The National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence (NCCoE), is seeking comments on a new project to help organizations prepare for and recover from attacks that may compromise their data, the agency said Nov. 24.
The project, Data Integrity: Reducing the Impact of an Attack, is posted in draft whitepaper form at the NIST website. It is meant to help reduce the risk businesses face from destructive malware, ransomware, malicious insider threats, and even honest mistakes that alter or destroy “critical data.” Organizations must be able to both recover from a data integrity attack quickly and trust the accuracy of the recovered data, NIST said.
The draft project document describes technical challenges of ensuring accurate and complete back-up data when systems recover from a cyber attack. Data Integrity was developed with members of the business community, the Financial Services Information Sharing and Analysis Center (FS-ISAC), and cybersecurity solutions vendors, NIST said.
“We are excited to be working with FS-ISAC and the broader consumer community to tackle this important, cross-sector cybersecurity challenge. FS-ISAC has done important work to further the research and development of data integrity solutions for the financial services sector, and this collaboration is vital to this project’s development,” Nate Lesser, NCCoE deputy director, said in a statement.
The Data Integrity project is generally meant to explore methods to help organization recover information including operating systems, databases, user files, applications, and software/system configurations while also examining auditing and reporting to support recovery operations, NIST said.
Feedback on this whitepaper from businesses and the public will inform the project and solution development. Ultimately, the project will conclude in a Cybersecurity practice Guide in the NIST special Publication 1800 series, demonstrating an example solution and explaining how to replicate it with similar commercially available technology.
“Ensuring data integrity is about mitigating business risk and maintaining consumer confidence. The FS-ISAC will continue working with the NCCoE, as well as industry and federal agencies, to identify solutions for reducing the impact of data integrity attacks, such as destructive malware,” John Carlson, FS-ISAC chief of staff, added.
NCCoC started work on the Data Integrity project following a previously published report, NIST IR 8050, and summarized the feedback of a 2015 NIST workshop cohosted by Stanford University in conjunction with the White House Summit on Cybersecurity and Consumer Protection.