At a press briefing featuring high-ranking Federal, state, and local officials on its Gaithersburg, MD, campus last month, the National Institute of Standards and Technology (NIST) announced a new partnership to establish the National Cybersecurity Center of Excellence, a “public-private collaboration for accelerating the widespread adoption of integrated cybersecurity tools and technologies.” The Center received $10 million in the FY 2012 appropriations to cover startup costs, and expects to make available opportunities for grants to address identified needed technologies.
According to the Center website:
The Center brings experts together from industry, government and academia under one roof to develop practical, interoperable cybersecurity approaches that address the real world needs of complex IT systems. By accelerating dissemination and use of these integrated tools and technologies for protecting information technology (IT) assets, the Center:
- enhances trust in U.S. IT communications, data, and storage systems;
- lowers risk for companies and individuals in the use of IT systems; and
- encourages development of innovative, job-creating cybersecurity products and services.
A key goal is to “host multi-institutional, collaborative efforts that individual member organizations do not have the expertise or resources to conduct alone” (following the link):
Each project will start with a specific identified “use case,” a complex cybersecurity challenge that requires an integrated solution and has clear benefits for one or more particular industry sectors. For example, initial use cases could include:
- health IT solutions that use open interface standards to encourage interoperability, flexibility, and competition, while allowing wide broadband remote access and high levels of privacy and security;
- cloud computing solutions that provide strong methods for knowing the physical location of sensitive data and for monitoring and verifying permissions for data movement among cloud servers; or
- mobile computing solutions that provide trusted ways for organizations to communicate with their employees on their personally owned devices and yet protect that data if the device is lost or stolen or if the employee no longer works for the organization.
By hosting workshops and gathering inputs from broad groups of stakeholders, the center will:
- select specific use cases and determine requirements for possible cybersecurity solutions;
- refine each use case based on public feedback, identify applicable standards and guidelines, and place an open call for participation by interested IT vendors;
- provide office space, basic hardware, and infrastructure components;
- work with users, vendors, and NIST experts to design, implement, test, and demonstrate possible solutions;
- deploy and test the solution in a testbed environment; and
- document and share each solution with the detail needed so that others can reproduce it.
For more, watch the announcement below…
…and check out the Center website, including this interesting fact sheet and these frequently asked questions.
(Contributed by Erwin Gianchandani, CCC Director)