Search Publications

Displaying 276 - 300 of 2846

IoT Device Cybersecurity Guidance for the Federal Government: IoT Device Cybersecurity Requirement Catalog

November 29, 2021

Author(s)

Katerina N. Megas, Michael Fagan, Jeffrey Marron, Kevin Gerard Brady, Barbara Bell Cuthill, Rebecca Herold, David Lemire, Noel Hoehn

This publication provides a catalog of internet of things (IoT) device cybersecurity capabilities (i.e., features and functions needed from a device to support security controls) and non-technical supporting capabilities (i.e., actions and support needed

Security for IEEE P1451.0-Based IoT Sensor Networks

November 13, 2021

Author(s)

Eugene Song, Kang B. Lee, Ke Zhou, Jun Wu

The challenges of the Internet of Things (IoT) sensor networks include connectivity, interoperability, security, and privacy. The Institute of Electrical and Electronics Engineers (IEEE) P1451.0 standard is being revised based on these challenges and

Identifying and Estimating Cybersecurity Risk for Enterprise Risk Management

November 12, 2021

Author(s)

Kevin Stine, Stephen Quinn, Nahla Ivy, Matthew Barrett, Greg Witte, Larry Feldman, Robert Gardner

This document supplements NIST Interagency or Internal Report 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM), by providing additional detail regarding risk guidance, identification, and analysis. This report offers examples and

User Perceptions & Preferences for Smart Home Device Updates

November 5, 2021

Author(s)

Susanne M. Furman, Julie Haney

IoT smart home updates are a critical mechanism by which manufacturers can remediate security vulnerabilities and one of the few tools users have to secure their devices. Yet, security professionals view difficulties in patching IoT devices as a major

Privacy-enhancing cryptography to complement differential privacy

November 3, 2021

Author(s)

Luis Brandao, Rene Peralta

In this post, we illustrate how various techniques from privacy-enhancing cryptography, coupled with differential privacy protection, can be used to protect data privacy while enabling data utility. Of notable interest is the setting where there are

Parenting Digital Natives in a Tech World: Research Findings of Children's and Parents' Password Knowledge & Practices

October 25, 2021

Author(s)

Yee-Yin Choong

n/a

Security Auditing of Internet of Things Devices in a Smart Home

October 15, 2021

Author(s)

Suryadipta Mazumdar, Daniel Bostos, Anoop Singhal

Attacks on the Internet of Things are increasing. Unfortunately, transparency and accountability that are paramount to securing Internet of Things devices are either missing or implemented in a questionable manner. Security auditing is a promising solution

Encryption is Futile: Reconstructing 3D-Printed Models using the Power Side-Channel

October 6, 2021

Author(s)

Jacob Gatlin, Sofia Belikovetsky, Yuval Elovici, Anthony Skjellum, Joshua Lubell, Paul Witherell, Mark Yampolskiy

Outsourced Additive Manufacturing (AM) exposes sensitive design data to external malicious actors. Even with end-to-end encryption between the design owner and 3D-printer, side-channel attacks can be used to bypass cyber-security measures and obtain the

Benefits of an Updated Mapping between the NIST Cybersecurity Framework and the NERC Critical Infrastructure Protection Standards

September 29, 2021

Author(s)

Jeffrey Marron, Avi Gopstein, Daniel Bogle

This white paper highlights a recent mapping effort between the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standards and the NIST Cybersecurity Framework. Mappings of these two frameworks have been

Model-Based Risk Analysis Approach for Network Vulnerability and Security of the Critical Railway Infrastructure

September 29, 2021

Author(s)

Himanshu Neema, Leqiang Wang, CheeYee Tang, Keith A. Stouffer, Xenofon Koutsoukos

This study focuses on threat modeling, vulnerability analysis, and risk management within the critical railway transportation infrastructure. The Railway Transportation System is a highly complex, national critical infrastructure and its cybersecurity

2020 Cybersecurity and Privacy Annual Report

September 28, 2021

Author(s)

Patrick D. O'Reilly, Kristina Rigopoulos, Larry Feldman, Greg Witte

During Fiscal Year 2020 (FY 2020), from October 1, 2019 through September 30, 2020, the NIST Information Technology Laboratory (ITL) Cybersecurity and Privacy Program successfully responded to numerous challenges and opportunities in security and privacy

Classifying Memory Bugs Using Bugs Framework Approach

September 9, 2021

Author(s)

Irena Bojanova, Carlos Galhardo

In this work, we present an orthogonal classification of memory corruption bugs, allowing precise structured descriptions of related software vulnerabilities. The Common Weakness Enumeration (CWE) is a well-known and used list of software weaknesses

Summary Report for the Virtual Workshop Addressing Public Comment on NIST Cybersecurity for IoT Guidance

September 9, 2021

Author(s)

Michael Fagan, Katerina N. Megas, David Lemire

This report summarizes the feedback received on the work of the NIST Cybersecurity for IoT program on device cybersecurity at a virtual workshop conducted April 22, 2021. NIST conducted the "Workshop Addressing Public Comment on NIST Cybersecurity for IoT