Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Summary
NIST works with industry partners to advance the research, standardization and adoption of technologies necessary to increase the security, privacy, resilience and performance of networked systems. This includes resolving systemic vulnerabilities in existing and emerging critical network infrastructures and advancing the development of potentially disruptive technologies to improve the trustworthiness of future networks.
NIST seeks to innovate the measurement science necessary to establish a technical basis for trustworthy networks and to apply metrology to improve the quality and timeliness of technical standards that improve the security and resilience of critical network infrastructures.
Description
The need for Trustworthy Networking
Internet Society Report on the Future of the Internet
- “Perhaps the most pressing danger to the future of the Internet is the rising scope and breadth of Cyber Threats.”
- “Addressing cyber threats should be the priority”
- “The scale of cyberattacks is steadily growing, and many anticipate the likelihood of catastrophic cyberattacks in the future.”
- “Inadequate management of cyber threats will put users increasingly at risk, undermine trust in the Internet and jeopardize its ability to act as a driver for economic and social innovation.”
Cultivating trust is not easy ...
- Challenges are technical, economic, often dominated by prevailing business models, complicated by massive installed bases, and fears of governmental interference.
The Need for Test and Measurement:
Understanding and Controlling Network Behavior
- “[Despite] society’s profound dependence on networks, fundamental knowledge about them is primitive. Global communication networks have quite advanced technological implementations but their behavior under stress still cannot be predicted reliably.…There is no science today that offers the fundamental knowledge necessary to design large complex networks [so] that their behaviors can be predicted prior to building them.” Network Science, a report from the National Research Council.
National Priorities
The scope and focus of NIST's work in Trustworthy Networks guided by specific identified national priorities and goals, including
The National Cybersecurity Strategy and Implementation Plan
- Invest in a Resilient Future - Reducing systemic technical vulnerabilities in the foundation of the Internet and across the digital ecosystem while making it more resilient against transnational digital repression.
- We must take steps to mitigate the most urgent of these pervasive concerns such as Border Gateway Protocol vulnerabilities, unencrypted Domain Name System requests, and the slow adoption of IPv6.
- The Federal Government will lead by ensuring that its networks have implemented these and other security measures while partnering with stakeholders to develop and drive adoption of solutions that will improve the security of the Internet ecosystem and support research to understand and address reasons for slow adoption.
- The National Strategy to Secure 5G and Implementation Plan goals to:
- facilitate the rollout of 5G domestically;
- assess the cybersecurity risks to and identify core security principles of 5G capabilities and infrastructure;
- address risks to United States economic and national security during development and deployment of 5G infrastructure worldwide;
- and promote responsible global development and deployment of secure and reliable 5G infrastructure.
The Federal Cybersecurity Research and Development Strategic Plan priorities to:
- Develop means to establish and manage trust. ...Such trust establishment includes ensuring the security of the technical foundations of the internet.
- Develop Trust Models for Management of Identity, Access, and
Interoperation. - Develop Solutions to Sustain Trustworthy Information Ecosystems .
- Advance Science of Cyber Resilience.
The National Standards Strategy for Critical and Emerging Technologies priorities to:
- Support the development of standards that address risk, security, and resilience.
- The U.S. Government is uniquely suited to lead standards development on topics of national security.
- Improve communications between public and private sectors on standards.
- …. expand communication with the private sector, including through strategic partnerships, information sharing arrangements, and other cooperative efforts between U.S. Government agencies and private sector standards stakeholders, including SDOs, industry associations, civil society, and others that participate in international standards activities.
- Enhance U.S. Government and like-minded nations’ representation and influence in international standards governance and leadership.
- … U.S. Government and like-minded nations’ participation and leadership in specific technology areas where it has significant national interest as defined above, and where the government can fill representational gaps, particularly in early-stage technology and related policy development.
- Support the development of standards that address risk, security, and resilience.
- The Roadmap to Enhancing Internet Routing Security priorities to:
- Identify needed research and development.
-
- Standards and Technology Development. NIST should continue to lead and coordinate
USG efforts to research, standardize, and foster commercialization of BGP security and
resilience mechanisms to address remaining BGP vulnerabilities, including malicious
BGP path manipulations, route leak mitigation, and peering authentication. NIST should
also continue to develop monitoring and measurement tools to assess the progress and
correctness of the global deployment of these additional mechanisms. - Metrics and Progress reporting ..... establish a reporting mechanism for
measuring Federal agency adoption of ROA, monitoring progress, and conducting
analytics, where appropriate. - Guidance to the Federal Enterprise ... establish guidance for Federal departments and agencies to implement ROAs in a timely manner, aligned with agency risk assessments.
- Standards and Technology Development. NIST should continue to lead and coordinate
The Need for NIST:
NIST's goals in this program are to improve the security, resilience and performance of the communication infrastructures that underlie our network-centric society. Our work cultivates trust in current and emerging network technologies by developing and applying innovative measurement techniques, improving the quality and timeliness of consensus standards, and providing tools and guidance necessary to expedite adoption of emerging network technologies.
- Advance Network and Security Metrology – with emphasis on innovating and applying advanced measurement science to critical network infrastructure and systems.
- Foster Trustworthy Network Technology – work with industry to improve the quality and timeliness of emerging standards for, and foster adoption of, trustworthy network technologies.
- Expedite Adoption of Advanced Network Technology - work with industry and government partners to develop deployment guidance, technology demonstrations, and provide subject matter expertise to other agencies developing plans for Federal deployment.
NIST Roles:
- NIST is actively involved in numerous technical areas focused on improving the security, robustness and performance of core network infrastructures and services.
- Our work spans the entire technology life cycle:
- problem identification and characterization,
- pre-standards research and development to identify potential solutions,
- consensus standards development,
- development of test tools and prototypes to foster commercialization of emerging standards,
- development of guidance documents to foster adoption plans,
- promulgation (workshops, etc..) of emerging standards with industry and federal user groups,
- development of measurement tools to monitor the state of adoption,
- demonstrations and practice guides to demonstrate the viability of commercial solutions,
- development of corresponding security controls to guide risk mitigation in Federal systems.
- provide subject matter expertise to Federal partners developing technology adoptions plans.
- The NIST contributions from these activities range from research publications, standards specifications, software tools and prototypes, guidance documents, workshops and pilot demonstrations, practice guides and security controls and baselines. See the project web pages below for further details.
-
- Individual projects from this program have won numerous awards for their impact on the research, standardization,commercialization and deployment of technologies to improve the security and resilience of public network infrastructure and USG networks. Awards include 4 Department of Commerce Gold Medals, a Federal 100 Award, recognition in the Internet IPv6 Hall of Fame, and numerous NIST internal awards for publications, standards contributions, and Impact with external state holders.
NIST Trustworthy Networks Projects:
Current project areas and select recent contributions in this program include:
- The Advanced Security Architectures for Next Generation Wireless project works with mobile wireless, internet and virtual computing industry to improve the security and resilience of emerging designs for 56 / 6G core networks and radio access networks (RANs).
- The Robust Inter-Domain Routing project includes collaborative research with leading Internet companies to design and standardize technologies to improve the resilience and security of the Internet’s global routing system.
- The Zero Trust Networks project seeks to define the basic principles of zero trust architectures and to develop standards and guidance for their implementation in modern enterprise environments and in the core infrastructure of next generation wireless networks.
- The Trustworthy Intelligent Networks project works with industry and academia to improve the trustworthiness and applicability of artificial intelligence and machine learning technologies to future networks and distributed systems.
- The High Assurance Domains project works with the IETF, Messaging Malware Mobile and Anti-Abuse Working Group (MAAWG), Department of Defense and the Federal CIO Council to research and develop new technologies to address key trust and security issues in enterprise networks.
- The Software Defined and Virtual Networks project works to develop test and measurement techniques to advance the state of the art in network virtualization, network service function chaining, software defined networks, technologies and techniques to address robustness and security of virtualized network services.
- The Trustworthy Network of Things project works with industry to design, standardize, test and foster adoption of network-centric approaches to protect IoT devices from the Internet and to protect the Internet from IoT devices.
- The USGv6 Program works with the IETF and Federal CIO community to provide technical leadership in standards profiles, product testing programs, and deployment guidance to foster the global transition to the next generation Internet Protocol (IPv6).
- The Measurement Science for Complex Information Systems project aims to develop and evaluate a coherent set of methods to understand behavior in complex information systems, such as the Internet, computational grids and computing clouds.
Please see individuals project descriptions for complete lists of contributions including research publications, standards specifications, software tools, guidance documents, workshops, etc.
The section below lists selected recent technical contributions in Trustworthy Networks Research.
Robust Inter Domain Routing
| Product | Reference |
|---|---|
| Presentation, Invited | Montgomery D., The Role of Standardization, NSF Workshop: Towards Re-architecting Todays Internet for Survivability, Northwestern University, November 2023.
|
| Conference Publication | Hoeger N., Rodday N., Borchert O., Dreo Rodosek G., Path Plausibility Algorithms in GoBGP, 19th International Conference on Network and Service Management (CNSM), Niagra Falls, Canada, October 2023.
|
| Presentation | Sriram K., Azimov A., Bogomazov E., Bush R., Patel K., Snijders J., ASPA-based BGP AS_PATH Verification and Route Leaks Solution, NANOG 89, San Diego, CA, October 2023.
|
| Standards Specification | Sriram K., Lubashev I., Montgomery D., Source Address Validation Using BGP UPDATEs, ASPA, and ROA (BAR-SAV), IETF Internet Draft (Standards Track, SIDROPS Working Group), September 2023.
|
| Standards Specification | Azimov A., Bogomazov E., Bush R., Patel K., Snijders J., Sriram K., BGP AS_PATH Verification Based on Autonomous System Provider Authorization (ASPA) Objects, IETF Internet Draft, August 2023.
|
| Standards Specification | Wu J., Li D., Liu L., Huang M., Sriram K., Source Address Validation in Inter-domain Networks Gap Analysis, Problem Statement, and Requirements, IETF Internet Draft, August 2023.
|
| Presentation, Invited | Sriram K., ASPA-based BGP AS_PATH Verification and BAR-SAV for Mitigation of IP Address Spoofing, Internet2 Webinar, August 2023.
|
| Presentation, Invited | Montgomery D., NIST Efforts to Accelerate Standardization and Support Adoption of BGP Security Technologies, Federal Communications Commission Border Gateway Protocol Security Workshop, July 2023.
|
| Presentation, Invited | Montgomery D., BGP Security Level Set Problem Space and Emerging Solutions, Federal Communications Commission Border Gateway Protocol Security Workshop, July 2023.
|
| Presentation | Bruijnzeels T., Borchert O., Ma D., de Kock T., Human Readable ASPA Notation, IETF 117 Conference, SIDROPS Working Group, San Francisco, July 2023.
|
| Presentation | Bruijnzeels T., Borchert O., Ma D., de Kock T., Human Readable Validate ROA Payload Notation, IETF 117 - SIDROPS Working Group, San Francisco, July 2023.
|
| Standards Specification | Sriram K., Montgomery D., AS Hijack Detection and Mitigation, IETF Internet Draft (Standards Track, SIDROPS Working Group), July 2023. |
| Standards Contribution | Sriram K., Azimov A., Bogomazov E., Bush R., Patel K., Snijders J., Update on BGP AS_PATH Verification Based on ASPA Objects, SIDROPS WG Meeting, IETF 117, San Francisco, CA, July 2023.
|
| Panel Session, Invited | Montgomery D., et. al., Working with Governments to Progress Routing Security, Internet Society Routing Security Summit 2023, July 2023.
|
| Standards Specification | Bruijnzeels T., de Kock T., Borchert O., Ma D., Human Readable Validate ROA Payload Notation, IETF SIDROPS Working Group, July 2023.
|
| Presentation, Invited | Sriram K., An Overview of ASPA-based BGP AS_PATH Verification, Routing Security Workshop hosted by Amazon, Seattle, WA, June 2023. |
| Workshop, Invited | Sriram K., Montgomery D., Amazon Internet Routing Security Roundtable, Invitation only workshop before NANOG 88., June 2023. |
| Standards Specification | Borchert O., T.Bruijnzeels, D.Ma, de Kock T., Human Readable ASPA Notation, IETF SIDROPS Working Group, May 2023.
|
| Standards Contribution | Sriram K., Azimov A., Bogomazov E., Bush R., Patel K., Snijders J., ASPA-based AS Path Verification Draft Update, SIDROPS WG Meeting, IETF 116, Yokohama, Japan, March 2023.
|
| Presentation, Invited | Montgomery D., Cannon R., Practical BGP Security with RPKI - Problem Space, Emerging Solutions, USG Call to Action, Invited presentation to Office of the Director of National Intelligence (ODNI) Team Telecom work group, March 2023.
|
| Presentation, Invited | Sriram K., ASPA, BAR-SAV, and IETF Standards, Invited seminar/guest lecture to a graduate student class, University of Connecticut, Storrs, CT, February 2023.
|
| Workshop, Invited | Montgomery D., et al., Workshop: Securing the Public Key Infrastructure, Princeton Center for Information Technology Policy, December 2022. |
| Standards Contribution | Sriram K., Lubashev I., Montgomery D., Lowering Improper Block and Improper Admit for SAV The BAR-SAV Approach, SAVNET WG, Proceedings of the IETF 115, London, UK, November 2022., November 2022.
|
| Standards Contribution | Sriram K., Lubashev I., Montgomery D., An Update on Source Address Validation Using BGP Updates, ASPA, and ROA (BAR-SAV), SIDROPS WG, Proceedings of the IETF 115, London, UK, November 2022., November 2022.
|
| Standards Contribution | Sriram et al. K., Update on the ASPA-based AS Path Verification Draft, SIDROPS WG, Proceedings of the IETF 115, London, UK, November 2022., November 2022.
|
| Standards Contribution | Kumari W., Sriram K., Hannachi L., Haas J., Deprecation of AS_SET in BGP, IDR WG, Proceedings of the IETF 115, London, UK, November 2022., November 2022.
|
| Report | Montgomery D., et. al. members of BITAG Technical Working Group on Routing Security, The Security of the Internets Routing Infrastructure: A Broadband Internet Technical Advisory Group Technical Working Group Report, Security of the InteBroadband Internet Technical Advisory Group Technical Working Group Report., November 2022.
|
| Standards Specification | Gilad Y., Goldberg S., Sriram K., Snijders J., Maddison B., The Use of Maxlength in the RPKI, IETF Request for Comments, RFC-9319 / BCP 185, October 2022.
|
| Standards Specification | Sriram K., Design Discussion of Route Leaks Solution Methods, IETF Internet Draft (Informational), September 2022. |
| Standards Specification | Heitz J., Sriram K., Dickson B., Heasley J., BGP Well Known Large Community, IETF Internet Draft, September 2022.
|
| Standards Specification | Kumari W., Sriram K., Hannachi L., Haas J., Deprecation of AS_SET and AS_CONFED_SET in BGP, IETF Internet Draft (IDR Working Group), September 2022.
|
| Standards Contribution | Sriram K., Lubashev I., Montgomery D., Source Address Validation Using BGP UPDATEs, ASPA, and ROA (BAR-SAV), IETF SIDROPS WG Meeting, Proceedings of the IETF 114, July 2022.
|
| Standards Contribution | Sriram K., Lubashev I., Montgomery D., Source Address Validation Using BGP UPDATEs, ASPA, and ROA (BAR-SAV), IETF SAVNET WG Meeting, Proceedings of the IETF 114, July 2022.
|
| Proposal | Montgomery D., Rose S., Sriram K., Borchert O., Santay D., Trustworthy Networks Research, CTL FY2023 Project Plan, July 2022. |
| Standards Specification | Azimov A., Bogomazov E., Bush R., Patel K., Sriram K., Route Leak Prevention and Detection using Roles in UPDATE and OPEN Messages, IETF Request for Comments (RFC-9234), May 2022.
|
| Standards Specification | Sriram K., Azimov A., Methods for Detection and Mitigation of BGP Route Leaks, IETF Internet-Draft (Standards Track, IDR Working Group), April 2022.
|
| Standards Contribution | Sriram K., ASPA Verification Procedures: Enhancements and RS Considerations, IETF 113 SIDROPS WG Meeting, March 2022.
|
| Software | Borchert O., Hannachi L., Lee K., Sriram K., Montgomery D., BGP Secure Routing Extension (BGP-SRx) Suite 6.2 - BGP-SRx - Test Framework Generator for ASPA, NIST Open Source Reference Implementation, March 2022. |
| Presentation | Borchert O., Lee K., Sriram K., Montgomery D., Gleichmann P., Adalier M., BGP Secure Routing Extension: Reference Implementation and Test Tools for Emerging BGP Security Standards, Security Research Review seminar, January 2022. |
Collaborators = ARIN, AT&T, Akamai, Akamai Technologies, Arrcus, Boston University, CableLabs, Charter Communications, Cisco, Cloudflare, Comcast, Fastley, Fastly, Federal Communications Commission, George Washington University, Georgia Tech University, GoDaddy, Google, Hebrew University of Jerusalem, Huawei, IIJ, ISOC, Internet Initiative Japan, Internet Neutral Exchange Association (INEX), Internet Society, Internet2, Juniper Networks, Kentik, Lumen, NCTA, NIST, NLnet Labs, NTIA, NTT, Netscout, Princeton University, Qrator Labs, RIPE NCC, Research institute CODE, SkyUK, Tsinghua University, Universitaet der Bundeswehr Muenchen, University of Chicago, University of Connecticut, University of Kentucky, University of Twente, Yandex, ZDNS, Zhongguancun Laboratory
Zero Trust Networks
| Product | Reference |
|---|---|
| NIST Publication | Borchert O., Kerman A., Rose S., Souppaya M., et. al., Implementing a Zero Trust Architecture - NIST Special Publication 1800-35D, NCCoE - Preliminary Draft, August 2023.
|
| NIST Publication | Borchert O., Howell G., Kerman A., Rose S., Souppaya M., et. al., Implementing a Zero Trust Architecture - NIST Special Publication 1800-35B, Preliminary Draft, July 2023.
|
| Panel Session | Rose S., Resnick R., Connelly S., Dept. of State Cybersecurity Fireside Chat, Department of State Cybersecurity Training Series, July 2023.
|
| Presentation | Rose S., Kerman A., Symington S., NIST NCCoE: ZT Architecture and Demonstration Briefing, Federal Interagency Zero Trust Exchange, March 2023. |
| Presentation, Invited | Rose S., Borchert O., Zero Trust Archtecture, ATIS TOPS Enhanced Zero Trust and 5G Meeting Series, February 2023. |
| Presentation | Rose S., Blue Cyber Event Tuesdays - Ask Me Anything Zero Trust for Small Businesses, DoD SBBIR Blue Cyber Event Series, January 2023. |
| Presentation | Rose S., Zero Trust and FinTech, IP Services Technical Webinar Series, November 2022. |
| Panel Session | Rose S., Hills C., Brodbent J., Cruz Cain M., Meeting Mandates with Identity Driven Zero Trust, Carasoft/BeyondTrust webinar panel, September 2022. |
| Presentation | Kerman A., Rose S., Inside the Making of a Zero Trust Architecture, RSA Conference 2022, June 2022. |
| Panel Session, Invited | Borchert O., Overcoming Identity Challenges to Meet the Federal Governments Zero Trust Memo, ATARC - Round Table Discussion, May 2022. |
| NIST Publication | Rose S., Planning for a Zero Trust Architecture: A Guide for Federal Administrators, Cybersecurity White Paper, National Institute of Standards and Technology (Gaithersburg MD)., May 2022. |
| Presentation | Rose S., Demystifying Zero Trust, Air Force SBIR/STTR CISO Weekly Ask Me Anything Seminar Series, January 2022. |
Collaborators = Amazon Web Services, Appgate, Broadcom Software, Cisco Systems, DHS CISA, DigiCert, F5, Forescout, Google Cloud, IBM, Ivanti, Lookout, MITRE, Mandiant, Microsoft, Okta, PC Matic, Palo Alto Networks, Ping Identity, Radiant Logic, SailPoint, Tenable, Trellix, US Department of Defense, VMware, Zimperium, Zscaler
Advanced Security Architectures for NextGen Wireless
| Product | Reference |
|---|---|
| Proposal | Rose S., et_al., Zero Trust Architecture (ZTA) for O-RAN, WG11-2023-08 Work Item Description, January 2024.
|
| Standards Contribution | Borchert O., Rose S., NIST-2023.09.26-WG11-CR0003-SecReqSpec-Drafting-Rule-Adjustment, O-RAN Change Request, September 2023. |
| Standards Contribution | Borchert O., Rose S., NIST-2023.09.26-WG11-CR0002-SecRecSpec-O1-Interface-Modification, O-RAN Change Request, September 2023. |
| Standards Contribution | Rose S., NIST-2023.09.22-WG11-CR-0001-AIRMF, O-RAN Change Request, September 2023. |
| Report | Montgomery D., et. al. other members of CSRIC 8 Working Group 3, Recommendations on the Role of the FCC in Promoting the Availability of Standards for More Secure, Reliable 5G Environment Through the Use of Virtualization Technology, Communications Security, Reliability, and Interoperability Council VIII, June 2023. |
| Report | Montgomery D., et. al. members of CSRIC 8 Working Group 3, Report on How Virtualization Technology Can Be Used to Promote 5G Security and Reliability, Communications Security, Reliability, and Interoperability Council VIII, December 2022.
|
Collaborators = ANDRO Computational Solutions, AT&T, Altiostar Networks, CTIA, Cisco, Comtech Telecommunications Corp., Cox Communications, Cybersecurity and Infrastructure Security Agency (CISA ECD), Dell, Dell Technologies, Deutsche Telekom, Ericsson, FCC, FirstNet, Hewlett Packard Enterprise, Intel Corporation, LLC, MITRE, Mavenir, Microsoft Corporation, Motorola Solutions, NTIA, National Security Agency (NSA), Nokia, Palo Alto Networks, Qualcomm Incorporated, Rakuten, Rural Wireless Association, T-Mobile USA, Verizon
Trustworthy Networks of Things
| Product | Reference |
|---|---|
| Standards Specification | Lear E., Rose S., A YANG Data Model for Reporting Software Bills of Materials (SBOMs) and Vulnerability Information, IETF RFC 9472, October 2023.
|
| Software | Singh M., Montgomery D., Formal Models Of IoT Onboarding Protocols, Software Repository, January 2022. |
Collaborators = Cisco Systems
High Assurance Domains
| Product | Reference |
|---|---|
| Journal Publication | Wang Z., Use of Supervised Machine Learning to Detect Abuse of COVID-19 Related Domain Names, Computers and Electrical Engineering, Volume 100, May 2022. |
| Journal Publication | Wang Z., Guo Y., Montgomery D., Machine Learning-Based Algorithmically Generated Domain Detection, Computers and Electrical Engineering, Volume 100, May 2022. |
USGv6 Program
| Product | Reference |
|---|---|
| Presentation, Invited | Montgomery D., USGv6 Program: Facilitating the Transition to IPv6-Only Networks, The IEEE International Conference on Artificial Intelligence, Blockchain, and Internet of Things, September 2023.
|
| Presentation, Invited | Montgomery D., USG IPv6 Initiative: Completing the Transition to IPv6-only Networks, CyberOZ 2023: Engineering the Future of Cybersecurity, IPv6 and AI Workshop, September 2023. |
| Presentation, Invited | Montgomery D., USGv6 Program Facilitating the Transition to IPv6-Only Networks, IPv6 Federal Forum, June 2023. |
| Presentation, Invited | Montgomery D., USG IPv6 Initiative: Completing the Transition to IPv6-Only Networks, Presented to the G7 Digital Technical Standards Working Group Meeting, June 2022. |
| Presentation, Invited | Montgomery D., USG IPv6 Initiative: Completing the Transition to IPv6-Only Networks, Presented to the 2022 N-Wave Stakeholders and Science Engagement Summit, March 2022. |