NIST to Sponsor First Cybersecurity Federally Funded R&D Center

Published: April 24, 2013

DOCCritical Infrastructure ProtectionCybersecurity

Along with its recent work on the Cybersecurity Framework, the National Institute for Standards and Technology (NIST) has been laying groundwork for ongoing cybersecurity collaboration between the public and private sector. Mid April, NIST hosted the formal establishment of a public-private partnership that includes 11 major companies. The partnership will work with industry, academic and government experts to explore solutions for businesses’ most pressing cybersecurity challenges. Shortly after that event, the NIST announced its intention to establish the nation’s first Federally Funded Research and Development Center dedicated to improving information security.

National Cybersecurity Center of Excellence (NCCoE) was formed in February 2012 through a Memorandum of Understanding between the state of Maryland, Montgomery County and NIST. As government and industry work together to strengthen cybersecurity capabilities, the NCCoE  testbed will enable users and vendors to collaborate on new technologies prior to deployment to document and share each solution. The center follows a four-step process:
-          Identify the problem and define a project around relevant technical “use cases” in which needs are currently unmet.
-          Assemble a cybersecurity team from industry, government and academia.
-          Build practical model solutions based on commercially available technology. These solutions will aim to be repeatable, secure and flexible to enable use with various products.
-          Facillitate rapid, widespread deployment and implementation of these solutions.
NIST has called out examples use cases for this process, such as interoperable information security templates for health IT, cloud and mobile computing, and continuous monitoring of IT systems.
On April 15, 2013, NIST hosted a signing ceremony to mark the formal partnership with 11 private companies.

During her comments at the signing event, Senator Mikulski, chairwoman of the Senate Appropriations Committee, noted that, “Joining the forces of the National Cybersecurity Center of Excellence at NIST with these new private-sector partners will unite their private-sector savvy with the deep cybersecurity knowledge of the government to make our country safer and Maryland’s economy stronger.” Beyond the formal industry partnership that has been established, vendors, users and researchers are invited to participate in NCCoE activities through a variety of collaborative channels.
A week later, on April 22, 2013, NIST released a notice about sponsoring a Federally Funded Research and Development Center (FFRDC) to strengthen the nation’s information security. In short, the FFRDC proposal will enable a nonprofit organization to support the NCCoE. According to Peter Gallagher, Under Secretary of Commerce for Standards and Technology and NIST Director, “The FFRDC model is the most effective way to center can work with private companies to accelerate industry’s adoption of integrated tools and technologies to protect IT assets.”
The announcement of sponsoring the FFRDC marks the first of three notices that must be published over a 90-day period. The three primary purposes for the NCCoE FFRDC address (1) research, development, engineering, and technical support; (2) program/project management; and (3) facilities management. NIST is especially interested in feedback on the scope of work and any existing private or public capabilities that should be considered. Comments on the proposed FFRDC are due July 22, 2013.