Insights

Differential Privacy: Future Work & Open Challenges

Credit: metamorworks/shutterstock.com In this series of blog posts, we have tried to give an accessible overview of the state-of-the-art in differential privacy. In this final post, we review some of the open challenges in the practical use of differential privacy, and conclude with a summary of contexts where differential privacy is already ready for deployment and what comes next. Setting the Privacy Parameter The impact of the privacy parameter (or privacy budget) ε has been…

Read More

Hot Topics in Consumer Cybersecurity Labeling – Our December 2021 Workshop

On May 12, 2021 the White House released an Executive Order (EO) on Improving the Nation’s Cybersecurity which, among other things, tasked NIST to develop cybersecurity criteria and labeling approaches for consumer software and Internet of Things (IoT) products.   Activity since then includes a call for papers, multiple workshops, draft criteria, and processing all of the feedback received. The goal of the latest workshop on December 9th was to provide the community an update, answer…

Read More

How to deploy machine learning with differential privacy

Credit: metamorworks/shutterstock.com We are delighted to introduce the final guest authors in our blog series, Nicolas Papernot and Abhradeep Thakurta, research scientists at Google Brain, whose research explores applications of differential privacy to machine learning. – Joseph Near and David Darais Previous posts in this series have explored differential privacy for traditional data analytics tasks, such as aggregate queries over database tables. What if we want to use state-of-the-art techniques like machine learning? Can we…

Read More

NIST Launches New International Cybersecurity and Privacy Resources Website

Credit: Shutterstock Every day, NIST cybersecurity and privacy resources are being used throughout the world to help organizations manage cybersecurity and privacy risks. To assist our international colleagues, NIST has launched a new International Cybersecurity and Privacy Resources Site.  The site includes translations of the Cybersecurity Framework, including a newly published Indonesian translation.  You can get more information and add to this list by reaching out to intl-cyber-privacy [at] nist.gov.  Check out this site for…

Read More

Convergent Evolution: SP 800-213, the Federal Profile, and the IoT Cybersecurity Catalog

NIST has been engaged for several years in developing guidance for Internet of Things (IoT) cybersecurity. We’ve held workshops, talked with stakeholders, published drafts, listened to your feedback, refined the content and presentation of our draft guidance, and now are proud to present the updated SP 800-213 and the updated catalog of capabilities in SP 800-213A. But always remember: The goal is to manage your risk … The IoT Cybersecurity Act of 2020 stated requirements…

Read More

Utility Metrics for Differential Privacy: No One-Size-Fits-All

Credit: metamorworks/shutterstock.com In previous posts we discussed different ways to implement differential privacy, each of which offers some trade-off between privacy and utility. But what does “utility” mean, and how do we know we are preserving it? To discuss this topic, we are delighted to introduce another guest author in our blog series, Claire McKay Bowen, Lead Data Scientist for Privacy and Data Security at the Urban Institute. Claire’s research focuses on assessing the quality…

Read More

Privacy-Enhancing Cryptography to Complement Differential Privacy

Credit: metamorworks/shutterstock.com In previous posts we discussed many aspects of differential privacy: what it is, what it is useful for, and how it is applied to data analysis problems. All of those ideas can be applied once you get your hands on a whole dataset. What if the data you are interested in extracting insights from belongs to mutually distrusting organizations? For example, say you run a pumpkin spice latte stand and are wondering if…

Read More

Cybersecurity Awareness Month: Cybersecurity First

This week’s blog post highlighting Cybersecurity Awareness Month is from NIST’s Marian Merritt, Deputy Director and Lead for Industry Engagement for the National Initiative for Cybersecurity Education (NICE). In this post, Marian discusses ways to minimize cybersecurity risks for small businesses. How did you end up at NIST working on small business cybersecurity projects? Like many in the cybersecurity industry, my career path to my current role was anything but a straight line. I began in the…

Read More

Cybersecurity Awareness Month: Explore. Experience. Share

This week’s blog post highlighting Cybersecurity Awareness Month is from NIST’s Rodney Petersen, Director of the National Initiative for Cybersecurity Education (NICE). In this post, Rodney discusses Cybersecurity Career Awareness Week, a week-long campaign that inspires and promotes the exploration of cybersecurity careers. What is your job at NIST? I am the Director of the National Initiative for Cybersecurity Education (NICE) in the Applied Cybersecurity Division that is part of the Information Technology Lab.  I am also the informal…

Read More

Cybersecurity Awareness Month: Fight the Phish

This week’s blog post highlighting Cybersecurity Awareness Month is from NIST’s Dr. Shaneé Dawkins, Computer Scientist in ITL’s Visualization and Usability Group. In this post, Shaneé  discusses Phishing attacks and scams, as well as ways to keep your information protected. How did you end up at NIST working on cybersecurity projects? I have been a computer scientist in ITL’s Visualization and Usability Group for about 10 years conducting research on the human aspects of information technology. At…

Read More