President's National Security Telecommunications Advisory Committee Meeting

Thursday, May 6, 2021

NIST's Scott Rose is participating in a panel discussion, "The National Security and Emergency Preparedness Challenges to Adopting Zero-Trust Networking," as part of the President's National Security Telecommunications Advisory Committee (NSTAC) meeting at  12:45 p.m. ET on May 6, 2021. The NSTAC was chartered to provide the President, through the Secretary of Homeland Security, among other things, information and advice on national security and emergency preparedness telecommunications, information and communications services. View the meeting agenda.

Join the IETF 109 Virtual Hackathon

Monday, November 9, 2020 to Friday, November 13, 2020

Members of the Mitigating IoT-Based DDoS project team will participate in IETF 109 Virtual Hackathon on November 9-13, 2020 where they will demonstrate how the MUD-PD tool can help generate Manufacturer Usage Description (MUD) files. MUD-PD is a tool for storing packet capture (PCAP) files to use in manual analysis and automated generation of MUD files. The project team is looking to collect feedback on the usability, efficacy, and desired additional features for MUD-PD. This will be a great opportunity to fix bugs, enable improvements, and develop additional features (see proposed feature list below).  For more information about the schedule please refer to the IETF 109 Hackathon page.

Join Us!

The project team will explore which features and improvements are necessary for accurately and effectively characterizing an IoT device’s behavior with MUD-PD.

During the hackathon, the project team will help participants:

  • install the MUD-PD tool
  • capture packets
  • add features and contribute to the MUD-PD tool
  • automatically generate MUD files
  • develop a tool for adding network environment metadata to packet capture files

Proposed features that will be worked by the team (not a complete list):

  • Efficiency and stability improvements
  • MUD-PD Docker Image
  • Incorporate MUDdy into MUD-PD for more fine-grained MUD File generation
  • Windows compatibility for MUD-PD
  • MUD File verification (comparing MUD file to network captures)
  • Collection and storage of certificates
  • Tool for adding network environment metadata at capture and post capture (may be standalone or incorporated in MUD-PD)

Participants can also use MUD Maker to generate files for comparison.

Hackathon participants are encouraged to bring their own packet captures of IoT device traffic for testing and running analysis. However, the project team will also provide a small set of IoT device traffic packet captures for use in testing and developing MUD-PD. The following is a recommended list of equipment:

  • 1 computer (or VM) running Linux or macOS to run MUD-PD
  • For captures (optional):
    • 1 Router (COTS or Raspberry Pi configured as shown in this guide)
    • 1 or more IoT devices and necessary control devices
    • 1 Smartphone for interacting through vendor app (if needed)


Please send any questions or suggestions regarding the hackathon to the mud@ietf.org.

Connect With Us

Go here to join the MUD IoT Community of Interest where you can receive news and updates about the project. 


Delaware Bankers Association Cybersecurity Forum

Wednesday, February 5, 2020

Join a panel of experts as they discuss the latest challenges facing the digital economy, including emerging risks for financial institutions and security solutions.


7:30 - 8:00 a.m Registration, Networking & Breakfast
8:00 - 8:15 a.m. Welcome & Opening Remarks
8:15 - 9:00 a.m.

National Cybersecurity Center of Excellence

  • Harry Perper, Chief Engineer at The MITRE Corporation
9:00 - 9:30 a.m.

Panel Introductions

  • Lawrence Cruciana, Chief Systems Engineer at Corporate Information Technologies
  • George Mach, President, CEO – CISSP, Apex IT Group
  • Robert Nicholson, Solutions Integrator, Department of Technology and Information
  • Richard S. Mroz, Managing Director, Resolute Solutions, LLC
  • Dr. Jim Fraley, Chair, MS-IST Information Assurance, Wilmington University
9:30 - 11:30 a.m.

Panel Discussion

  • Digital Economy Trends
  • Emerging Cybersecurity Risks
  • Security Solutions
11:30 a.m. - 12:00 p.m. Q&A & Closing Remarks

*please note: this event is currently only physical attendance, a teleconference is NOT available

IETF Hackathon – IoT MUD Implementations

Saturday, July 20, 2019 to Sunday, July 21, 2019

Members of the Mitigating IoT-Based DDoS project team will participate in the IETF Hackathon in Montreal, Canada on July 20-21, 2019 where they will share practical implementations of the MUD technology and collaborate with the IETF participants on a number of planned activities leveraging the base MUD components as described in RFC 8520, Manufacturer Usage Description Specification.

This past spring, the National Cybersecurity Center of Excellence (NCCoE) released a preliminary draft of National Institute of Standards and Technology (NIST) Cybersecurity Practice Guide Special Publication (SP) 1800-15, Securing Small-Business and Home Internet of Things (IoT) Devices: Mitigating Network-Based Attacks Using Manufacturer Usage Description (MUD). This guide presents the crucial role MUD can play in strengthening network security in homes and small business and is intended for IoT device and network component developers and implementors.    

The team is seeking IETF attendees to participate at the Hackathon. Bring your own IoT devkit (including power supply and cables) or we can provide you with one. You will need a laptop to connect to network and the devices. Below are some of the planned activities we have in store:

  • Multiple implementations of MUD including Cisco, CableLabs and NIST SDN MUD Implementations
  • Development of MUD files using mudmaker.org
  • Development of any additional mudmaker capabilities
  • Enabling MUD support in various devkits (BYOIOT)
  • Integration of MUD with Device Provisioning Protocol (DPP) onboarding
  • Development of vendor reporting capabilities

Below is the list of equipment to be used during the Hackathon:

  • Cisco MUD Implementation:
    • Cisco Catalyst 3850-S Switch
    • Cisco MUD Manager
    • FreeRADIUS Server
    • MUD File Server
    • Update Server
    • Unapproved Server
    • Raspberry Pi (x2)
    • Samsung Artik (x2)
    • Ublox C027 (x2)
  • CableLabs MUD Implementation:
    • Gateway/AccessPoint with DPP enabled hostapd and MUD based SDN switch
    • Cloud components (MUD Manager, DPP onboarding API server)
    • Raspberry Pi with DPP enabled Wi-Fi adapter
  • NIST SDN MUD Implementation:
    • Omnia Switch
    • Wireless Access Point
    • TP-Link Switch
    • MUD Manager
    • MUD File Server
    • Update Server
    • Unapproved Server
    • Raspberry Pi's (x2)


Below is the MUD file (ietf-b1.json) and the associated signature file (ietf-b1.p7s) that will be used during the Hackathon. This MUD file intends to showcase and implement all MUD capabilities as defined in the RFC for a single device; this includes outbound communication to approved internet hosts and local communication with internal hosts (e.g. my-controller, controller, same-manufacturer, manufacturer, and local-network rules).




Join Us!

We hope you can join us at the hackathon to implement MUD during the activities we have planned. Bring your own IoT devkit or we can supply you with one. Please send any questions or suggestions regarding the hackathon to the mud@ietf.org mailing list.




FINRA Meeting

Wednesday, June 28, 2017

The NCCoE Financial Services Sector project team will meet with FINRA to provide NCCoE project updates and to discuss FINRA collaboration, adoption, and new project ideas.