Cybersecurity Guidance, Labels and Communication [Weekly Cybersecurity Brief]

Grappling with major cybersecurity incidents has enforced the importance of proactive solutions. These may range from solidifying plans in the case of an attack, enhancing staff training (as we discussed last week), working with strategic partners across sectors, upgrading tools, conducting audits or all the above. And as we’ve covered before, government agencies have been included in those trying to further develop these approaches. The National Institute of Standards and Technology (NIST) and Department of Defense (DoD) are some of the latest to introduce new programs.

The NIST recently turned its attention to updating guidelines offered for cybersecurity practices. Developed specifically for system engineers, the organization released a new document titled “Engineering Trustworthy Secure Systems.” The document, which was driven by President Biden’s 2021 executive order for strengthening the federal government’s cybersecurity measures, is meant to serve as a “holistic” resource for those working in programming. It details aspects such as creating trustworthy designs that cut down on the chances of running into a vulnerability and “addresses the engineering-driven perspective and actions necessary to develop more defensible and survivable systems, inclusive of the machine, physical, and human components that compose those systems and the capabilities and services delivered by those systems,” as the publication states. This guide follows previous ones put out by NIST in 2018 and 2021.

That’s not the only move the NIST has made recently. It also outlined a cybersecurity initiative geared toward building consumer awareness and understanding. The initiative depends on a certificate program that notes if an internet-connected device meets cyber standards that have been recommended. The standards include qualities such as “accepting software patches and allowing users to control what information the devices collect and share about them,” according to The Washington Post’s “Cybersecurity 202.” The NIST hopes to work with another industry organization to assemble the certificates and aims to, ultimately, make them common and go-to expectations for products to display. Not only is it their mission to foster a broader perspective around cybersecurity, but they are also seeking to address a growing concern as more smart devices like speakers and baby monitors are brought into homes. NIST is set to conduct a survey on this program in May.

In addition to these NIST efforts, the DoD has launched a new program as well. It announced the formation of the DoD University Consortium for Cybersecurity (UC2), which it created to improve “communication between the Secretary of Defense and academia,” as reported in MeriTalk. The National Defense University’s College of Information and Cyberspace will be used as the program’s coordination center while the University of Idaho’s Center for Secure and Dependable Systems will act as a support center. When commenting on UC2, Heidi Shyu, undersecretary of Defense for research and engineering, pointed to the role that it helps to fulfill to work with research universities. She added that this also serves as foundation to establish further relationships with community colleges and historically black colleges.

Key Takeaways:

“Amid constant cybersecurity threats, NIST added more insight for engineers and programmers on how to mitigate system vulnerabilities.” – Alexandra Kelley, Nextgov

https://www.nextgov.com/cybersecurity/2022/01/nist-updates-cybersecurity-engineering-guidelines/360587/

  • The National Institute of Standards and Technology (NIST) released a new document titled “Engineering Trustworthy Secure Systems” that serves as a cybersecurity guideline for system engineers.
  • It details aspects such as creating trustworthy designs that cut down on the chances of running into vulnerability and emphasizes a holistic approach to protection.
  • This guide follows previous ones put out by NIST in 2018 and 2021.

“Cybersecurity labels for consumer products could be on the way” – Joseph Marks, The Washington Post

https://www.washingtonpost.com/politics/2022/01/13/cybersecurity-labels-consumer-products-could-be-way/

  • The NIST also set forth on an initiative to develop a certificate program that notes if an internet-connected device meets cyber standards that have been recommended.
  • The standards include qualities such as “accepting software patches and allowing users to control what information the devices collect and share about them,” according to The Washington Post’s “Cybersecurity 202.”
  • The NIST hopes to work with another industry organization to assemble the certificates.

“DoD Launches University Consortium for Cybersecurity” – Lamar Johnson, MeriTalk

https://www.meritalk.com/articles/dod-launches-university-consortium-for-cybersecurity/

  • The DoD announced the formation of the DoD University Consortium for Cybersecurity (UC2).
  • It created the program to improve “communication between the Secretary of Defense and academia,” as reported in MeriTalk.
  • The National Defense University’s College of Information and Cyberspace will be used as the program’s coordination center while the University of Idaho’s Center for Secure and Dependable Systems will act as a support center.
Share

You Might Also Like...