Workshop

Workshop on 5G Cybersecurity: Preparing a Secure Evolution to 5G

Thursday, October 10, 2019

The National Institute of Standards and Technology (NIST) invites you to attend a 5G cybersecurity workshop on October 10, 2019 at the National Cybersecurity Center of Excellence (NCCoE), 9700 Great Seneca Highway, Rockville, Maryland. This event is free and open to the public, however, all participants must register in advance to attend.

Purpose

The purpose of this NIST 5G cybersecurity workshop is to explore the practical and implementable cybersecurity capabilities delivered by 5G systems, identify existing industry recommended practices for securing the supporting infrastructure and technologies, and understand potential opportunities and challenge areas affecting this evolution to 5G. The findings from this workshop will inform the development of potential NCCoE demonstration projects to leverage 5G cybersecurity capabilities and supporting technologies to protect the cellular communication network in addition to secure the core 5G underlying infrastructure and services.

Background

As 5G technology is deployed in our nation and across the world, there is great promise of positive change in the way humans and machines communicate, operate, and interact in the physical and virtual world. With cellular technology becoming the primary way devices are connected, it is imperative for organizations to understand and address the risks associated with the use of these technologies. As the industry is embarking on ubiquitous 5G deployments, there are opportunities to take advantage of the various cybersecurity technologies and capabilities that are available today. 5G introduces the concept of a Service Based Architecture (SBA) for the first time in cellular networks. This design has fundamental impacts on the way network services are created and how the individual Network Functions (NF) communicate – not only is the core network decomposed into smaller functional elements, the communication between these elements is also expected to be more flexible, routed via a common service bus and deployed using virtualization technologies. It is envisioned that 5G network components are deployed on a hyper scalable containerized and virtualized infrastructure. While this is not the only approach for 5G deployments, this infrastructure is a fundamental building block of 5G that operators and manufacturers can adopt to meet customers’ demand of modern use cases. Secure deployment of the core network and radio access network services on cloud-like infrastructure constitutes a foundational element of both commercial and private 5G networks.

At the workshop, NIST will introduce some notional ideas of a high-level reference architecture, supporting components of 5G deployments, and a proposed preliminary approach for gathering the existing cybersecurity guidance to develop practical practices that can be instantiated as potential NCCoE demonstration projects.

NIST invites industry subject matter experts and practitioners to present their views related to cellular security enhancements, deployment challenges and opportunities introduced with new service-based architecture of 5G technology, as well as proposed solutions. NIST welcomes feedback and ideas about this work related to the evolution to 5G networks to include technologies and best practices that will be critical to a successful and secure deployment and operation of the network. NIST will solicit input from workshop participants on all aspects of the planned activities to include: relevant standards, guidelines, best practices, use cases and technologies to be considered, and sources of specifications and guidance. The resulting prioritized list of activities will accelerate the demonstration of the next generation cellular networks along with their supporting technologies that can be deployed and operated securely by default.

Questions about the workshop should be sent to 5G-Security@nist.gov.

 

Registration is Open

Register for this free workshop by October 3, 2019.

Our international guests are encouraged to register by September 26 to give NIST sufficient time to process their paperwork. Please download this file and fax the hard copy to (301-975-0321). Once the form has been faxed, email keri.bray@nist.gov to confirm receipt.

Note: This is not a virtual event. You must join us in person at the NCCoE to attend this event.

 

Logistics:

NCCoE
9700 Great Seneca Highway
Rockville, Maryland 20850

Time: Registration begins at 8:30 a.m EST. The formal programs begins at 9:00 a.m. and will conclude at 1 p.m.

Dress: Business Casual

Cyber Supply Chain Risk Management (C-SCRM): Validating the Integrity of Server and Client Devices

Tuesday, September 10, 2019

NIST’s NCCoE is developing a demonstration project to identify the perceived issues and challenges in supply chain assurance. When a device’s supply chain is compromised, the security of that computer device can no longer be trusted, whether it is a laptop, desktop or server. A primary focus of the workshop and subsequent NCCoE demonstration project is to explore methods by which organizations can verify that their purchased computing devices’ internal components are genuine and have not been altered during the manufacturing and distribution process or after sale from a retailer. During the workshop, NIST will present its preliminary plans for this project and subject matter experts in the field will present on their views of the challenges in supply chain assurance and/or enabling technologies and best practices to address perceived challenges. The resulting project hopes to also verify that components have not been tampered with nor otherwise modified through the retirement of the computing device.

NIST explicitly solicits input from workshop participants on all aspects of the planned NCCoE demonstration project including the proposed scope, use cases and technologies to be considered, and sources of specifications and guidance. Once the project description is finalized, NIST will solicit organizations to directly collaborate in the technical project and the development of its outputs.

 

Workshop Agenda (subject to change)

8:30 - 9:00 a.m. Check-In, NCCoE Lobby
9:00 - 9:15 a.m. Safety Brief / Intro to NCCoE
9:15 - 9:30 a.m. Cyber Supply Chain Risk Management Overview
9:30 - 9:45 a.m. NCCoE Project Description Overview
9:45 - 9:55 a.m. Trusted Computing Architecture
9:55 - 10:10 a.m. Break
10:10 - 11:35 a.m.

Industry Session with invited speakers from:

Intel

Hewlett Packard, Inc.

Dell

Hewlett Packard Enterprise

Cisco

Seagate

Eclypsium, Inc.

11:35 a.m. - 12:05 p.m. Industry Panel Q&A
12:05 - 12:30 p.m. Wrap-up

Questions about the workshop should be sent to: supplychain-nccoe@nist.gov

 

The following presentations from the industry day have been approved for public release.

NCCoE

Intel

Hewlett Packard, Inc.

Hewlett Packard Enterprise

Cisco

Seagate

Eclypsium, Inc.

Trusted Computing Group

 

Speakers

Mark Boucher, Intel

Mark Boucher is the chief architect for Compute Lifecycle Assurance at Intel.  He has more than 15 years of Supply Chain software and process experience, and has been architected large scale enterprise solutions for the past decade.

 

Jim Mann, Hewlett Packard, Inc.

Jim Mann is an HP Distinguished Technologist and Security Strategist in the Office of the Chief Engineer.  He leads the company’s product security quality and governance, talent management and education, serves as a key technical resource for HP business units in bringing secure products to market, and is a co-lead for HP’s Supply Chain Risk Management Compliance Function.  Mann is active in numerous industry consortia activities and private-public forums related to security, and serves on the Board of Directors and as a co-chair of the Cyber Resilient Technology Workgroup for the Trusted Computing Group.  He was also a technical contributor to NIST SP 800-147/B (now ISO 19678) and SP 800-193, was a co-author on the Open Group Trusted Technology Provider Standard (now ISO 20243), and is participating in the DHS ICT Supply Chain Risk Management Task Force.

 

Jon Amis, Dell Technologies, Inc.
Jon Amis is the Supply Chain Assurance Program Director for Dell Technologies, Inc. and has had the responsibility for the development of the Dell program for ten years.  He has served in various roles at Dell over the past 19 years within Manufacturing Engineering, Supply Chain and Logistics.  Jon currently represents Dell on several key public-private partnerships and industry forums that focus on the integrity, security, and assurance aspects supply chain risk management, to include the Department of Homeland Security (DHS) Information and Communications Technology (ICT) Supply Chain Risk Management (SCRM) Task Force, The Open Group Trusted Technology Forum, the Supply Chain Risk Leadership Council (SCRLC), and the Software and Supply Chain Assurance Forum (SSCA).

Jon graduated from the United States Military Academy at West Point in 1990 with a Bachelor of Science degree in Systems Engineering and went on to serve as an Infantry Platoon Leader and Executive Officer with the 101st Airborne Division.  After leaving the Army, he earned a Master of Engineering degree with Highest Honors in Industrial Engineering at the University of Louisville.  Prior to joining Dell, he was an engineer for FedEx Ground.  Jon lives with his wife, Lori, and their two children just north of Nashville, Tennessee.  

 

CJ Coppersmith, Hewlett Packard Enterprise

CJ Coppersmith is presently driving secure development lifecycle and maturity assessment methodology, as well as security architectural standards and compliance, and vulnerability analysis and response across HPE. Previously Coppersmith drove HPE development environment, SOA and Linux strategy for the corporation.

Coppersmith brings over 30 years in the IT industry, covering security, various aspects of development operations, and technology incubation. Coppersmith was CTO for Compaq’s Alpha Division, leading the J2EE and middleware strategy for the division. While working for Digital Equipment Corporation, he worked as the Technical Point of Contact between Digital and the National Computer Security Center, and was certified as a Vendor Security Analyst (VSA) by the Center. He led several NCSC Operating System Security Evaluations as well as leading several overall operating system releases.

Coppersmith holds Bachelor of Science degrees in Biology and Chemistry from Allegheny College and the University of Pittsburgh, respectively, and a Master of Science degree in Computer Systems Engineering from Northeastern University.

 

Chirag Shroff, Cisco Systems, Inc.

Chirag Shroff is a Principal Engineer with Cisco's Security and Trust Organization where Trustworthy Technologies are at the heart of his work. As principal engineer, Mr. Shroff is responsible for Trustworthy Systems architecture and technology innovation, including threat response, intelligence and engineering development that enhances the security of Cisco's product portfolio.

Mr. Shroff has held various leadership roles at Cisco as a senior technical leader and hardware manager, encompassing the fields of global government solutions engineering, hardware assurance and resilient systems architecture. During his 19 years at Cisco, he has made a tremendous impact on security engineering. Mr. Shroff is highly regarded as a trusted security partner and advisor to Cisco product teams, global government standards organizations, and worldwide key technology suppliers. His passion, talent, and dedication to innovation have resulted in several security and networking patents.

He holds a Master of Science degree in Electrical Engineering from California State University, Northridge and a Bachelor of Science degree in Computer Engineering from the Gujarat University, India.

 

Monty A. Forehand, Seagate Technology

Monty Forehand is Product Security Officer and Managing Technologist of the Product Security Office at Seagate, leading the security assurance of products, operations, and life-cycle across all Seagate business lines.  He has held a variety of leadership positions in Embedded System Architecture, Security and VLSI Architecture, Security Portfolio Delivery, Research, Technology, and Architecture over a 29 year career at Seagate,

Forehand is a frequent industry and government speaker and a pioneer in the secure storage industry leading the delivery of the world’s first fully integrated Self Encrypting Drive (SED), and other firsts including security and Cybersecurity in all Seagate Products, Worldwide Security Standards, Certified Security Products and Certified Life-Cycle. He continues leading the proliferation of Seagate Secure, Data Security, and a Trusted Digital Life Cycle worldwide, and into the Digital Transformation, IT 4.0, and the Edge.

Forehand holds master’s and bachelor’s degrees from Oklahoma State University in electrical and computer engineering, with emphasis on artificial intelligence.  He holds 26 patents in the areas of Machine Vision, Electronics Systems, Storage Virtualization, and Embedded Security and is a two-time recipient of the Seagate Technology Hall of Fame Award along with the top technology achievement award.

 

John Loucaides, Eclypsium Inc.

John has extensive history in hardware and firmware threats from experience at Intel and the United States government. At Intel he served in Advanced Threat Research, Platform Armoring and Resiliency, PSIRT, and was a CHIPSEC maintainer. Prior to this, he was Technical Team Lead for Specialized Platforms for the federal government. He has presented and given training on firmware security at multiple events including DEFCON, CanSecWest, Ruxcon, and other security conferences.

 

Lawrence Reinert, Department of Defense

Lawrence Reinert is a senior systems engineer with the Department of Defense actively involved with open source projects dealing with device integrity. Many of those projects have utilized the Trusted Computing Groups (TCG) defined supply chain artifacts. As a member of the Infrastructure Working Group Lawrence has been working with the TCG to provide standards based methods to help mitigate supply chain risk and to promote confidence in procurement.

 

Registration is closed.

Thank you for your interest in the event! Registration has reached capacity, and is now closed.

 

DETAILS

Tuesday, September 10, 2019 8:30 a.m. – 12:30 p.m.

The NCCoE 9700 Great Seneca Hwy Rockville, MD 20850

Security for IPv6 Enabled Enterprises

Thursday, June 13, 2019

The NCCoE hosted a workshop on Security for IPv6 Enabled Enterprises on Thursday June 13, at 8:30 a.m. in Rockville, MD.

NIST’s NCCoE is developing a project plan to examine and demonstrate the state of security technologies and guidance specifications for IPv6 enabled enterprises. A primary focus of the workshop and subsequent NCCoE demonstration project is to examine the extent to which current commercially available security technologies can support wide scale deployment and use of IPv6 in a range of enterprise use case scenarios. Initially the project will focus on dual-stack deployments and then in subsequent follow on efforts, focus on IPv6-only deployments. Another focus of the proposed proof-of-concept project will exercise and evaluate existing IPv6 security guidance from NIST and the Internet Engineering Task Force. It is anticipated that outcomes of the project will inform updates to future NIST guidelines and recommendations.

NIST explicitly solicits input from workshop participants on all aspects of the planned NCCoE demonstration project including the proposed scope, use cases and technologies to be considered, and sources of specifications and guidance.  Once the project description in finalized NIST will solicit organizations to directly collaborate in the technical project and the development of its outputs.

For more information on the workshop, see the call for participation.

Presentations  

View the presentations given during the workshop:  

- Kevin Stine, NIST, Introduction to NIST

- Doug Montgomery, NISTIdentifying and Removing Barriers to IPv6 Development

-Dawn Bedard, Microsoft, Microsoft Corporate Network: Journey to IPv6                                

Col. Keith Repik, Department of Defense, IPv6 Context and Way Ahead

-Lee Howard, Retevia, IPv6 Motivations and Obstacles

--John Burns, Wells Fargo, IPv6 Adoption at a Large Enterprise

Agenda

Thursday, June 13, 2019

Agenda:

8:30-9:00             Check-in, NCCoE Lobby

9:00-9:15              Welcome & Introduction to NCCoE, Kevin Stine, NIST

9:15-9:30              Identifying and Removing Barriers to IPv6 Development, Doug Montgomery, NIST

9:30-10:45           Enterprise Challenges

                                -IPv6 Motivations and Obstacles, Lee Howard, Retevia

                                -IPv6 Adoption at a Large Enterprise, John Burns, Wells Fargo

10:45-11:00         Break

11:00-12:00         Enterprise Challenges

                                -Microsoft Corporate Network: Journey to IPv6, Dawn Bedard, Microsoft

                                -DoD IPv6 Context and Way Ahead, Col. Keith Repik, Department of Defense

12:00-12:15         Break

12:15-1:00           Breakout Sessions – Identifying Barriers to Deployment

1:00-1:30             Readouts, Next Steps

1:30                      Formal Program Ends

2:30-3:30        *Optional: Informal Discussion with NCCoE Regarding Potential Project Scoping and Collaborations

 

The NCCoE is located on:
9700 Great Seneca Hwy
Rockville, MD 20850

 

Mitigating IoT-Based DDoS Industry Day

Wednesday, April 10, 2019

Members of the Mitigating IoT-Based DDoS project team held an Industry Event on April 10, 2019, at the NCCoE. Thanks to everyone who joined us to learn firsthand about the important work the team is doing to strengthen the security of IoT. The presentations below were given at the Industry Day event. 

 

To stay current on our progress, join the Mitigating IoT-DDoS project's Community of Interest by sending an email to: mitigating-iot-ddos-nccoe@nist.gov.

Security Workshops at Intermountain, Park City, UT

Tuesday, April 24, 2018 to Wednesday, April 25, 2018

Join the NCCoE for a series of events hosted by NH-ISAC & Intermountain Healthcare. Attendees will have a chance to collaborate with other healthcare providers, medical device manufacturers and payers in a series of free interactive forum. NCCoE staff will take part in Collaboration with Health Systems and Ongoing Initiatives at the NCCoE from 11:10 am to 11:40 am on April 20. To view a full agenda, visit the NH-ISAC site.

CXO Roundtable: Industrial Control Systems (ICS) Cybersecurity Challenges

Wednesday, June 27, 2018

The National Cybersecurity Center of Excellence (NCCoE) invites you to join us on Wednesday, June 27, 2018 from 9 am - 12 pm. for a CXO Roundtable to share your thoughts on the challenges and potential solutions around malware and industrial IoT (IIoT) for sectors that depend on ICS for their core operations. 

This roundtable will consist of a dozen stakeholders across industry, government, and academia to encourage highly interactive dialogues–giving each individual an opportunity to share his or her thoughts on ICS cybersecurity challenges and to showcase his or her expertise in helping solve those challenges.

The discussion will be broken into two parts and will focus on two key questions:
•    What do you consider to be the crux of the challenge in securing ICS given the increasing prevalence of industrial IoT and malware?
•    From an ICS cybersecurity technology or solutions standpoint, what do you believe can be useful or relevant to address these challenges, and what do you consider to be overstated?  

What to expect:
•    Collaborative engagement with problem solvers, innovators, and thought leaders 
•    Dynamic exchange on today’s cybersecurity challenges 
•    Insightful conversation on physical, operational, and information technologies

Seating is limited. Register today.

Host: Jim McCarthy, Energy Program Lead, National Cybersecurity Center of Excellence
Moderator: Pete Tseronis, Former Chief Technology Officer at U.S. Departments of Energy and Education
Cost: This workshop is complimentary. Coffee and light snacks will be provided.

2018 PSCR Public Safety Broadband Stakeholder Meeting

Tuesday, June 5, 2018 to Friday, June 8, 2018

NCCoE Lead Engineer, Bill Fisher, will participate on a panel entitled Security of the Future Public Safety Broadband Network at the 2018 PSCR Public Safety Broadband Stakeholder Meeting. 

This year’s meeting will take place June 5-8, 2018, at the San Diego Convention Center and will feature concurrent conference tracks. The final stages of a PSCR live challenge will culminate at the conference and winners will be announced and showcased on the final day!

The meeting will include:

  • Presentations on the progress of key research and development projects that are critical to advancing public safety communications
  • Updates from 2017 Grant Recipients
  • New Grantee Posters
  • Capability demonstrations from PSCR investigators
  • and... much more!

Mr. Fisher's panel will present on Thursday June 7th at 3pm and will include John Beltz of NIST PSCR, Sheila Frankel of NIST ITL, and Don Harriss of NIST PSCR.

Industrial IoT Energy Forum

Friday, February 9, 2018

The Industrial Internet of Things (IIoT) is one of the main technology drivers behind new applications in the Energy Industry. However, integration of different technologies, processes, business, social, and regulation realms presents complicated security, privacy & interoperability challenges which must be addressed as IIoT technologies develop. The Industrial Internet Consortium is bringing together global energy leaders to discuss requirements, gaps and opportunities for leveraging the data that is building up within and around our energy systems, and to use that data to increase production and decrease costs. The IIoT Energy Forum will highlight the Industrial Internet Consortium (IIC) and NIST’s activities in the Energy sector – shining a spotlight on smart grids, industrial analytics, security, and other emerging technologies and applications in energy.  

Enhancing Resilience of the Internet and Communications Ecosystem (Second Workshop)

Wednesday, February 28, 2018 to Thursday, March 1, 2018

This workshop at the NCCoE will discuss substantive public comments, including open issues, on a draft report about actions to address automated and distributed threats to the digital ecosystem as part of the activity directed by Executive Order 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.”  In this workshop, the Departments of Commerce and Homeland Security seek to engage all interested stakeholders—including private industry, academia, civil society, and other security experts—on this draft report, its characterization of the threat landscape, the goals laid out, and the actions to further these goals. The draft report was published January 5, 2018 and is available at A Report to the President on Enhancing the Resilience of the Internet and Communications Ecosystem Against Botnets and Other Automated, Distributed Threats.

This report builds on the July 2017 Workshop on on Enhancing Resilience of the Internet and Communications Ecosystem. The proceedings of this workshop were published as NISTIR 8192, "Enhancing Resilience of the Internet and Communications Ecosystem: A NIST Workshop Proceedings."

National Cybersecurity Career Awareness Week Kick Off

Monday, November 13, 2017

The National Initiative for Cybersecurity Education (NICE) will host an event at the National Cybersecurity Center of Excellence (NCCoE) to officially launch the first Annual National Cybersecurity Career Awareness Week to inspire and promote awareness and exploration of cybersecurity careers for children through adults. National Cybersecurity Career Awareness Week takes place during November’s National Career Development Month, and each day of the week-long celebration will provide opportunities to learn about the contributions, innovations, and opportunities that can be found by exploring cybersecurity as a field of study or career choice.

Join us on Monday, November 13th from 10am to noon, to help kick off this exciting week! Attendees will hear from experts on how the cybersecurity community can effectively reach and encourage more students to consider a future career in cybersecurity, and how to utilize career development strategies for college graduates seeking to land their first cybersecurity position or current workers transitioning into this exciting field!