A Public-Private Partnership Takes on Real-World Cybersecurity IssuesDecember 2015
Topics: Cybersecurity, Computer Security, Information Security Risk Management, Information Privacy, Homeland Security
Remember the 1999 comedy, Office Space? The movie centers on Peter Gibbons, a frustrated computer programmer and his team of misfit coworkers, unhappy with their jobs at Initech, a fictional software company. Together, they conspire to plant a computer virus in the company's accounting system to embezzle money into a personal bank account.
Although the film's premise makes for a funny Hollywood tale, the recent string of cyber attacks on government agencies, big-name corporations, and small businesses is no laughing matter in real life. The hacks affect our economy, our private information, and our domestic security. Maybe that's why cyber-themed movies these days are thrillers, not comedies.
Given the scale of the cybersecurity problem, no company or organization will solve these challenges on its own. Fortunately, a significant effort is now underway to address the common cybersecurity challenges that cross industries and sectors. MITRE provides technical expertise and operational support to a leading player in this effort, the National Cybersecurity Center of Excellence (NCCoE).
Founded by the National Institute of Standards and Technology, or NIST, in 2012, the NCCoE was formed to accelerate the adoption of secure technologies that address complex, real-world business needs. With last year's founding of the National Cybersecurity FFRDC, operated by MITRE and sponsored by NIST, another key piece of the puzzle fell into place. MITRE's FFRDC works closely with the NCCoE to help businesses secure their critical data and infrastructures by fostering public-private collaborations to identify and solve cybersecurity threats.
The NCCoE's goal isn't to find one-off solutions to small problems. And it's not about government telling people what to do, even though the government has a big stake in finding the right approaches.
Instead, it's about providing a way for entire sectors—such as healthcare IT, finance, energy, and transportation—to contribute to the evolving conversation about cyber-related standards, tools, and practices. Companies ranging from Akamai, HP, and Microsoft to Cisco, Intel Security, and FireEye have already pledged their support to the initiative.
Tailoring Cyber Solutions to Specific Needs
With such a multifaceted challenge, the NCCoE must take a multifaceted approach. Among other things, the center provides unbiased laboratories for designing example solutions, develops use cases to address issues unique to a business sector, and creates building blocks that tackle cross-sector challenges, such as asset management or access control.
The NCCoE practice guides include information and instruction that businesses can use to enhance their cybersecurity themselves. Recent guides include cyber challenges related to securing medical records on mobile devices, electric utility companies, and attribute based access control, a new method for managing access rights for people and systems connecting to networks. These guides serve as examples that can be adapted and customized to the organization's environment.
"We know secure solutions are difficult," says Brian Barrios, portfolio director for the National Cybersecurity FFRDC. “The idea is to try to understand the reasons why by exploring issues in specific industry sectors, working with the vendor community to solve them, and then scaling the solutions to provide tangible solutions."
Along with the labs, use cases, and practice guides, MITRE also focuses on another key factor in the quest for better cybersecurity: People.
"There's an incredible demand for real-world cyber solutions and qualified cybersecurity talent," says Zach Furness, acting technical director of the National Cybersecurity FFRDC.
MITRE has long hosted interns who focus on cybersecurity to work in our Bedford, Mass., and McLean, Va., offices. This past summer, MITRE selected four college interns to work side by side with researchers, technology vendors, and academics in the NCCoE labs in Rockville, Md. (For more on the interns and their work, see "Building the Next Generation of Cybersecurity Leaders," below.)
Developing a United Front Against Cyber Threats
The potential impact of the groundbreaking sector-specific research, use cases, building blocks, and resulting practice guides—created by the NCCoE with MITRE's help—could greatly aid in developing standardized cyber solutions used in the real world.
The NCCoE enhances trust in IT communications, data, and storage systems in the United States. The center also lowers risk for companies and individuals that use IT systems and encourages development of innovative, job-creating cybersecurity products and services.
In that case, maybe fact is better than fiction after all.
—by Victoria Ozokwelu