NIST Sessions - RSA 2019

Monday, March 4

RSA Public Sector Day - Keynote Presentation – Walt Copan

NIST’s Approach to Cybersecurity
Critical, Convergent, Collaborative and Convenient

When: Monday, March 4, 10:30 AM - 11:15 AM
Marriott Marquis, 780 Mission Street, San Francisco, CA 94103
Golden Gate B Meeting Room

---

NIST Privacy Framework Learning Session: Status Update & Next Steps
When: Monday, March 4, 5:00 PM - 6:00 PM
Marriott Marquis - 780 Mission Street San Francisco, CA
Golden Gate B Meeting Room 

Learn from NIST representatives about the NIST Privacy Framework: A Tool for Enterprise Risk Management. NIST leadership on the framework effort will hold a panel discussion on development of the framework to date, tackling topics such as: the stakeholder engagement process since kick-off of this effort, the comments received on NIST’s Request for Information (issued 11/13/18), and the draft annotated outline of the framework. Attendees will learn how this framework could support their privacy risk management efforts and will have an opportunity to ask questions.

Questions about this session should be directed to privacyframework [at] nist.gov (privacyframework[at]nist[dot]gov).

Tuesday, March 5

Blockchainification of Cyber-Supply Chain Risk: Hype vs. Hope
When: Tuesday, Mar 05 | 1:00 P.M. - 1:50 P.M.

The buzz around blockchains can be exciting, bewildering and, at times, troubling. Get to the bottom of fact and fiction as an NIST researcher discusses how various blockchain technologies are or could be used, focusing on cyber-supply chain risk management.

Speaker: Celia Paulsen, Cybersecurity Researcher, National Institute of Standards and Technology

---

Your Data’s Integrity: Protect and Respond to Ransomware and Critical Events
When: Tuesday, Mar 05 | 02:20 P.M. - 03:10 P.M.

At last year’s RSA Conference, we shared ways to quickly recover from an event that alters or destroys data. This year, the NCCoE’s Anne Townsend is back with an entire suite that organizations can deploy to effectively identify, protect, detect, and respond to data integrity events. These solutions are follow-on projects to the NCCoE’s highly publicized NIST Special Publication (SP) 1800-11, Recovering from Ransomware and Other Destructive Events.

Speaker(s): Anne Townsend, Lead Cybersecurity Engineer, NIST/NCCoE - MITRE
Session Track/Topic: Protecting Data & the Supply Chain Ecosystem

Wednesday, March 6

Using the NICE Cybersecurity Workforce Framework: Practical Applications and Tools
When: Wednesday, March 6 | 8:00 AM - 10:00 AM 
Where: InterContinental Hotel San Francisco - 888 Howard St, San Francisco, CA
4th Floor - Telegraph Hill Meeting Room

The NICE Cybersecurity Workforce Framework (NICE Framework) provides a common taxonomy and lexicon for describing cybersecurity work.  The NICE Framework can be used by employers for workforce planning including the identification of cybersecurity human resource needs, development of position descriptions, discovery of skills gaps, and design of education and training curricula to develop and demonstrate employee competencies.  

Attendees will participate in a review and discussion of methods in use for adopting the NICE framework within their organization. Attendees will be able to inform the NICE Program Office about known gaps and/or needed tools. During the interactive session, attendees will gain insight into best practices for which the NICE Framework is a reference resource.  They will learn techniques for identifying the skills of current staff, uncovering gaps in the KSAs of their cybersecurity team, and learning where to get tools for creating job descriptions that map to the Framework.

Participants are encouraged to share tools, discuss metrics, or describe case studies that show progress made by adopting some aspect of the NICE Framework. They can send an email to newhouse [at] nist.gov (newhouse[at]nist[dot]gov) to submit a proposal to give a 5 minutes presentation at the session to describe that progress and take questions from other attendees.    

Speaker: Bill Newhouse, Deputy Director, NICE Program Office

---

Trustworthy AI Panel Discussion
When: Wednesday, March 6 | 10:30 AM - 12:30 PM
Where: InterContinental Hotel San Francisco - 888 Howard St, San Francisco, CA
4th Floor - Telegraph Hill Meeting Room

Industry applications of AI require systems that are not only accurate but also reliable, secure and explainable. The first version of NIST’s Framework and Roadmap for Trustworthy AI Systems is under development and aims to provide a deep investigation into how AI technologies can augment, enhance, or possibly diminish, trustworthiness in ubiquitous computing systems.

The industry panel will discuss characteristics and attributes of Trustworthy AI and focuses on identifying the highest-priority challenges and potential resolutions.

Questions about this session should be directed to nist_ai_rsac [at] nist.gov (nist_ai_rsac[at]nist[dot]gov).

---

How to Eliminate a Major Vulnerability in the Cybersecurity Workforce 
When: Wednesday, March 06 | 10:40 A.M. - 12:10 P.M.

There’s a major vulnerability in most cybersecurity firms and workforces that has yet to be addressed: the industry’s gender gap. At a gathering of cyber-practitioners, behavioral scientists, and industry and government leaders in fall 2018, we developed strategies to solve the problem and will road test them with participants at this session.

Speaker(s):
Laura Bate, Policy Analyst, New America
Danielle Santos, Program Manager, NIST  

---

NIST Crypto Update with a Post Quantum Crypto Panel Discussion Targeting IT Industry and Enterprise
When: Wednesday, March 6, 1:30 PM - 3:30 PM
Where: InterContinental Hotel 888 Howard St, San Francisco, CA 
4th Floor - Telegraph Hill Meeting Room 

NIST will provide a quick update on NIST crypto development and validation program covering post quantum crypto (PQC) standardization and automated crypto validation testing activities. The industry panel will follow with a discussion surrounding the challenges that the IT vendor community and enterprise customers (from small to large organizations) face in adopting, migrating, and implementing PQC in operational environment supporting real business use cases. While the standardization is in progress, the non-crypto community could develop a transition plan that can be executed as soon as there is a clear understanding of the final candidates.

Facilitator: Matt Scholl, Chief, Computer Security Division, NIST
Questions about this session should be directed to nist-rsac [at] nist.gov (nist-rsac[at]nist[dot]gov).

---

The NIST Privacy Framework: What It Is and What It Means for You
When: Wednesday, March 6 | 1:30 P.M. - 2:20 P.M.

The National Institute of Standards and Technology is developing an enterprise risk management tool to protect consumer privacy while advancing prosperity and innovation. Learn what to expect from the voluntary Privacy Framework—targeted for release later in 2019— and how you can contribute to its development!

Speaker(s):
Naomi Lefkovitz, Senior Privacy Policy Advisor
Kevin Stine, Chief, Applied Cybersecurity Division, NIST 

Session Track/Topic: Privacy

---

IOT Cybersecurity Workshop - Hosted by Center for Cybersecurity Policy and Law
When: Wednesday, March 6 | 2:30 P.M.
Where: Venable, 101 California St, 38th Floor, San Francisco, CA 94111

NIST’s Cybersecurity for the Internet of Things (IoT) Program is beginning stakeholder engagement on identifying a core set of cybersecurity capabilities that could be a baseline for IoT devices.   We are heading to RSA and we want to hear from you!

We are interested in feedback on a recently released discussion paper – especially insights into identifying the set of cybersecurity capabilities  that could be achieved by almost all IoT devices.

Katerina Megas, Commercial Adoption Lead for the Trusted Identities Group, Program Manager for the Cybersecurity IoT program
Mike Fagan, Computer Scientist, Lead Baselines Author for the Cybersecurity for IoT program

---

Making Security Automation Real
When: Wednesday, Mar 06 | 2:50 P.M. - 3:40 P.M.

In the global fight against network intrusion, the inability to communicate between network defense systems allows attackers the upper hand. Security processes cannot keep up against the onslaught of vulnerabilities and weaknesses available to attackers. Only through standardized posture information collection will defenders be able to automate security and harden the network to attack.

Learning Objectives:
1: Understand network security today and how separating defensive systems hinders network defense.
2: Explore a vision of tomorrow’s network security.
3: Learn how to move from standards to commercially available solutions.

Speaker(s):
David Waltermire, Security Automation Architect, NIST
Jessica Fitzgerald-McKay, Security Automation Lead, National Security Agency

Thursday, March 7

The NIST Cybersecurity Framework: Building on Success
When: Thursday, March 07 | 8:00 A.M. - 8:50 A.M.

This panel will discuss the adoption of the Cybersecurity Framework around the world and share experiences and lessons learned from implementing the Framework. Panel members include the NIST program manager for the Cybersecurity Framework as well as Cybersecurity Framework practitioners. Join the discussion to learn how the Framework is being used today and where NIST sees it going tomorrow.

Moderator: Kelly Hood, Cybersecurity Engineer, G2 Inc.  
Panelist: Adam Sedgewick, Program Manager, NIST
Panelist: Gary Coverdale, Chief Information Security Officer, Mono County, CA  
Panelist: Plamen Martinov Chief Information Security Officer, University of Chicago  

Session Track/Topic:

---

Healthcare Cybersecurity: Helping Secure Emerging Health Technologies
When: Thursday, Mar 07 | 01:30 P.M. - 02:20 P.M.

Healthcare innovation is advancing at a rapid pace with the proliferation of network-connected medical devices, remote patient monitoring and telehealth opportunities. But is security keeping up with the innovation? This session will assess current medical device security and discuss how health delivery organizations and care providers can help mitigate these risks as new technologies emerge.

Facilitator: Sue Wang, Cybersecurity Engineer / Technical Lead, NIST/MITRE Corporation

---

Measuring Cybersecurity Effectiveness in a Threat-Based World
Thursday, Mar 07 | 2:50 p.m. - 3:40 p.m.

The panel will help increase understanding of how DHS, NSA and NIST are using threat data to help agencies protect information and detect and respond quickly to adversarial actions. They will examine how DHS CISA fuses threat intelligence with agency vulnerability data to improve info sharing and how efforts such as the .gov CAR initiative are helping create better threat models and solutions.

Moderator: Jeanette Manfra, Assistant Secretary, Office of Cybersecurity and Communications (CS&C), DHS  
Panelist: Marianne Bailey, Deputy National Manager (DNM) for National Security Systems (NSS) and Senior Cybersecurity Executive, National Security Agency  
Panelist: Kevin Cox, Program Manager, Cybersecurity and Infrastructure Security Agency  
Panelist: Matthew Scholl, Chief, Computer Security Division, NIST

RSA Booth Demos

Rodney Petersen and NICE Staff
NICE Meet & Greet
Monday, 5:00-6:00pm

Bill Newhouse - Demonstrate Multifactor Authentication for E-commerce
Tuesday 12:00-1:00pm

Bill Newhouse and Rodney Petersen
NICE Cybersecurity Workforce Framework Demo
Tuesday, 5:00-6:00pm

Harry Perper (NCCoE/MITRE)
Demonstration - Access Rights Management for the Financial Services Sector
Wednesday at 10:00-11:00am

Rodney Petersen and Danielle Santos
CyberSeek Demo
Wednesday, 4:00-5:00pm

Andrea Arbelaez (NIST) and Sue Wang (NCCoE/MITRE)
Demonstration - Securing Wireless Infusion Pumps for the Healthcare Sector
Thursday, 10:00-11:00am

Bill Fisher (NCCoE)
Demonstration - Mobile Application Single Sign-on
(Date tentative…)

---

Videos for booth:

Wireless Infusion Pumps (video with audio, and closed captioning) https://youtu.be/5XMILRdx_AE