Conference

IETF 107 Hackathon - Event Cancelled

Saturday, March 21, 2020 to Sunday, March 22, 2020

*This event has been cancelled.* Members of the Mitigating IoT-Based DDoS project team will participate in the IETF 107 Hackathon in Vancouver, Canada on March 21-22, 2020 where they will demonstrate how the MUD Profiling Database (MUD-PD) tool can help automatically generate Manufacturer Usage Description (MUD) files for Internet-of-Things (IoT) devices. They plan on collaborating with the IETF participants and leveraging the base MUD components as described in RFC 8520, Manufacturer Usage Description Specification.

In November 2019, the project team released the preliminary draft Special Publication 1800-15, Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD). This guide presents the crucial role MUD can play in strengthening network security in homes and small business and is intended for IoT device and network component developers and implementors.

The team is seeking IETF attendees to participate at the hackathon and learn how the MUD-PD tool can help with generating MUD profiles. Bring your own IoT devices or choose an IoT device from our selection. We will have an environment where participants will be able to capture the network activity generated throughout the IoT device lifecycle. After the IoT device behavior has been captured, the MUD-PD tool will be used to automatically generate MUD profiles. The packet captures, MUD profiles, and the discussion involved will help us improve the MUD-PD tool, making the generated MUD files more comprehensive. These profiles will also help manufacturers and others in the community to gain a better understanding of their IoT device behavior.

 

During the hackathon, participants will:

  • Capture IoT device behavior
  • Analyze the device behavior using a variety of tools, including the MUD-PD tool
  • Generate MUD profiles for use by others in the community
  • Discuss and generate improvements to the MUD-PD tool

Participants are encouraged to bring their own IoT devices if possible. The following IoT devices will be provided by the project team:

  • Amazon Echo Dot
  • Nest Indoor Cam
  • Lifx Light Bulb
  • Phillips Hue Hub + Bulb
  • Vizio Smart TV
  • Belkin Wemo Smart Switch
  • Raspberry Pi 4

Authenticate 2020

Monday, November 9, 2020 to Tuesday, November 10, 2020

The NCCoE’s Chris Brown will speak at FIDO’s Authenticate 2020 Conference where he’ll share findings from exploratory research and testing of the attestations produced by various FIDO2 authenticators. Authenticate is the first conference dedicated to all aspects of authentication – with a focus on the FIDO standards-based approach.

Best Practices in Utility Cybersecurity Conference 2020

Monday, January 27, 2020

NCCoE’s Senior Cybersecurity Engineer Harry Perper will speak at the Protect Our Power’s Best Practices in Utility Cybersecurity Conference 2020 on Monday, January 27, 2020. Harry will be speaking broadly about the NCCoE’s portfolio of energy sector cybersecurity projects, and specifically about best practices in Identity and Access Management for the energy sector.

Distributech International

Tuesday, January 28, 2020 to Thursday, January 30, 2020

The NCCoE’s Jim McCarthy will speak at Distributech International on Distributed Energy Resource (DER) Cybersecurity: Investigating the Challenges of Securing IIoT and the NCCoE’s latest project on DER cybersecurity on Wednesday, January 29, 2020 beginning at 1:30 p.m. Distributech is the utility industry’s leading transmission and distribution conference and exhibition. 

2020 Winter Science of Security and Privacy Quarterly Meeting

Wednesday, January 15, 2020 to Thursday, January 16, 2020

NCCoE’s Alper Kerman and NIST’s Scott Rose will speak on Zero Trust 101: An Evolution in Enterprise Cybersecurity at the Cyber-Physical Systems Virtual Organization’s 2020 Winter Science of Security and Privacy Quarterly Meeting on Thursday, January 16, 2020. In this session, they will address the concepts and tenets of zero trust as outlined in NIST SP 800-207, Zero Trust Architecture, and the advantages and challenges that organizations face when adopting a zero trust architecture.

RSA Conference 2020

Monday, February 24, 2020 to Friday, February 28, 2020

Presentations

Emerging Threats

Monday, February 24, 2020, 8:30 a.m. - 5:00 p.m., Moscone West

This full-day seminar will discuss topics of emerging threats such as ransomware, targeted attacks, emerging IoT threats and new aspects of social engineering and deep fake human manipulation. The NCCoE's Anne Townsend and Michael Ekstrom will discuss protecting data from ransomware and breaches. Learn more about this session and view the agenda.

Access the recap.

 

How to Deploy Secure Technologies to Help Reduce Online Fraud

Tuesday, February 25, 2020, 1:00 p.m. - 1:50 p.m., Moscone West

Join NCCoE's Bill Newhouse as he discusses how to protect e-commerce from cybersecurity attacks. These solutions are researched in the NCCoE's NIST Special Publication (SP) 1800-17, Multifactor Authentication for E-Commerce, which was finalized earlier this year. Learn more about this session.

Can't make it to the session? Learn more about this project

Access the recap.

 

Practical Use of the MUD Specification to Support Access Control in the IoT

Wednesday, February 26, 2020, 8:00 a.m. - 8:30 a.m., Moscone South

The demand for internet-connected “smart” home and small business devices is growing rapidly, but so too are concerns regarding the potential compromise of these devices. During this session, the NCCoE's Parisa Grayeli and Blaine Mulugeta will discuss example implementations of a Manufacturer Usage Description (MUD) solution for cybersecurity attacks on IoT devices. These solutions are based on the Internet Engineering Task Force's MUD RFC 8520, and are detailed in the NCCoE's NIST SP 1800-15, Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD). Learn more about this session.

Can't make it to the session? Check out our work with MUD.

Access the recap.

 

Putting Access Management for the Internet of Things into Practice with MUD

Thursday, February 27, 2020, 8:00 a.m. - 8:50 a.m., Moscone West

The panel will summarize public and private sector activities for documenting and applying best security practices for IoT. It will describe industry collaborations, including describing and showing proof of concept implementations of the Manufacturer Usage Description (MUD) Specification (RFC 8520) for controlling access to IoT devices. Lessons learned and implementation issues will be explored. Learn more about this session.

Can't make it to the session? Check out our work with MUD.

Access the recap.

Birds of a Feather Sessions

Data Breach Response and Recovery

Wednesday, February 26, 2020, 1:30 p.m. - 2:20 p.m., Moscone West

The aftereffects of a data breach can send organizations reeling. By sharing experiences of handling data breaches, we can better understand the technical gaps that exist in today’s enterprises. Come and discuss with NCCoE's Michael Ekstrom what tools and technologies today’s security teams need to best meet today’s data confidentiality challenges. Attendance is strictly limited to allow for a small group experience. Learn more about this session.

 

Securing the Identity and Access Management Systems

Wednesday, February 26, 2020, 2:50 p.m. - 3:40 p.m., Moscone West

Breakthroughs were made in the financial services sector work in access rights management in support of the National Cybersecurity Center of Excellence work program. What’s next? Securing the identity and access management systems. Come and discuss with NCCoE's Anne Townsend what tools and technologies today’s security teams need to best meet this challenge. Attendance is strictly limited to allow for a small group experience. Learn more about this session.

Offsite NIST Events

Discussion on Secure Software Development Framework

Tuesday, February 25, 2020, 4:00 p.m. - 5:00 p.m., Marriott Marquis, 780 Mission Street, San Francisco, CA 94103

Please join BSA, NIST, SAFECode and industry panelists in a one-hour session to discuss secure software development framework (SSDF) practices. Learn more about this session and register.

Use Cases for the NICE Cybersecurity Workforce Framework

Wednesday, February 26, 2020, 8:00 a.m. - 9:45 a.m., Marriott Marquis, 780 Mission Street, San Francisco, CA 94103

This session will consist of a review and discussion of seven proposed use cases of the NICE Framework, which provides a common taxonomy and lexicon for describing cybersecurity work in both the public and private sectors. Additionally, attendees will gain insight from subject matter experts into best practices for how the NICE Framework can be used as a reference resource. Learn more about this session and register.

 

Visit the NCCoE at the NIST Booth 2438/South Expo.

 

*More information will be added to this page as it is announced.

Privacy+Security Forum

Tuesday, October 15, 2019

Join seasoned privacy and security leaders for rigorous sessions, workshops, and intensives at a conference that delivers practical takeaways for all participants.

The NCCoE Session - Data Confidentiality: Protecting Assets and Recovering from Data Breaches

Panel Members -  Anne Townsend, Katie Boeckl, Shane Witlatch, Sue Wang

Date -  Tuesday, October 15, 2019

Time - 2:30pm – 3:30pm

2019 ICS Cyber Security Conference

Monday, October 21, 2019 to Thursday, October 24, 2019

The NCCoE’s Jim McCarthy will speak at SecurityWeek’s ICS Cyber Security Conference on Distributed Energy Resource (DER) Cybersecurity: Investigating the Challenges of Securing IIoT on Tuesday, October 22, 2019. In this session, Jim will discuss how the NCCoE is gearing up to explore various scenarios in which information exchanges among commercial and utility DERs and electric distribution grid operations can be protected from cybersecurity compromises.