In The News

Below are the latest news stories highlighting the NCCoE. The following links to external websites are curated for your convenience. Inclusion of these stories does not imply NCCoE endorsement or responsibility for the content found on these external websites.

In the news
May 09, 2018  |  Inside Cybersecurity

The National Institute of Standards and Technology’s National Cybersecurity Center of Excellence today issued a request for technical expertise and products to help improve the cybersecurity of Picture Archiving and Communications Systems, widely used for treatment and diagnosis in hospitals. In a Federal Register notice, NIST “invites organizations to provide products and technical expertise to support and demonstrate security platforms” for the cybersecurity of PACS, which comprise medical imaging technology used for storing and presenting images produced by MRIs, X-rays, CT scanners, and other devices.

In the news
May 08, 2018  |  MeriTalk

Working with the private sector, NIST’s National Cybersecurity Center of Excellence created a platform that uses Domain Name System security extensions and authentication to ensure the validity of email signatures. In two separate test scenarios NIST ran, a fraudulent actor attempted to pose as a trusted email source, and the security platform thwarted the spoofing attack.

In the news
May 01, 2018  |  The ISSA Journal (Information Systems Security Association)

This article discusses how the National Cybersecurity Center of Excellence (NCCoE) develops practical and usable cybersecurity guidance that can be adopted across industries, including the healthcare sector. The NCCoE works across public-private partnerships to create the National Institute of Standards and Technology (NIST) Special Publication (SP)1800 Series practice guides that are focused on specific industry challenges that companies can adopt for use.

In the news
May 01, 2018  |  SC Magazine

Surveillance technologies may also help improve cybersecurity protections, enabling organizations to closely monitor and mitigate threats. In industries such as healthcare, finance, hospitality or electrical power, there are federal oversight recommendations and guidance published by NIST and the National Cybersecurity Center of Excellence (NCCoE) that can help organizations improve cybersecurity and privacy protections.

In the news
April 27, 2018  |  The Hill

NIST's National Cybersecurity Center of Excellence posted a notice on the Federal Register discussing two projects – Identifying and Protecting Assets Against Ransomware and Other Destructive Events in addition to Detecting and Responding to Ransomware and Other Destructive Events – inviting technology vendors to participate in them. Both projects will use open-source technologies available on the market to develop methods aimed at countering ransomware threats.

In the news
April 27, 2018  |  Inside Cybersecurity

The National Institute of Standards and Technology is seeking industry proposals for demonstrating technologies and methods for protecting the integrity of data against ransomware and other malware attacks, as part of a broader project managed by the agency's National Cybersecurity Center of Excellence. Specifically, NIST is seeking industry proposals for “identifying and protecting assets” and “detecting and responding” to ransomware and other “destructive events,” according to a Federal Register notice issued today.

In the news
March 26, 2018  |  Inside Cybersecurity

NIST's National Cybersecurity Center of Excellence invites “organizations to provide products and technical expertise” as a first step in the NCCoE's development of the “energy sector asset management project.” Organizations must request a letter of interest template from NIST to provide input. The draft project was released by NIST in January, and aims to provide guidance to energy-sector companies on how to how to address vulnerabilities within industrial control systems that leave the systems open to cyber attacks.

In the news
February 13, 2018  |  TechTarget

The National Institute of Standards and Technology published a report in 2017 that describes how route hijacking threatens secure inter-domain routing. The paper examines how the Border Gateway Protocol is subject to route hijacking because it lacks a mechanism for authenticating routing reports. How does BGP route hijacking work, how does it affect enterprises and what does NIST suggest for mitigation strategies?

In the news
February 09, 2018  |  Homeland Security Today

Over the last five years, many organizations have sought to define how cyber risk management should be implemented on ships, and the overwhelming consensus has been to follow the Cybersecurity Framework developed by the National Institute of Standards and Technology (NIST). Developed in 2014, the NIST framework defines five functional elements that create the backbone of a sound cyber risk management program. The framework was designed to be generic so it could be employed by any sector, ranging from financial or medical to transportation or security. With the help of the National Cybersecurity Center of Excellence (NCCoE), groups within the maritime industry have worked from this framework to develop additional guidelines and best practices.

In the news
January 26, 2018  |  Federal Laboratory Consortium

NIST and the National Cybersecurity Center of Excellence (NCCoE) have been using Cooperative Research and Development Agreements (CRADAs) for joint cybersecurity efforts. Companies with relevant products were invited to sign a CRADA with NIST, allowing them to participate in a consortium to build this example solution. NIST aims to describe the process that brings together the collaborators in an open and transparent way.