Credit: Myimagine/Shutterstock
Nations around the world are adding cyberwarfare to their arsenal, employing highly skilled teams to launch attacks against other countries. These adversaries are also called the “advanced persistent threat,” or APT, because they possess the tools and resources to pursue their objectives repeatedly over an extended period, adapting to defenders’ efforts to resist them.
Vulnerable data includes the sensitive but unclassified information managed by government, industry and academia in support of various federal programs. Now, a finalized publication from the National Institute of Standards and Technology (NIST) provides guidance to protect such “controlled unclassified information” (CUI) from the APT. NIST’s Special Publication (SP) 800-172, Enhanced Security Requirements for Protecting Controlled Unclassified Information: A Supplement to NIST SP 800-171, offers a set of tools designed to counter the efforts of state-sponsored hackers and complements another NIST publication aimed at protecting CUI.
“Cyberattacks are conducted with silent weapons, and in some situations those weapons are undetectable,” said Ron Ross, a computer scientist and a NIST fellow. “Because you may not ‘feel’ the direct effects of the next hack yet, you may think it is coming someday down the road; but in reality, it’s happening right now.”
The federal government relies heavily on nonfederal service providers to help carry out a wide range of missions using information systems — a term that includes computers, but also a range of other specialized technologies such as industrial control systems and the Internet of Things. The protection of sensitive federal information that resides in nonfederal systems — such as those used by state and local governments, colleges and universities, and independent research organizations — is of paramount importance, as it can directly impact the federal government’s ability to ..
Support the originator by clicking the read the rest link below.
