NIST to Release Guidelines on APTs and Achieving Cyber Resilient Systems

At the 3rd Annual Billington International Cybersecurity Summit, the National Institute of Standards and Technology (NIST) will release for the first time the public draft of its newest guidelines on cyber resiliency against Advanced Persistent Threats (APTs).

APTs have the capability to breach critical systems, establish a presence within those systems (often undetected), and inflict immediate and long-term damage to the economic and national security interests of the nation.

Join us March 21 for this exclusive announcement by:

  • Charles Romine, Director, Information Technology Laboratory, National Institute of Standards and Technology;
  • Mark Kneidinger, Director, Federal Network Resilience, U.S. Dept. of Homeland Security (Invited); and
  • Ron Ross, Fellow, National Institute of Standards and Technology.

For the nation to survive and flourish in the 21st century where hostile actors in cyberspace are assumed and information technology will continue to dominate every aspect of our lives, we must develop trustworthy, secure IT components, services, and systems that are cyber resilient. Cyber resilient systems are those systems that have required security safeguards “built in” as a part of the system architecture and design. They also must display a high level of resiliency, allowing the systems to withstand a cyber-attack, and continue to operate even in a degraded or debilitated state—carrying out mission-essential functions.

The draft guideline provides a flexible systems engineering-based framework to help organizations address the APT.  NIST Special Publication 800-160, Volume 2, Systems Security Engineering: Cyber Resiliency Considerations for the Engineering of Trustworthy Secure Systems, is the first in a series of specialty publications developed to support NIST Special Publication 800-160, Volume 1, the flagship Systems Security Engineering guideline. Volume 2 addresses cyber resiliency considerations for two important, yet distinct communities of interest:

  • Organizations conducting new development of IT component products, systems, and services; and
  • Organizations with legacy systems (installed base) currently carrying out day-to-day missions and business functions.

Both types of organizations can apply the guidance and cyber resiliency considerations to help ensure that the component products, systems, and services that they need, plan to provide, or have already deployed, can survive when confronted by the APT. Organizations can identify those missions, business functions, and assets that are the most critical and employ an enterprise-wide risk management strategy to guide and inform any investment decisions regarding cyber resiliency.

Following the announcement, you will hear an in-depth analysis on implementation strategies to secure high value assets and achieve cyber resiliency:

Protecting High Value Assets in Federal Agencies –Implementation Strategies

Moderator:

  • Jason Miller, Executive Editor, Federal News Radio

Panelists:

  • Jeffrey Eisensmith, CISO, U.S. Dept. of Homeland Security (Approval in progress)
  • Ron Ross, Fellow, National Institute of Standards and Technology
  • Mark Kneidinger, Director, Federal Network Resilience, U.S. Dept. of Homeland Security (Invited)
  • Martin Stanley, Project Lead HVA Project, U.S. Department of Homeland Security (Invited)

To register for the Billington International Cybersecurity Summit, click here. Government and military are free but must register.