connect:ID 2019

Monday, April 29, 2019 to Wednesday, May 1, 2019

Join NIST and the NCCoE at the connectID: 2019 conference and expo on April 29 - May 1, 2019 in Washington, DC. connect:ID 2019 is an innovative international conference and free global exhibition focused on identity technologies and their management in both the physical and digital worlds. Drop by the NIST booth (Booth #808) and learn more from the NCCoE’s Chris Brown about our Derived Personal Identity Verification (PIV) Credentials and Multifactor Authentication for e-Commerce projects.

Utility Cyber Security Forum

Wednesday, June 26, 2019

NCCoE Senior Engineer Harry Perper will speak on a panel as part of Utility Cyber Security Forum's Converging Identity and Access Management Across IT, OT and PACS: A Reference Design session at 11:00 am.

Many utilities run separate IdAM systems managed by various departments whose employees often lack time and methods to coordinate access to devices and facilities across IT and OT silos. According to NCCoE's electric utility stakeholders, this inefficiency can result in security risks for the organization. Additionally, IdAM platforms spread across separate silos in a utility can lead to an increased risk of attack and service disruption, an inability to identify potential sources of a problem or attack, and a lack of overall traceability and accountability regarding who has access to both critical and noncritical assets. In response to this concern, the NCCoE has developed a converged IdAM reference design and example solution, using commercially available technologies, that utilities can use to increase security and efficiency in managing access to their interconnected devices and facilities. 

Key Takeaways: 

  • Highlight the reference design's security controls mapping to guidance and best practices from NIST and other standards organizations, and to NERC CIP standards 
  • Outline how a converged IdAM system allows rapid provisioning and de-provisioning of access from a centralized platform, so utility personnel can spend more time on other critical tasks 
  • Demonstrate how this reference design can help improve a utility's security posture by tracking and auditing access requests and other IdAM activity across all networks 
  • Share some real-world results from converged IdAM platforms 

Health Security, Privacy and Practice Forum

Tuesday, April 23, 2019

Samuel Visner, Director of MITRE's National Cybersecurity Federally Funded Research Center, serves as the keynote speaker at this one day event covering the evolution of health information privacy and security from policy to practice.

Description of the event: Current billion-dollar modernization efforts are still yielding extensive data breaches that are threatening current operations and violating individuals' privacy.  This forum will bring speakers that provide the fundamental framework that is being created by some of the largest health data consumers in the US market today.  Come learn from the Subject Matter Experts on the front line who are fighting to keep critical infrastructure running smoothly and personal health information safe.

UMD Cybersecurity Executive Summit

Wednesday, April 3, 2019 to Friday, April 5, 2019

NCCoE Senior Cybersecurity Engineer Harry Perper will participate in a panel session entitled "Evolving Complex Attack Surfaces" on Thursday, April 4. More information can be found below.

Panel: Evolving Complex Attack Surfaces
Location: Plenary Room 
Time: 3:00 pm – 4:00 pm
Moderator: Pete Tseronis
CEO Dots and Bridges, Former CTO Departments of Energy and Education 
Panelist 1: Greg Sisson, Director of Cyber Operations, Department of Energy
Panelist 2: John Chain, Principal Consultant, Cybis
Panelist 3: Harry Perper, Chief Engineer, The MITRE Corporation
Panelist 4: Dan Prieto, Strategic Executive, Google Cloud - Public Sector 
Panelist 5: Francesco Trama, Chief Executive Officer and Founder, PacketViper
Description: Cybersecurity threats have grown exponentially in size, scope, and severity over the past couple of decades. But organizations continue to invest in securing their perimeter via a reactive approach, as opposed to identifying cyber threats on the internet and other attack surfaces using more proactive measures. This panel explores the evolving nature of complex attack surfaces and issues that need to be addressed in this context.

IT by Design Webinar

Thursday, March 14, 2019

Understanding and Leveraging Cybersecurity Best Practices with NIST Webinar

Harry Perper, Senior Cybersecurity Engineer for the National Cybersecurity Center of Excellence at NIST will discuss practical recommendations to help improve your cybersecurity. He will go over the Cybersecurity Framework (CSF) and the National Cybersecurity Center of Excellence how-to guidance to help your organization and your end-clients make the changes needed to improve security.

Cyber Investing Summit

Thursday, May 16, 2019

Samuel Visner, Director of MITRE's National Cybersecurity Federally Funded Research Center will speak at this year's Cyber Investing Summit in New YorkNow in its fourth year, the Cyber Investing Summit is an all-day conference focused on the investment opportunities and strategies in the rapidly growing cybersecurity industry. The Summit differs from traditional product centered conferences by highlighting the financial side of the sector.

Attendees include Chief Information Security Officers, financial analysts, venture capitalists, private equity managers, institutional and retail investors, government experts, publicly traded firms, privately held companies, startups, and more.

Midsize Enterprise Summit: IT Security 2019

Tuesday, March 26, 2019 to Wednesday, March 27, 2019

MES IT Security Keynote: Cybersecurity For Mid-Sized Organizations--The View From NIST and NCCoE

This session will provide security-focused midmarket leaders with practical recommendations to help them improve their cybersecurity. Harry Perper, chief engineer of Mitre will discuss how the Cybersecurity Framework (CSF) and NCCoE how-to guidance help organizations make the changes need to improve their security. Mitre works with its sponsors and industry partners to adopt effective new concepts and apply solutions in awareness, resiliency, and threat-based defense. Perper will discuss Mitre's advice for a balanced security posture that combines classic cyber defense approaches with a new emphasis on leveraging cyber threat intelligence to respond and adapt quickly to a cyber-attack. Through federally funded R&D centers and public-private partnerships, Mitre works across government to tackle challenges to the safety, stability, and well-being of our nation.

Date: Wednesday, March 27, 2019

Time: 5:00 pm - 5:45 pm

Location: Red Rock Ballroom D

Security Through Innovation Summit

Thursday, April 25, 2019

As cyber threats become more sophisticated, government agencies are in greater need of actionable threat intelligence and cybersecurity policies to protect against a wide range of attacks.

Join top leaders and innovators from the public sector IT community on April 25 at the Security Through Innovation Summit to discuss key issues central to the future of government cybersecurity and IT.

Register now to hear from a dynamic lineup of private and public sector leaders and experts on developing strong cybersecurity defenses, securing data and systems in the cloud, and meeting emerging security needs.

International Privacy + Security Forum

Wednesday, April 3, 2019 to Friday, April 5, 2019

How-to: Industry and NIST Collaboration. Cybersecurity Maturity and Risk Reduction Frameworks

Against the backdrop of our increasing dependency on digital solutions, this session will consider different risk management approaches with special attention to the widely adopted NIST framework and approaches to using commercial cybersecurity to achieve important standards.. With practical applications in mind, our presenters will share how RSA leverages the power of NIST’s federally funded National Cybersecurity Center of Excellence (NCCoE) operated by MITRE in its efforts to protect assets from myriad cyber threats, while at the same time reducing deployment risk and lowering costs. What are the best methodologies for reducing the probability and impact of a cyber incident, reducing dwell time, and mitigating the impact of a breach? How can the public and private sectors effectively work together in this space? How can commercial technologies be combined in effective and affordable architectures that industry can really use? Learn about these topics and others in the context of emerging trends and best practices.

Doug Howard, Vice President, Global Services, RSA
Samuel Visner, Director, National Cybersecurity Federally Funded Research Center, The MITRE Corporation

Location: Room 309

MRC Vegas 2019

Wednesday, March 20, 2019

Help Stop Online Fraud Using Multi-factor Authentication

Wednesday, March 20 at 11:15am

According to a recent independent analysis, eCommerce fraud increased by 30 percent in 2017, compared to 2016, as malicious actors shift from using stolen credit card data in stores at the checkout counter to using stolen credit card data for fraudulent online shopping. Because online retailers cannot utilize all of the benefits of improved credit card technology, they should consider implementing stronger authentication for registered/returning customers to reduce the risk of eCommerce fraud.

Using industry best practices, federal cybersecurity standards and commercially-available products, the National Institutes of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) published a cybersecurity guide detailing how online retailers can implement multi-factor authentication (MFA) to help protect against fraudulent online purchases. The session, featuring senior engineers at NIST and cybersecurity vendors who collaborated on the project, will provide an overview of the example implementations and the risks being mitigated in terms of standards like the the NIST Cybersecurity Framework.