Introducing Cybersecurity Insights: Director’s Corner
Welcome to the Director’s Corner! This new blog series is intended to give you special insight into the cybersecurity work we are so proud of accomplishing day in and day out. Each blog will cover a specific division at NIST in the Information Technology Laboratory with information about current projects, successes, upcoming work, and important announcements. The Director’s Corner will highlight how NIST’s cybersecurity, privacy, and information security-related projects are making a difference in the field and leading the charge to make positive changes.
For our first post in this series, we interviewed Matthew Scholl, chief of the Computer Security Division (CSD). As head of CSD, he is responsible for leading the teams at NIST that are developing cybersecurity standards, guidelines, tests, and metrics to protect global information systems.
What recent CSD accomplishments are you most proud of?
I believe the greatest accomplishment for the division, and what I am most proud of, is how we work globally — and the way we work in an open, transparent, and inclusive process. This is especially true in the development and standardization of cryptography. This process, coupled with NISTs technical excellence in crypto, results in NIST encryption used by commercial IT products across the world. This underlying encryption enables billions of dollars of electronic commerce to function; such as swiping credit cards at the grocery store — to online purchases — to major financial exchanges.
What cybersecurity focus areas do you see being at the forefront in 2020?
As we look at 2020 and beyond, NIST will update our encryption standards and ensure that encryption will continue to enable the economy and protect our livelihood. The biggest thing coming in the future (that you will hear more and more about), is in the area of quantum resistant cryptography. NIST is building open, transparent, and inclusive encryption methods with our global partners for new sets of encryption that are needed when quantum computing becomes a reality. Quantum computing is a completely new method and architecture of conducting computational activity (or way to generate information). When a quantum computer finally is strong enough, some of our current encryption will become vulnerable. Therefore, NIST is proactively working to create new encryption standards.
In the meantime, until these standards become available, my suggested best practices for getting ready to transition to new quantum resistant crypto are:
- Find out where you are using encryption;
- Figure out if that encryption is vulnerable to quantum machines. For help with that, read this presentation by NIST cryptography expert Dustin Moody;
- Assess the data’s importance that the encryption is protecting;
- Be organized and prioritize where to transition first when standards are ready, and when products are available that implement those standards.
What is your favorite thing about leading the CSD team?
The people on my team make my job feel more like a privilege, and I am honored to enable my staff to reach their goals. I am continuously amazed by the high-caliber team we have at NIST, and am impressed by their incredible skills, intelligence, knowledge, and dedication. I am very lucky to work alongside such an amazing group of professionals.
What NIST publications should we be reading to learn about CSD’s recent work?
There is a decent amount of publications coming out, so it really depends on your roles and interests as we have something for everyone. For example, our Internet of Things (IoT), Security Engineering, and Platform Security documents are things we’d like commercial vendors to look at. Our updates to the Risk Management Frameworks are suggested for chief information security officers. Lastly, we have whitepapers, research, and journals in areas of emerging technologies that are for a broader audience, as we look to understand and secure the new technologies that are coming. To see a full list of our publications, visit the NIST Cybersecurity Resource Center.
How do we stay informed about NIST cybersecurity projects?
We always welcome you to join our workshops or conferences. Please feel free to reach out to a program contact or individual author if you have comments, questions, or suggestions on a particular subject.
To stay up-to-date with the Computer Science Division’s projects and programs, please visit our website.
Remember to follow us on Twitter: @NISTcyber!