Year: 2023

NIST has published NIST Internal Report (IR) 8450, Overview and Considerations of Access Control Based on Attribute Encryption. Access control based on attribute encryption addresses an issue with traditional public-key encryption (PKE) wherein keys need to dynamically change whenever access policies and/or attributes change, which could cause inefficient system performance.

Access control based on attribute encryption supports fine-grained access control for encrypted data and is a cryptographic scheme that goes beyond the all-or-nothing approach of public-key encryption. This document reviews the interplay between cryptography and the access control of attribute-based encryption, including the fundamental theories on which the scheme is based; the various main algorithms of IBE, CP-ABE, and KP-ABE; and considerations for deploying access control systems based on encryption.

Read More

Background: NIST Special Publication (SP) 800-66

Healthcare organizations face many challenges from cybersecurity threats. This can have serious impacts on the security of patient data, the quality of patient care, and even the organization’s financial status. Healthcare organizations also must comply with regulatory requirements, such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule, which focuses on safeguarding the electronic protected health information (ePHI) held or maintained by HIPAA covered entities and business associates (collectively, ‘regulated entities’).

Draft NIST Special Publication (SP) 800-66 Revision 2 provides practical guidance and resources that can be used by regulated entities of all sizes to safeguard ePHI. To that end, Draft NIST SP 800-66 Revision 2 aims to help organizations improve their overall cybersecurity posture, while also complying with the Security Rule. 

Read the Blog!

Microsoft 365 Business Premium Crash Course for Nonprofits Get the e-book Microsoft 365 Business Premium is an integrated solution for small and mid-sized nonprofits that brings together Outlook email, Office desktop applications, OneDrive cloud storage, Teams for digital collaboration, as well as simple device management and advanced security features. Help your nonprofit improve cybersecurity, reduce costs, and empower staff and volunteers to work from anywhere. Download the e-book, Crash Course in Microsoft 365 Business Premium for Nonprofits, and learn how this integrated solution can help you focus on what matters most—your mission. Here are just a few of the topics we’ll cover: Be productive anywhere: Get work done and stay connected with your staff and constituents whether you’re working remotely or onsite. Secure your nonprofit: Safeguard data with a cloud platform that offers built-in security features for remote work. One cost-effective solution: Streamline collaboration tools, IT setup and management, and costs with a single productivity solution. Get started with the Microsoft 365 Business Premium grant For eligible nonprofits, Microsoft 365 Business Premium is free for up to 10 users and discounted pricing of $5.50 (USD) per user/month for additional users. To get started, register and confirm your organization’s eligibility. Already registered as a nonprofit? Login to your Microsoft Nonprofit page and access Admin Center. Watch our guided demo to help you get your free Microsoft 365 licenses. Regards, Microsoft Tech for Social Impact Team

Today, the United Kingdom’s National Cyber Security Centre (NCSC-UK), the United States’ Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI), New Zealand’s National Cyber Security Centre (NCSC-NZ), Canadian Centre for Cyber Security (CCCS), and the Australian Signals Directorate (ASD) published a joint Malware Analysis Report (MAR), on Infamous Chisel a new mobile malware targeting Android devices with capabilities to enable unauthorized access to compromised devices, scan files, monitor traffic, and periodically steal sensitive information. Infamous Chisel mobile malware has been used in a malware campaign targeting Android devices in use by the Ukrainian military.

Infamous Chisel is a collection of components targeting Android devices and is attributed to Sandworm, the Russian Main Intelligence Directorate’s (GRU’s) Main Centre for Special Technologies, GTsST. The malware’s capability includes network monitoring, traffic collection, network backdoor access via The Onion Router (Tor) and Secure Shell (SSH), network scanning and Secure Copy Protocol (SCP) file transfer. 

The authoring organizations urge users, network defenders, and stakeholders to review the malware analysis report for indicators of compromise (IOCs) and detection rules and signatures to determine system compromise. For more information about malware, see CISA’s Malware, Phishing, and Ransomware page. The joint MAR can also be read in full on the NCSC-UK website. Associated files relating to this report can also be accessed via the NCSC’s Malware Analysis Reports page. For more information on Russian state-sponsored cyber activity, please see CISA’s Russia Cyber Threat Overview and Advisories webpage.

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) released this Joint Cybersecurity Advisory  to disseminate QakBot infrastructure indicators of compromise (IOCs) identified through FBI investigations as of August 2023. On August 25, FBI and international partners executed a coordinated operation to disrupt QakBot infrastructure worldwide. Disruption operations targeting QakBot infrastructure resulted in the botnet takeover, which severed the connection between victim computers and QakBot command and control (C2) servers. The FBI is working closely with industry partners to share information about the malware to maximize detection, remediation, and prevention measures for network defenders.

CISA and FBI encourage organizations to implement the recommendations in the mitigations section of the advisory to reduce the likelihood of QakBot-related activity and promote identification of QakBot-facilitated ransomware and malware infections. Note: The disruption of QakBot infrastructure does not mitigate other previously installed malware or ransomware on victim computers. If potential compromise is detected, administrators should apply the incident response recommendations included in this advisory and report key findings to a local FBI Field Office or CISA at cisa.gov/report.

For a downloadable copy of IOCs, see: AA23-242A.stix.xml | AA23-242A.stix.json.

This advisory contains technical details, IOCs, mitigation recommendations, and is being provided to assist agencies and organizations in guarding against the persistent malicious actions of cybercriminals.

The initial public draft (ipd) of NIST Special Publication (SP) 800-204D, Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines, is now available for public comment.

Cloud-native applications are made up of multiple loosely coupled components called microservices. This class of applications is generally developed through an agile software development life cycle (SDLC) paradigm called DevSecOps, which uses flow processes called continuous integration/continuous delivery (CI/CD) pipelines. Analyses of recent software attacks and vulnerabilities have led both government and private-sector organizations to focus on the activities involved in the entire SDLC. The collection of these activities is called the software supply chain (SSC). The integrity of these individual operations contributes to the overall security of an SSC, and threats can arise from attack vectors unleashed by malicious actors as well as defects introduced when due diligence practices are not followed during the SDLC.

Executive Order (EO) 14028, NIST’s Secure Software Development Framework (SSDF), other government initiatives, and industry forums have addressed security assurance measures for SSCs to enhance the security of all deployed software. This document focuses on actionable measures to integrate the various building blocks of SSC security assurance into CI/CD pipelines to prepare organizations to address SSC security in the development and deployment of their cloud-native applications.

The public comment period is open through October 13, 2023. See the publication details for a copy of the draft and instructions for submitting comments.

NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.

Read More

NIST’s Crypto Publication Review Board announced the review of SP 800-38D, Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC (2007) in August 2021. In response, NIST received public comments.

NIST proposes revising SP 800-38D to address many of the technical and editorial suggestions in the public comments, such as the following:

• to remove support for authentication tags whose lengths are less than 96 bits,
• to clarify that the construction of initialization vectors (IVs) for GCM in the Transport Layer Security (TLS) 1.3 protocol is approved,
• to clarify the guidance in connection with the IV constructions, and
• to update the references.

Send comments on this decision proposal by October 9, 2023 to cryptopubreviewboard@nist.gov with “Comments on SP 800-38D decision proposal” in the subject line.

Comments received in response to this request will be posted on the Crypto Publication Review Project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed. See the project site for additional information about the review process.

Rationale

The Galois/Counter Mode specified in SP 800-38D continues to be an important, widely adopted technique for authenticated encryption. Its security depends strongly on the provision of IVs that are not repeated for distinct messages, as well as the length of the authentication tag. The planned changes to the publication will improve the security of GCM and clarify that the construction of IVs for GCM in TLS 1.3 is approved.

Read More

NIST has chosen the first group of encryption tools that are designed to withstand the assault of a future quantum computer, which could potentially crack the security used to protect privacy in the digital systems we rely on every day — such as online banking and email software. 

Read More

Last year, the National Institute of Standards and Technology (NIST) selected four algorithms designed to withstand attack by quantum computers. Now the agency has begun the process of standardizing these algorithms — the final step before making these mathematical tools available so that organizations around the world can integrate them into their encryption infrastructure.

Today NIST released draft standards for three of the four algorithms it selected in 2022. A draft standard for FALCON, the fourth algorithm, will be released in about a year.

Read More

Cybersecurity Career Week October 16-21, 2023 nist.gov/nice/ccw

Cybersecurity Career Week is a campaign to promote the discovery of cybersecurity careers and share resources that increase understanding of the multiple learning pathways that lead to those careers.

ATTEND THE INFORMATIONAL WEBINAR

There is still time to register! Join us next week Wednesday, September 6, 2023, for an informational webinar and question and answer session about Cybersecurity Career Week. We will share topics, example activities, and advice on what you can do to prepare for and participate in Cybersecurity Career Week 2023. Register to Attend

BROWSE ON-DEMAND MATERIALS

Plentiful resources are available at the click of a button on the Cybersecurity Career Week website. Explore Online Resources

DID YOU KNOW

Did you know that roles in Data Analysis are among the highest in-demand cybersecurity jobs? That’s right! Skills such as generating queries and reports, determining sources and characteristics of data, and even identifying hidden patterns or relationships are commonly used in these roles. Want to learn more? The NICE Framework Data Analyst Work Role has more information about typical tasks someone in this role is responsible for.   Cybersecurity Career Week is coordinated by NICE and supported by a community of government, academic, non-profit, and private industry stakeholders. Commercial entities, materials, and resources provided in support of Cybersecurity Career Week may be included in this email or on the nist.gov/nice/ccw web site or linked web sites. Such identification is not intended to imply recommendation or endorsement by NIST.

INFORMATION AND UPDATES Help make Cybersecurity Career Week a success! Visit our website to see what tools and resources you can use to help promote the week-long effort to your connections. For more information, visit nist.gov/nice/ccw.