National Cybersecurity Center of Excellence improving security in US, Israel

Nathan Lesser, deputy director of the relatively new US National Cybersecurity Center of Excellence (NCCoE), is all about security and efficiency.

By
December 17, 2014 01:05
3 minute read.
Cyber hackers [illustrative]

Cyber hackers [illustrative]. (photo credit: REUTERS)

 
X

Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analyses from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief

UPGRADE YOUR JPOST EXPERIENCE FOR 5$ PER MONTH Show me later Don't show it again

What was an American government expert in cyber security for US infrastructure-related companies doing at a conference in Israel? Nathan Lesser, deputy director of the relatively new US National Cybersecurity Center of Excellence (NCCoE), is all about security and efficiency.

He and his agency, a unique laboratory for innovation, recognize that the US and Israel can benefit from each other’s expertise in the cyber arena.

Be the first to know - Join our Facebook page.


Lesser said recently that on one hand, “Israel is using many of the new standards” in cyber security that his agency originated, and that on the other hand, for the US, it is “bad not to look outside your own borders for cutting edge” ideas.

Developing standards “to address intractable problems is an international effort,” he said.

What kinds of ideas does the NCCoE develop and where do they come into play? The agency, a division of the National Institute of Standards and Technology within the US Department of Commerce that has its “ancient” roots in working on railroad technologies, over time has become a standard setter for all government nonnational security-related systems as well as covering much of the US’s critical infrastructure.

Whereas the National Institute is the umbrella for setting standards, the relatively new NCCoE spin-off focuses on making standards more user-friendly and in making technology more friendly to complying with standards.

NCCoE’s cyber security standards are enforced by the Department of Homeland Security and the Office of Management and Budget across the nonnational security organs of the US government.



“Because companies like the standards, they also have been being adopted in the real world” outside of government, such as in the utilities, water, chemical, financial and healthcare sectors, Lesser said.

NCCoE tries to explore where the public and private sector are overwhelmed by the pace of change, the number of upgrades being offered in cyber security and technology generally, and to provide solutions to “barriers to adoption.”

Put differently, NCCoE tries to help groups upgrade in a way that fits their specific infrastructure and sector-specific dynamics while helping them understand which cyber technologies work best with those unique issues.

Many of these ideas could be exported to Israel.

An example from the US context would be cyber security solutions for addressing security and privacy of patients’ healthcare data on mobile devices when the devices must interact with other networks and electronic healthcare record systems.

The initial problem is that doctors could email or otherwise transfer data without fully internalizing the security pitfalls involved in data transfers.

To combat this issue, hospitals normally buy a particular system, which usually ties them down into a variety of applications.

Lesser said this setup of tying applications and add-ons to the system makes market pricing less efficient and makes it harder for hospitals to upgrade technologically in a new direction.

So if they want to upgrade, hospitals face three barriers: they are often not sufficiently educated to know how to judge what companies are selling them; installed technology and firewalls can handicap adapting new technologies; and hospitals worry that new technologies will not interface properly.

NCCoE would build a mirroring environment using similar technology and infrastructure used by the hospital, to test and troubleshoot cyber security measures that the hospital might be interested in, so that the hospital can play out any issues risk free and overcome the above barriers to advancement.

Lesser’s first cyber contact with Israel came through Israel’s Export Institute; he met with its representatives when Israeli Embassy and export institute officials visited NCCoE’s headquarters in Rockville, Maryland.

Ofer Sachs, CEO of the institute, thanked Lesser for his participation and invited him back for next year’s conference and for continued collaboration.

Related Content

Sodastream plant, August 8, 2018.
August 20, 2018
Five times SodaStream bubbled over in the headlines

By DAVID BRINN