National Cybersecurity Center of Excellence Increasing the deployment and use of standards-based security technologies Harry Perper – Chief Engineer National Cybersecurity FFRDC The MITRE Corporation 18 January, 2017
STRATEGY VISION ADVANCE CYBERSECURITY A secure cyber infrastructure that inspires technological innovation and fosters economic growth MISSION ACCELERATE ADOPTION OF SECURE TECHNOLOGIES Collaborate with innovators to provide real-world, standards-based cybersecurity capabilities that address business needs GOAL 1 GOAL 2 GOAL 3 PROVIDE PRACTICAL INCREASE RATE OF ACCELERATE INNOVATION CYBERSECURITY ADOPTION Empower innovators to creatively Help people secure their data and digital Enable companies to rapidly deploy address businesses’ most infrastructure by equipping them with commercially available cybersecurity pressing cybersecurity challenges practical ways to implement standards- technologies by reducing in a state-of-the-art, collaborative based cybersecurity solutions that are technological, educational and environment modular, repeatable and scalable economic barriers to adoption Welcome to the NCCoE 2
STAKEHOLDERS PARTNERS/SPONSORS Advise, assist, and facilitate the Maryland National U.S. U.S. The Montgomery Center’s strategic initiatives State Institute of Department Congress White County Standards and of House Technology Commerce TEAM NCCoE Project National Collaborate with innovators Tech Academia Specialists Cybersecurity to provide real-world Firms Excellence cybersecurity capabilities Partnership National that address business Project- (NCEP) Cybersecurity needs Specific Industry Government Partners FFRDC* Collaborators *Sponsored by NIST, the National Cybersecurity Federally Funded Research & Development Center (FFRDC) is operated by the MITRE Corporation CUSTOMERS Academia Cybersecurity IT Community Business Sectors Collaborate with center on project-specific use cases that help our customer’s Government Systems Integrators Individuals manage their cybersecurity priorities Welcome to the NCCoE 3
ENGAGEMENT & BUSINESS MODEL DEFINE + ARTICULATE Define business problems and project descriptions, refine into a specific use Describe the business problem case ORGANIZE + ENGAGE Collaborate with partners from industry, government, academia and the IT Partner with innovators community on reference design Practical, usable, repeatable reference IMPLEMENT + TEST design that addresses the business Build a usable reference design problem TRANSFER + LEARN Set of all material necessary to Guide users to stronger implement and easily adopt the reference design cybersecurity Welcome to the NCCoE 4
MODEL The NCCoE seeks problems that are: ‣ Broadly applicable across much of a sector, or across sectors ‣ Addressable through one or more reference designs built in our labs ‣ Complex enough that our reference designs will need to be based on the combination of multiple commercially available technologies Reference designs address: ‣ Sector-specific use cases that focus on a business-driven cybersecurity problem facing a particular sector (e.g., health care, energy, financial services) ‣ Technology-specific building blocks that cross sector boundaries (e.g., roots of trust in mobile devices, trusted cloud computing, software asset management, attribute based access control) Welcome to the NCCoE 5
BENEFITS Cybersecurity solutions that are: based on standards and best practices usable, repeatable and can be adopted rapidly modular, end-to-end and commercially available developed using open and transparent processes matched to specific business needs and bridge technology gaps Welcome to the NCCoE 6
NATIONAL CYBERSECURITY EXCELLENCE PARTNERS Welcome to the NCCoE 7
CURRENT PROJECTS ‣ Attribute Based Access Control (SP) Mobile Devices (SP) ‣ Consumer/Retail: Multifactor Authentication ‣ Health Care: Wireless Medical Infusion for e-Commerce Pumps ‣ Data Integrity ‣ Manufacturing: Capabilities Assessment for Securing Manufacturing Industrial Control ‣ Derived PIV Credentials Systems ‣ DNS-Based Secured Email (SP) ‣ Mobile Device Security (SP) ‣ Energy: Identity and Access ‣ Privacy-Enhanced Identity Federation Management (SP) ‣ Public Safety/First Responder: ‣ Energy: Situational Awareness Authentication for Law Enforcement Vehicle ‣ Financial Services: Access Rights Systems Management ‣ Public Safety/First Responder: Mobile ‣ Financial Services: IT Asset Application Single Sign-On Management (SP) ‣ Transportation: Maritime: Oil & Natural Gas ‣ Health Care: Electronic Health Records on ‣ Trusted Geolocation in the Cloud Welcome to the NCCoE 8
QUESTIONS? Harry Perper, Chief Engineer harry.perper@nist.gov, harry@mitre.org 1+ 301-975-0367 Twitter: @hperper http://nccoe.nist.gov 301-975-0200 nccoe@nist.gov Welcome to the NCCoE 9
Recommend
More recommend