CyberSecurity Updates

In this installment of our 50th Anniversary of Cybersecurity series, we hear from NIST’s Rodney Petersen, Director of the National Initiative for Cybersecurity Education (NICE). In this look back, Rodney offers a brief history of NICE, discusses recent advances in cybersecurity education and workforce development, and shares a few memories from around the community. In this year-long celebration of cybersecurity at NIST, we at the National Initiative for Cybersecurity Education (NICE) are proud to be…

Read More

With each day bringing new cybersecurity challenges and advances, it is easy to understand why people feel like it’s hard to keep up. It is important to be agile and move quickly to avoid the consequences of cybersecurity attacks—and that need extends to government agencies, like NIST, as we work collaboratively with industry, academia, and government to help meet these challenges. Those of us at NIST realize that we have a responsibility to keep an…

Read More

Credit: Shutterstock/jamesteohart For many decades, consumers have relied on labels to help them make decisions about which products to buy. Sometimes the labels make assertions about what ingredients or components the product uses. (What’s in that peanut butter?) Other times labels claim a level of performance. (How much storage does that laptop have?) These statements may come from the manufacturer or from a third party who has reviewed and perhaps tested the product. (This appliance…

Read More

Credit: Shutterstock/Rawpixel.com Today’s blog celebrates Data Privacy Week, an international awareness initiative led by the National Cyber Security Alliance to help spread awareness about online privacy. NIST is very proud to participate again this year in this initiative that was successfully expanded from a single day event to a weeklong effort. At NIST, our NIST Privacy Engineering Program plays an integral role in establishing trustworthiness in information system technologies. This blog aims to highlight NIST’s…

Read More

Credit: metamorworks/shutterstock.com In this series of blog posts, we have tried to give an accessible overview of the state-of-the-art in differential privacy. In this final post, we review some of the open challenges in the practical use of differential privacy, and conclude with a summary of contexts where differential privacy is already ready for deployment and what comes next. Setting the Privacy Parameter The impact of the privacy parameter (or privacy budget) ε has been…

Read More

On May 12, 2021 the White House released an Executive Order (EO) on Improving the Nation’s Cybersecurity which, among other things, tasked NIST to develop cybersecurity criteria and labeling approaches for consumer software and Internet of Things (IoT) products.   Activity since then includes a call for papers, multiple workshops, draft criteria, and processing all of the feedback received. The goal of the latest workshop on December 9th was to provide the community an update, answer…

Read More

Credit: metamorworks/shutterstock.com We are delighted to introduce the final guest authors in our blog series, Nicolas Papernot and Abhradeep Thakurta, research scientists at Google Brain, whose research explores applications of differential privacy to machine learning. – Joseph Near and David Darais Previous posts in this series have explored differential privacy for traditional data analytics tasks, such as aggregate queries over database tables. What if we want to use state-of-the-art techniques like machine learning? Can we…

Read More

Credit: Shutterstock Every day, NIST cybersecurity and privacy resources are being used throughout the world to help organizations manage cybersecurity and privacy risks. To assist our international colleagues, NIST has launched a new International Cybersecurity and Privacy Resources Site.  The site includes translations of the Cybersecurity Framework, including a newly published Indonesian translation.  You can get more information and add to this list by reaching out to intl-cyber-privacy [at] nist.gov.  Check out this site for…

Read More

NIST has been engaged for several years in developing guidance for Internet of Things (IoT) cybersecurity. We’ve held workshops, talked with stakeholders, published drafts, listened to your feedback, refined the content and presentation of our draft guidance, and now are proud to present the updated SP 800-213 and the updated catalog of capabilities in SP 800-213A. But always remember: The goal is to manage your risk … The IoT Cybersecurity Act of 2020 stated requirements…

Read More

Credit: metamorworks/shutterstock.com In previous posts we discussed different ways to implement differential privacy, each of which offers some trade-off between privacy and utility. But what does “utility” mean, and how do we know we are preserving it? To discuss this topic, we are delighted to introduce another guest author in our blog series, Claire McKay Bowen, Lead Data Scientist for Privacy and Data Security at the Urban Institute. Claire’s research focuses on assessing the quality…

Read More