NCCoE creates cybersecurity policy, one building block at a time

Federal agencies already have all the components that they would need in place to cut down on phishing attacks. They just need to be shown how to use them.

“The internet engineering task force has worked for years to promote DNS (domain name service security) as well as how you can use that for trusted email,” said Donna Dodson, associate director of the information technology lab and chief cybersecurity adviser at the National Institute of Standards and Technology, as part of Federal News Radio’s Cybersecurity Month.

She said personal identity verification cards include credentials that can be used for encryption and identity management.

“So combining all of these standards together and the capabilities that they bring in an email system for emails that follow this building block, you can know who those emails came from, and that they have not been altered after they’ve been sent, which really cuts down on phishing sorts of attacks,” Dodson told the Federal Drive with Tom Temin. “The standards are there, and we’re showing people how to use them with this practice guide.”

The practice guide she referred to is one of the 1800-series NIST publications, developed by NIST’s National Cybersecurity Center of Excellence. Similar to the 800-series special publications, they explain how to use certain cybersecurity concepts that the NCCoE refers to as building blocks.

Dodson says building blocks are broad-concept cybersecurity issues that NCCoE tackles that can apply across various business environments.

One such building block, NCCoE, is currently exploring is mobile technology. The center is particularly looking at mobility as it pertains to health care and how it can fit into hospital infrastructure. Doctors want to be able to use and share health data via mobile devices to facilitate the transfer of information.

But for that to happen, it has to be usable, professional and secure.

And those are standards for the use of mobile technology in any sector, not just health care. That’s why NCCoE considers it a building block.

Other building blocks NCCoE is currently considering, besides trusted email and mobile technology, are Internet of Things and trusted geolocation, which helps people understand the location of their data in the cloud.

“Cybersecurity is a fast-moving target, and one of the things that we have recognized at NIST through our work with the cybersecurity framework, our work with financial services and cryptography, and everything that we do here, is that really, you have to think of cybersecurity from both a technical and from a business aspect,” Dodson said. “And the center sets this agenda by working with different business sectors to understand where their challenges are, and based on those business cybersecurity challenges, we work to bring in standards and best practices, the technical underpinning, that meets those business challenges. So it’s really working with the healthcare sector, and the financial services sector, and the government sector, and utilities, to name some examples.”

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.