect IT Global Conference, hosted by Kaseya at Caesars Palace in Las Vegas, NV. 

On Tuesday, May 7, Harry will be participating in two presentations: 
2:30-3:30 pm      Panel: "Experts Security Panel: Explore Evolving World of Security and Its Impact on Our Lives"
4:00-4:40 pm      Session: "Learn about the Cybersecurity Framework (CSF)"
 

2019 GITEC Emerging Technology Conference

Sunday, April 28, 2019 to Tuesday, April 30, 2019

On April 28, NCCoE Security Engineer Gema Howell will participate in the Future Trends Panel GITEC Emerging Technology Conference. The 9:45 am session includes a discussion on leadership and management expertise in the field of innovation and future trends.

Additionally, she will discuss her involvement in various mobile security projects at NIST and the NCCoE and well as her role as the NIST Co-chair of the Federal Mobility Group.

Identiverse 2019

Tuesday, June 25, 2019 to Friday, June 28, 2019

Mobile Enterprises: Strategically Addressing Threats While Managing Risk

Description: Mobile devices provide access to data and resources vital for organizations to accomplish their mission while providing employees the flexibility to perform their daily activities. Securing the information that can be accessed through these devices is important to ensure the continuity of business. While mobile devices can increase organizations’ efficiency and employee productivity, they can also leave sensitive data vulnerable. Addressing such vulnerabilities requires mobile device management tools that help secure access to the network and resources that are different from those required to secure the typical computer workstation. Managing the security of mobile devices and minimizing the risk posed can be challenging because there are many mobile device management tools available and proper implementation of these tools can be ambiguous due to lack of consistency and unfamiliarity with the threats to mobile devices. To address the challenge of securing mobile devices while managing risks, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) built a reference architecture to show how various mobile security technologies can be collocated within an enterprise’s network.

Speaker: Gema Howell

Date: Wednesday, June 26

Time: 11:35 am - 12:00 pm

The Smart Conference

Wednesday, May 1, 2019 to Sunday, May 5, 2019

Join NCCoE engineers Bill Newhouse and Jeff Finke at the 1st International Conference on Smart Tourism and Enabling Technologies (The Smart Conference) jointly organized by the Rosen College of Hospitality Management (RCHM) and the College of Engineering and Computer Science (CECS) at the University of Central Florida (UCF). On Thursday, May 2 at 4:40 pm they will participate in a panel discussion on cybersecurity in hotel tech.

 

 

connect:ID 2019

Monday, April 29, 2019 to Wednesday, May 1, 2019

Join NIST and the NCCoE at the connectID: 2019 conference and expo on April 29 - May 1, 2019 in Washington, DC. connect:ID 2019 is an innovative international conference and free global exhibition focused on identity technologies and their management in both the physical and digital worlds. Drop by the NIST booth (Booth #808) and learn more from the NCCoE’s Chris Brown about our Derived Personal Identity Verification (PIV) Credentials and Multifactor Authentication for e-Commerce projects.

Utility Cyber Security Forum

Wednesday, June 26, 2019

NCCoE Senior Engineer Harry Perper will speak on a panel as part of Utility Cyber Security Forum's Converging Identity and Access Management Across IT, OT and PACS: A Reference Design session at 11:00 am.

Many utilities run separate IdAM systems managed by various departments whose employees often lack time and methods to coordinate access to devices and facilities across IT and OT silos. According to NCCoE's electric utility stakeholders, this inefficiency can result in security risks for the organization. Additionally, IdAM platforms spread across separate silos in a utility can lead to an increased risk of attack and service disruption, an inability to identify potential sources of a problem or attack, and a lack of overall traceability and accountability regarding who has access to both critical and noncritical assets. In response to this concern, the NCCoE has developed a converged IdAM reference design and example solution, using commercially available technologies, that utilities can use to increase security and efficiency in managing access to their interconnected devices and facilities. 

Key Takeaways: 

  • Highlight the reference design's security controls mapping to guidance and best practices from NIST and other standards organizations, and to NERC CIP standards 
  • Outline how a converged IdAM system allows rapid provisioning and de-provisioning of access from a centralized platform, so utility personnel can spend more time on other critical tasks 
  • Demonstrate how this reference design can help improve a utility's security posture by tracking and auditing access requests and other IdAM activity across all networks 
  • Share some real-world results from converged IdAM platforms 
     

Health Security, Privacy and Practice Forum

Tuesday, April 23, 2019

Samuel Visner, Director of MITRE's National Cybersecurity Federally Funded Research Center, serves as the keynote speaker at this one day event covering the evolution of health information privacy and security from policy to practice.

Description of the event: Current billion-dollar modernization efforts are still yielding extensive data breaches that are threatening current operations and violating individuals' privacy.  This forum will bring speakers that provide the fundamental framework that is being created by some of the largest health data consumers in the US market today.  Come learn from the Subject Matter Experts on the front line who are fighting to keep critical infrastructure running smoothly and personal health information safe.

UMD Cybersecurity Executive Summit

Wednesday, April 3, 2019 to Friday, April 5, 2019

NCCoE Senior Cybersecurity Engineer Harry Perper will participate in a panel session entitled "Evolving Complex Attack Surfaces" on Thursday, April 4. More information can be found below.

Panel: Evolving Complex Attack Surfaces
Location: Plenary Room 
Time: 3:00 pm – 4:00 pm
Moderator: Pete Tseronis
CEO Dots and Bridges, Former CTO Departments of Energy and Education 
Panelists
Panelist 1: Greg Sisson, Director of Cyber Operations, Department of Energy
Panelist 2: John Chain, Principal Consultant, Cybis
Panelist 3: Harry Perper, Chief Engineer, The MITRE Corporation
Panelist 4: Dan Prieto, Strategic Executive, Google Cloud - Public Sector 
Panelist 5: Francesco Trama, Chief Executive Officer and Founder, PacketViper
Description: Cybersecurity threats have grown exponentially in size, scope, and severity over the past couple of decades. But organizations continue to invest in securing their perimeter via a reactive approach, as opposed to identifying cyber threats on the internet and other attack surfaces using more proactive measures. This panel explores the evolving nature of complex attack surfaces and issues that need to be addressed in this context.