Browsing: Cybersecurity

After four years of research and development, NIST has published a groundbreaking new security guideline that addresses the longstanding problem of how to engineer trustworthy, secure systems—systems that can provide continuity of capabilities, functions, services, and operations during a wide range of disruptions, threats, and other hazards. In fact, I think that Special Publication 800-160, Systems Security Engineering, is the most important publication that I have been associated with in my two decades of service with NIST. I want to share what led me to this conclusion. The Current Landscape The United States, and every other industrialized nation, is experiencing explosive growth in information technology. These technological innovations have given us access to computing and communications capabilities unparalleled in the…

Those of us who work for small businesses regularly perform duties outside our job description. I’ve experienced the “all hands on deck” approach that drives the day-to-day operations of many small and midsize businesses. This approach fittingly applies to cybersecurity, which is no longer a responsibility that can or should be solely reserved for IT. I was hired by SDN Communications to serve in a government relations and regulatory capacity, but the position soon evolved to include cybersecurity and risk management. Prior to joining SDN, I worked in the U.S. Senate on cybersecurity and telecommunications policy. In one of my last duties as a staffer, I briefed Sen. Tim Johnson about the Cybersecurity Enhancement Act of 2014. The measure cemented…

Aristotle once said, “The whole is greater than the sum of its parts.” Two gears together can accomplish much more than one gear alone. And when you connect multiple systems together, whether of gears or computers, you can achieve even greater functionality and performance. We call these “systems of systems,” or SoS, and you can find them everywhere. Hospitals, for example. In a hospital, there are individual computer systems for patient management, pharmacies, laboratories, imaging, and telemetry. Included in this network are the individual machines used to diagnose and treat patients such as MRIs and pacemakers. Hospitals are connecting more and more of these machines to their wireless networks so that doctors and nurses can access and control them using…

Like it or not, email is a central component of modern day life. The average person spends 6.3 hours a day checking their messages, and email continues to be the most popular means of communication, ahead of instant messaging, texting and social media. Scam artists have taken note and are exploiting the relative lack of security around email communications to gain access to your accounts and ultimately steal your money or even your identity. While we are all familiar with the “international” email scam and no longer believe that a stranded diplomat will share millions of dollars with us if we will pay the fees to have it transferred, there are many other scams that seem legitimate enough to fool…

Acronyms. The world, and especially the government, is overflowing with them. You’d be hard-pressed to pick a favorite. People might even look at you funny if you suggested that you had one. I’m lucky enough to have my favorite one on my business card: NICE—the National Initiative for Cybersecurity Education. While I’d like to think I was one even before I got the card, it’s been fun to be officially known as “the NICE guy” since I arrived at NIST a little less than two years ago. My 25-year career has been devoted to higher education, and for the past 15 years I’ve been focused on cybersecurity, so it’s fitting that I now have the opportunity to lead a program…

1 2