Use this form to search content on CSRC pages.
Abstract: Today’s manufacturing organizations rely on industrial control systems (ICS) to conduct their operations. Increasingly, ICS are facing more frequent, sophisticated cyber attacks—making manufacturing the second-most-targeted industry. Cyber attacks against ICS threaten operations and worker safety, r...
Abstract: The Industrial Internet of Things (IIoT) refers to the application of instrumentation and connected sensors and other devices to machinery and vehicles in the transport, energy, and other critical infrastructure sectors. In the energy sector, distributed energy resources (DERs) such as solar photovo...
Abstract: Industrial control systems (ICS) are used in many industries to monitor and control physical processes. As ICS continue to adopt commercially available information technology (IT) to promote corporate business systems’ connectivity and remote access capabilities, ICS become more vulnerable to cybers...
Abstract: Manufacturing organizations that rely on industrial control systems (ICS) to monitor and control physical processes that produce goods for public consumption are facing an increasing number of cyber attacks. The U.S. Department of Homeland Security reports that the manufacturing industry is the seco...
Abstract: This project explores several scenarios in which information exchanges among commercial- and utility-scale distributed energy resources (DERs) and electric distribution grid operations can be protected from certain cybersecurity compromises. Components of these infrastructures form what is commonly...
Abstract: Industrial Control Systems (ICS) monitor and control physical processes in many different industries and sectors. Cyber attacks against ICS devices present a real threat to organizations that employ ICS to monitor and control manufacturing processes. The NIST Engineering Laboratory (EL), in conjunct...
Conference: 2016 ACM SIGSAC Conference on Computer and Communications Security (CCS '16) Abstract: While attacks on information systems have for most practical purposes binary outcomes (information was manipulated/eavesdropped, or not), attacks manipulating the sensor or control signals of Industrial Control Systems (ICS) can be tuned by the attacker to cause a continuous spectrum in damages. Att...
Conference: 11th Annual Cyber and Information Security Research Conference (CISRC '16) Abstract: Industrial control systems (ICS) are composed of sensors, actuators, control processing units, and communication devices all interconnected to provide monitoring and control capabilities. Due to the integral role of the networking infrastructure, such systems are vulnerable to cyber attacks. Indepth...
Abstract: The National Institute of Standards and Technology (NIST) is developing a cybersecurity performance testbed for industrial control systems. The goal of the testbed is to measure the performance of industrial control systems (ICS) when instrumented with cybersecurity controls in accordance with the b...
Abstract: This bulletin summarizes the information presented in NIST SP 800-82, Rev 2: Guide to Industrial Control Systems (ICS) Security written by Keith Stouffer, Victoria Pillitteri, Suzanne Lightman, Marshall Abrams and Adam Hahn. The publication provides guidance on how to secure Industrial Control Syste...
Abstract: This document provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing their uniqu...
Journal: ASME Dynamic Systems and Control Magazine Abstract: The National Institute of Standards and Technology (NIST) is developing a cybersecurity testbed for industrial control systems (ICS). The goal of the testbed is to measure the performance of ICS when instrumented with cybersecurity countermeasures in accordance with practices prescribed by national...
Conference: Process Control and Safety Symposium 2014 Abstract: The National Institute of Standards and Technology (NIST) is developing a cybersecurity testbed for industrial control systems (ICS). The goal of this testbed is to measure the performance of an ICS when instrumented with cybersecurity protections in accordance with practices prescribed by prevailin...
Abstract: This document provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC), while addressing their uniqu...
Abstract: This bulletin summarizes the information presented in NIST Special Publication (SP) 800-82, Guide to Industrial Control Systems Security: Recommendations of the National Institute of Standards and Technology. The publication was written by Keith Stouffer and by Joe Falco of NIST, and by Karen Scarfo...
Abstract: NIST Special Publication (SP) 800-82, Guide to Industrial Control Systems (ICS) Security, provides guidance on how to secure Industrial Control Systems (ICS), including Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS), and other control system configuration...
NIST’s National Cybersecurity Center of Excellence (NCCoE) has released a draft of NIST Special Publication (SP) 1800-32, Securing the Industrial Internet of Things: Cybersecurity for Distributed Energy Resources.
(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes USPS: Building a Privacy and Consumer Policy Program Zoe Strickland, Privacy Officer, United States Postal Service NIST Industrial Control System Security Activities Keith Stouffer, National Institute of Standards and Technology Radio Frequency Identification (RFID) Intra-Government Council Handout Role of the Chief Privacy Officer John Fanning Radio Frequency Identification Technology in the Federal Government Douglas Devereaux, Technology Administration for Department of Commerce Presentation on...
(All presentations in .pdf format.) Federal Register Notice Announcing Meeting Minutes SCADA Briefing: NIST Industrial Control System Security Activities Keith Stouffer, NIST 21st Century Framework for Revisions to the Privacy Act of 1974 and Other Federal Privacy Statutes Status Report On Personal Identity Verification Standards and HSPD#12 Curt Barker, NIST Government Line of Business Initiative Overview: Information Systems Security (ISS): Line of Business (LOB) John Sindelar, General Services Administration Conceptual Proposal for a Joint Inquiry and Recommendations on a 21st...
On Thursday, May 20, 2010, NIST held a 1-day forum & workshop on Cloud Computing. The purpose of this forum & workshop -- The Federal Chief Information Officer is charged with improving performance and lowering the cost of government operations by leveraging cloud computing. The Federal CIO has asked the National Institute of Standards and Technology (NIST) to lead federal efforts on standards for data portability, cloud interoperability, and security. NIST's mission, as a non-regulatory federal agency within the U.S. Department of Commerce, is to promote U.S. innovation and industrial...
The HHS Office for Civil Rights (OCR) enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety; and, the Breach Notification regulations requiring HIPAA covered entities and their business associates to notify individuals when their health information is...
To encourage development of test methods, metrics and tools for evaluating the effectiveness of mitigations against non-invasive attacks on cryptographic modules. CALL FOR PAPERS (Submission has been closed. Updated Aug. 17, 2011) Technical Contact: non-invasive@nist.gov Related Projects / Workshops: FDTC 2011 CHES 2011 CRI Seminar Special Note: NIST Computer Security Division would like to acknowledge Dr. Hori's valuable contributions as an organizer to this workshop, and also for being a key representative to the workshop committee. Thank you. Workshop Team: Randall Easter, NIST...
The HHS Office for Civil Rights (OCR) enforces the HIPAA Privacy Rule, which protects the privacy of individually identifiable health information; the HIPAA Security Rule, which sets national standards for the security of electronic protected health information; the confidentiality provisions of the Patient Safety Rule, which protect identifiable information being used to analyze patient safety events and improve patient safety; and, the Breach Notification regulations requiring HIPAA covered entities and their business associates to notify individuals when their health information is...
Presentations & Speakers at a Glance: Updates from GAO and FedRAMP; Presentations on Executive Order 13636, Cryptographic Technology, Continuous Monitoring, National Vulnerability Database, Industrial Control System Security, SP 800-53, Revision 4, Supply Chain Risk Management, IT Security Concerns During a Consolidation/Merger, and more! NOTE: FORUM MEETINGS ARE OPEN TO ONLY FEDERAL/STATE EMPLOYEES, HIGHER EDUCATION EMPLOYEES, AND THEIR DESIGNATED SUPPORT CONTRACTORS. REGISTRANTS MUST USE A .GOV, .EDU, OR .MIL ADDRESS FOR SIGN-UP. SUPPORT CONTRACTORS MUST INDICATE THE AGENCY OR...
NIST has initiated a process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms. The submission deadline of November 30, 2017 has passed. Please see the Round 1 Submissions for the listing of complete and proper submissions. The conference enabled first round candidates to publicly discuss and explain their accepted algorithm. The conference was held at the Pier 66 Hotel and Marina and co-located with PQCrypto 2018. Round 1 candidates that were unable to present at April 2018 conference Compact LWE...