{"id":31153,"date":"2021-02-03T17:27:30","date_gmt":"2021-02-03T17:27:30","guid":{"rendered":"https:\/\/www.dvirc.org\/insights\/nist-offers-tools-to-help-defend-against-state-sponsored-hackers\/"},"modified":"2023-03-08T14:05:32","modified_gmt":"2023-03-08T14:05:32","slug":"nist-offers-tools-to-help-defend-against-state-sponsored-hackers","status":"publish","type":"post","link":"https:\/\/www.dvirc.org\/insights\/nist-offers-tools-to-help-defend-against-state-sponsored-hackers\/","title":{"rendered":"NIST Offers Tools to Help Defend Against State-Sponsored Hackers"},"content":{"rendered":"
Nations around the world are adding cyberwarfare to their arsenal, employing highly skilled teams to launch attacks against other countries. These adversaries are also called the \u201cadvanced persistent threat,\u201d or APT, because they possess the tools and resources to pursue their objectives repeatedly over an extended period, adapting to defenders\u2019 efforts to resist them.<\/p>\n
Vulnerable data includes the sensitive but unclassified information managed by government, industry and academia in support of various federal programs. Now, a finalized publication from the National Institute of Standards and Technology (NIST) provides guidance to protect such \u201ccontrolled unclassified information\u201d (CUI) from the APT. NIST\u2019s Special Publication (SP) 800-172,\u00a0Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST SP 800-171<\/a>,<\/em>\u00a0offers a set of tools designed to counter the efforts of state-sponsored hackers and complements another NIST publication aimed at protecting CUI.<\/p>\n \u201cCyberattacks are conducted with silent weapons, and in some situations those weapons are undetectable,\u201d said Ron Ross, a computer scientist and a NIST fellow. \u201cBecause you may not \u2018feel\u2019 the direct effects of the next hack yet, you may think it is coming someday down the road; but in reality, it\u2019s happening right now.\u201d<\/p>\n The federal government relies heavily on nonfederal service providers to help carry out a wide range of missions using information systems \u2014 a term that includes computers, but also a range of other specialized technologies such as industrial control systems and the Internet of Things. The protection of sensitive federal information that resides in nonfederal systems \u2014 such as those used by state and local governments, colleges and universities, and independent research organizations \u2014 is of paramount importance, as it can directly impact the federal government\u2019s ability to carry out its operations. A\u00a0hack in 2018 that compromised sensitive information<\/a>\u00a0directly inspired the NIST team\u2019s work on SP 800-172.<\/p>\n Formerly numbered SP 800-171B during its draft stages<\/a>, SP 800-172 offers additional recommendations for handling CUI in situations where that information runs a higher than usual risk of exposure. CUI includes a wide variety of information types, from individuals\u2019 names or Social Security numbers to critical defense information.<\/p>\n \u201cWe developed SP 800-171 in response to major cyberattacks on U.S. critical infrastructure, and its companion document SP 800-172 is designed to mitigate attacks from advanced cyber threats such as the APT,\u201d Ross said. \u201cImplementing the cyber safeguards in SP 800-172 will help system owners protect what state-level hackers have considered to be particularly high-value targets: sensitive information about people, technologies, innovation and intellectual property, the revelation of which could compromise our economy and national security.\u201d<\/p>\n