View from Arch Street

The National Institute of Standards and Technology (NIST) Cybersecurity Center of Excellence (NCCoE) is proposing a model use case project to enhance the energy sector’s asset management capabilities for operational technology (OT).  Arch Street is currently a member of the NCCoE Energy Sector Community of Interest that provides guidance to NCCoE on energy sector cybersecurity challenges.

The objective of this use case is to provide guidance on how energy companies may enhance OT (Operational Technology)/ICS (Industrial Controls System) asset management by leveraging capabilities that may already exist in an operating environment or by implementing new ones.

The new NIST project will include the development of a reference design and use commercially available technologies to develop an example solution that will help energy organizations address the security challenges of OT asset management.

This project will describe methods for managing, monitoring, and baselining assets and will also include information to help identify threats to OT assets. It will result in a publicly available NIST Cybersecurity Practice Guide, a detailed implementation guide of the practical steps required to implement a cybersecurity reference design that addresses this challenge.

Technology vendors are encouraged to provide products and technical expertise to NIST via a CRADA to support and demonstrate security platforms for the Energy Sector Asset Management Project.  Applications are open on a first-come, first-served basis.  For more information see the announcement in the Federal Register released today, March 26, 2018.

After a long saga, the FY 2018 Omnibus Appropriations is out.

For full text of the various sections see the Consolidated Appropriations Act, 2018

One area of interest for Arch Street is funding for cybersecurity R&D and technology transfer activities in the Department of Homeland Security Science and Technology Directorate.  Earlier budgets had proposed major cuts to these programs but at first glance, funding has been boosted and language prioritizing technology transfer and partnership intermediaries included.

More to come.

Full text of the DHS S&T appropriations (pdf)

        

Arch Street is pleased to work with IgniteU-NY, a partnership intermediary of Department of Homeland Security (DHS) Science and Technology Directorate (S&T).  In this role we help S&T bring leading-edge technologies flowing from government and university laboratories to the commercial marketplace — to better protect the critical infrastructure of the United States such as the energy grid, water systems and transportation networks.

That is why Arch Street is excited to see that DHS has released two new guides focused on transitioning mature cybersecurity solutions and spurring community discussion about its R&D priorities.

The two publications are the 2018 Cyber Security Division Portfolio Guide and the 2018 Cyber Security Division Technology Guide. These informational guides outline the scope of the S&T’s broad cybersecurity research portfolio and provide insight into numerous R&D efforts that are at or nearing the transition phase, respectively. Each is available for free download from the S&T website.

The Office of Management and Budget (OMB) initially developed the Grants 101 Training for federal government employees, but now these eLearning materials are available free to the public.

This grants training is comprised of five modules, most of which contain multiple online lessons:

1 Laws, Regulations, and Guidance

2 Financial Assistance Mechanisms

3 Uniform Guidance Administrative Requirements

4 Cost Principles

5 Risk Management and Single Audit

See: blog.grants.gov/2018/02/01/omb-publishes-free-online-grants-management-training/

 

This workshop at the National Cybersecurity Center of Excellence in Rockville, MD is open to the public and will center on a draft report about actions to address automated and distributed threats to the digital ecosystem as part of the activity directed by Executive Order 13800, “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.”

See: Enhancing Resilience of the Internet and Communications Ecosystem (Second Workshop) | NCCoE

The Crypto-Wars 2.0 erupted  a few years ago as fall-out from the Snowden revelations and major industry players such as Apple and Google rushed out new encryption technologies for their customers.  In the interim, use of an encrypted iPhone by the attacker in the San Bernandino terrorist incident alarmed many law enforcement and intelligence officials to the  “going dark”  problem — the loss of ability to intercept criminal and terrorist communications —  with the FBI making a very public push for exceptions or technological back-doors.  Industry and civil liberties groups made an equally strong and strident push back on such exceptions citing impracticality, unintended consequences, greater insecurity, fundamental legal objections, economic loss and wide-scale privacy violations.

A new report by the National Academy of Sciences, Engineering and Medicine attempts to lower the heat on the crypto wars by reviewing the available (and often very difficult) policy options and discussing the tough tradeoffs associated with each.  The report does not make a hard and fast judgement as to whether to grant law enforcement access to encrypted, private information.  Rather it concludes with a framework that the authors hope will guide discussion among the public and policymakers.

Ten tech transitions in one single year.  In tech transfer circles, that’s nearly unheard of.

https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Farchstreetllc%2Fposts%2F1973746292874423&width=500

The federal government has invested significant resources in fundamental, early-stage research in cybersecurity — especially in the computer, information science and engineering (CISE) fields.  However this research has limited impact on securing the nation’s critical rail, energy and transportation sectors if it doesn’t find it’s way into the private sector for capital investment and commercialization.  That’s why the DHS Transition to Practice Program (TTP) was established — to take existing leading-edge research & concepts from the national labs, university labs and defense institutes and transition them into the marketplace.

Arch Street has been pleased to work with IgniteU-NY who is a partner with the TTP program to bring more federally funded cybersecurity technologies into the marketplace.  The results for TTP in 2017 alone have been remarkable.  It is extremely hard to get a ahead of the curve in the cybersecurity.  Existing technologies are often “fighting the last war” unable to evolve or adapt to the ever-evolving threat landscape.  That’s why to really make progress in protecting the nation’s critical infrastructure from cyber threats, rapid movement from the laboratory to the private sector will be vital.

More info see:

Snapshot: S&T Transition to Practice Program Moved 10 Technologies to Marketplace in FY17