Constructing Cybersecurity: A Constructivist Analysis of Bangladesh’s Response to Emerging Digital Threats

Recent U.S. Food and Drug Administration (FDA) guidance recognizes that today’s medical devices face a host of cyberthreats. Medical device manufacturers, in turn, face the need to assess and mitigate cyber risks. By combining the cyber risk framework of the National Institute of Standards and Technology (NIST) with the existing International Organization for Standardization (ISO) 14971 Safety Risk Management (SRM) process, manufacturers can leverage proven best practices to make their devices safer and more effective. The cyberthreat to medical devices is based on two factors. First, increasingly faster and more efficient processors now enable full operating systems to run on small implant devices. Previously, only dedicated firmware could have been used. Second, modern hardware can readily connect to networks using wired and wireless protocols. Both factors offer markedly increased capability for patients, physicians, caregivers, and healthcare technology management (HTM) professionals, at the cost of opening unforeseen and unintended doorways into a device. Opening unintended doorways can compromise medical devices in three major areas of cybersecurity: confidentiality, integrity, and availability. Confidentiality refers to preserving authorized restrictions on information access and disclosure, including means for protecting patient privacy and corporate proprietary information. Integrity means guarding against improper information modification or destruction and includes ensuring information nonrepudiation and authenticity. Availability is ensuring timely and reliable access to and use of information. As embedded medical devices grow in complexity and ability, an end-to-end cybersecurity framework is needed to ensure that they achieve the confidentiality, integrity, and availability required for successful operation. Cybersecurity concerns have factored into medical device design for some time, but additional attention has been focused on the topic by recent FDA communications, including a recent guidance document and a safety communication. These documents, however, lack clear instructions on what needs to be considered and tested—a comprehensive standard could be years away. To ensure safety and effectiveness and reduce exposure to liability, device manufacturers need to be proactive in defining and applying cybersecurity controls for their medical devices. The problem facing medical device development teams is complex; it involves securing a device against an ever-growing number of cybersecurity threats while balancing usability, performance, and safety. A viable approach Applying Cyber Risk Management To Medical Device Design

In recent years, cybersecurity management has gained considerable attention due to a rising number and also increasing severity of cyberattacks in particular targeted at critical infrastructures of countries. Especially rapid digitization holds many vulnerabilities that can be easily exploited if not managed appropriately. Consequently, the European Union (EU) has enacted its first directive on cybersecurity. It is based on the Cybersecurity Framework by the US National Institute of Standards and Technology (NIST) and requires critical infrastructure organizations to regularly monitor and report their cybersecurity efforts. We investigated whether the academic body of knowledge in the area of cybersecurity metrics and controls has covered the constituent NIST functions, and also whether NIST shows any noticeable gaps in relation to literature. Our analysis revealed interesting results in both directions, pointing to imbalances in the academic discourse and underrepresented areas in the NIST framework. In terms of the former, we argue that future research should engage more into detecting, responding and recovering from incidents. Regarding the latter, NIST could also benefit from extending into a number of identified topic areas, for example, natural disasters, monetary aspects, and organizational climate.

ABSTRACTThe National Institute of Standards and Technology (NIST) has developed a dynamic and on-going educational outreach program designed to support middle school science teachers and increase their understanding of the science they teach with applications to the real world and connections to the latest NIST research. In the NIST Summer Institute for Middle School Science Teachers, science topics are taken from NIST research pertinent to the middle school curriculum, and the research is translated for use in the classroom. During the two-week summer program teachers from around the country are given the opportunity to focus on NIST research as it relates to the middle school classroom by participating in a combination of hands-on activities, lectures, tours, and visits with scientists and engineers in their laboratories. The NIST Summer Institute is designed to increase teacher understanding of the subjects they teach, provide inquiry activities for the classroom, rekindle teachers’ enthusiasm for science, provide increased understanding of how scientific research is performed, create a learning community of teachers and scientists, and provide role models for the teachers. Teachers finish the NIST Summer Institute with a wealth of knowledge about core topics in introductory biology, chemistry, physics, and materials to integrate these topics into their existing curriculum.The NIST Summer Institute has spawned additional related outreach activities, including “Science Afternoons at NIST,” in which teachers are invited back to NIST during the school year for events in which the focus is on a single topic such as designing buildings to resist earthquakes, infrared energy, and nanomagnetism. Based on continued requests from participants in the NIST Summer Institute, an additional program, the NIST Research Experience for Teachers program, was begun in 2011 with teachers performing research at NIST under the guidance of NIST scientists and engineers, and designing ways to take their research experience back into the classroom to share with their students. This proceeding will give examples of topics covered and activities developed in past Summer Institutes, as well as ways similar Institutes are being implemented at other locations. While not a teaching institution but a research institute focused on meeting the measurement science needs of the nation, NIST has a wealth of resources for the education community. The NIST Summer Institute for Middle School Science Teachers is one way of sharing these resources and building partnerships between middle school science teachers and their students and NIST scientists and engineers.

Commercial satellites play a pivotal role in maintaining civil communications and military operations. However, these privately operated space systems remain vulnerable, particularly when deployed in high-stakes public emergency scenarios where secure and continuous communication is critical. This paper examines the cyber risks associated with commercial satellite communication (SATCOM) networks, such as those operated by SpaceX and Amazon, when deployed during civil conflicts and national emergencies. We argue that the convergence of military reliance, profit-driven motives, and emerging AI-enabled cyber threats has created a critical need for a public–private cybersecurity paradigm. We analyse three core challenges: misaligned stakeholder interests, the rise of generative AI-enabled attacks, and transparency gaps in satellite protocol governance. Building on the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and the 2024 NIST AI Risk Management Framework (AI RMF), we propose an integrated approach for securing commercial SATCOMs. Our framework adapts NIST core functions to satellite systems and aligns sector-specific guidance from NIST Internal Reports (IR)s to facilitate coordination among government, military, and commercial actors. We further evaluate existing U.S. practices, including the Cybersecurity and Infrastructure Security Agency’s Space System Working Group and the Space Force’s Infrastructure Asset Pre-Assessment Program, to assess how cross-sectoral collaboration can be standardized and institutionalized. We argue for pre-emptive regulation on AI model deployment, cryptographic protocol disclosure, and open standards for hybrid satellite networks. By synthesizing technical frameworks with policy case studies, this study makes three contributions: first, it articulates a novel application of the NIST CSF to commercial satellite cybersecurity; second, it provides a conceptual bridge between AI risk management and satellite network governance; third, it offers practical strategies for harmonizing public benefit with private infrastructure in space-based communication. This research supports the development of a resilient satellite cybersecurity ecosystem that safeguards public trust and international stability.

Identification and application of security measures for petrochemical industrial control systems

With the increase in cybercrimes over the last few years, a growing realization for the need for cybersecurity has begun to be recognized by the nation. Unfortunately, being aware that cybersecurity is something you need to worry about and knowing what steps to take are two different things entirely. In the United States, the National Institute of Standards and Technology (NIST) developed the Cyber Security Framework (CSF) to assist critical infrastructures in determining what they need in order to secure their computer systems and networks. While aimed at organizations, much of the guidance provided by the CSF, especially the basic functions it identifies, are also valuable for communities attempting to put together a community cybersecurity program.

With the increase in cybercrimes over the last few years, a growing realization for the need for cybersecurity has begun to be recognized by the nation. Unfortunately, being aware that cybersecurity is something you need to worry about and knowing what steps to take are two different things entirely. In the United States, the National Institute of Standards and Technology (NIST) developed the Cyber Security Framework (CSF) to assist critical infrastructures in determining what they need in order to secure their computer systems and networks. While aimed at organizations, much of the guidance provided by the CSF, especially the basic functions it identifies, are also valuable for communities attempting to put together a community cybersecurity program.

Saudi Arabian banks are deeply concerned about how to effectively monitor and control security threats. In recent years, the country has taken several steps towards restructuring its organizational security and, consequently, protecting financial institutions and their clients. However, there are still several challenges left to be addressed. Accordingly, this article aims to address this problem by proposing an abstract framework based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework and International Organization for Standardization/International Electrotechnical Commission (ISO/IEC 27001). The framework proposed in this paper considers the following factors involved in the security policy of Saudi banks: safety, Saudi information bank, operations and security of Saudi banks, Saudi banks’ supplier relationships, risk assessment, risk mitigation, monitoring and detection, incident response, Saudi banks’ business continuity, compliance, education, and awareness about all factors contributing to the framework implementation. This way, the proposed framework provides a comprehensive, unified approach to managing bank security threats. Not only does the proposed framework provide effective guidance on how to identify, assess, and mitigate security threats, but it also instructs how to develop policy and procedure documents relating to security issues.

The National Aeronautics and Space Administration (NASA) Kennedy Space Center (KSC) requires accurate gas mixtures containing argon (Ar), helium (He), hydrogen (H(2)), and oxygen (O(2)) in a balance of nitrogen (N(2)) to calibrate mass spectrometer-based sensors used around their manned and unmanned space vehicles. This also includes space shuttle monitoring around the launch area and inside the shuttle cabin. NASA was in need of these gas mixtures to ensure the safety of the shuttle cabin and the launch system. In 1993, the National Institute of Standards and Technology (NIST) was contracted by NASA to develop a suite of primary standard mixtures (PSMs) containing helium, hydrogen, argon, and oxygen in a balance gas of nitrogen. NIST proceeded to develop a suite of 20 new gravimetric primary PSMs. At the same time NIST contracted Scott Specialty Gases (Plumsteadville, PA) to prepare 18 cylinder gas mixtures which were then sent to NIST. NIST used their newly prepared PSMs to assign concentration values ranging from 100 to 10,000 micromol/mol with relative expanded uncertainties (95% confidence interval) of 0.8-10% to the 18 Scott Specialty Gases prepared mixtures. A total of 12 of the mixtures were sent to NASA as NIST traceable standards for calibration of their mass spectrometers. The remaining 6 AIRGAS mixtures were retained at NIST. In 2006, these original 12 gas standards at NASA had become low in pressure and additionally NASA needed a lower concentration level; therefore, NIST was contracted to certify three new sets of gas standards. NIST prepared a new suite of 22 PSMs with weighing uncertainties of <0.1%. These 22 PSMs were compared to some of the original 20 PSMs developed in 1993 and with the NIST valued assigned Scott Specialty Gas mixtures that NIST had retained. Results between the two suites of primary standards and the 1993 NASA mixtures agreed, verifying their stability. At the same time, NASA contracted AIRGAS (Chicago, Illinois) to prepare 45 cylinder gas mixtures which were then sent to NIST. Each of the 3 sets of standards contained 15 cylinder gas mixtures: set no. 1, He at 12,000 micromol/mol, H(2) at 600 micromol/mol, Ar at 100 micromol/mol, and O(2) at 600 micromol/mol; set no. 2, He at 15 000 micromol/mol, H(2) at 5000 micromol/mol, Ar at 1000 micromol/mol, O(2) at 5000 micromol/mol; and set no. 3, He at 50 micromol/mol, H(2), Ar, and O(2) each at 25 micromol/mol with a balance gas of N(2). NIST used their newly prepared primary standards to assign concentration values to each component in these three new mixture sets to relative expanded uncertainties of 0.5-2.2%. The NIST certified AIRGAS prepared mixtures were then sent to NASA to use as "working standards" to calibrate their mass spectrometers (MSs).

The National Institute of Standards and Technology (NIST) is the National Measurement Institute (NMI) for the US. All dosimetric measurements made in American radiotherapy clinics should be traceable to the primary standards maintained by NIST. The accuracy of the NIST standards, and traceability to the Systeme Internationale (SI), is ensured through the Bureau International des Poids et Mesures (BIPM), the international laboratory that co‐ordinates comparisons between NIST and other NMIs around the world (such as the National Research Council Canada). A continuous calibration chain, therefore, links the measurement of dose in the clinic to the internationally agreed‐upon definition of the gray, an essential requirement in ensuring equivalence of clinical dose delivery irrespective of location. Within the US, traceability of radiationdose measurements to the SI is ensured through activities of the Radiation Interactions and Dosimetry (RID) Group at NIST, whose primary mission is to develop, maintain, and disseminate the national measurement standards for the dosimetry of x rays,gamma rays, electrons, and other charged particles. In the case of medical dosimetry, relevant standards are disseminated both directly to the customer and through the AAPM Accredited DosimetryCalibration Laboratory (ADCL) network by means of calibrations and proficiency testing services, provided to maintain measurement‐quality assurance and traceability. The evolving measurement needs of industry, medicine and government provide impetus for the improvement of existing standards and the development of new standards. Research activities in support of this part of the RID Group's mission address a variety of topics in fundamental and applied radiation physics. These efforts are driven partly by advancements in instrumentation technology and partly by the ever expanding domain of measurement standards made possible by such advancements. The widespread adoption of conformal beam therapies, for example, has driven the standards community to develop new approaches for standard reference dosimetry of “nonstandard” beams. At NIST, this has spurred a research program in water calorimetry that is looking into ultrasonic time‐of‐flight approaches to imagingdose in water. Ultimately, this or similar approaches might lead to new ways of imaging complicated dose distributions in tissue as well as give the standards community new tools for reference dosimetry of present and future beam technologies. In this session, attendees will learn how the accuracy of their clinical measurements is assured as a result of comparisons between NIST and other NMIs around the world as well as NIST proficiency tests and AAPM accreditation of the ADCLs. It will be shown how NIST staff members are active within critical AAPM scientific committees so that measurement needs in the clinic can be addressed by the standards laboratory, resulting in the development of new standards and/or methodologies. Learning Objectives: 1. Understand the impact of measurement standards in general, and in particular the work of primary standards laboratories such as NIST, on clinical radiationdosimetry. 2. Understand the calibration chain from primary standards laboratory to radiotherapy clinic. 3. Understand how NIST interacts with various AAPM committees to ensure that the measurement needs of the user community are met.

PurposeFor many innovative organisations, Industry 4.0 paves the way for significant operational efficiencies, quality of goods and services and cost reductions. One of the ways to realise these benefits is to embark on digital transformation initiatives that may be summed up as the intelligent interconnectivity of people, processes, data and cyber-connected things. Sadly, this interconnectivity between the enterprise information technology (IT) and industrial control systems (ICS) environment introduces new attack surfaces for critical infrastructure (CI) operators. As a result of the ICS cybersecurity risk introduced by the interconnectivity between the enterprise IT and ICS networks, the purpose of this study is to identify the cybersecurity capabilities that CI operators must have to attain good cybersecurity resilience.Design/methodology/approachA scoping literature review of best practice international CI protection frameworks, standards and guidelines were conducted. Similar cybersecurity practices from these frameworks, standards and guidelines were grouped together under a corresponding National Institute of Standards and Technology (NIST) cybersecurity framework (CF) practice. Practices that could not be categorised under any of the existing NIST CF practices were considered new insights, and therefore, additions.FindingsA CI cybersecurity capability framework comprising 29 capability domains (cybersecurity focus areas) was developed as an adaptation of the NIST CF with an added dimension. This added dimension emphasises cloud computing and internet of things (IoT) security. Each of the 29 cybersecurity capability domains is executed through various capabilities (cybersecurity processes and procedures). The study found that each cybersecurity capability can further be operationalised by a set of cybersecurity controls derived from various frameworks, standards and guidelines, such as COBIT®, CIS®, ISA/IEC 62443, ISO/IEC 27002 and NIST Special Publication 800-53.Practical implicationsCI sectors are immediately able to adopt the CI cybersecurity capability framework to evaluate their levels of resilience against cyber-attacks, given new attack surfaces introduced by the interconnectivity of cyber-connected things between the enterprise and ICS levels.Originality/valueThe authors present an added dimension to the NIST framework for CI cyber protection. In addition to emphasising cryptography, IoT and cloud computing security aspects, this added dimension highlights the need for an integrated approach to CI cybersecurity resilience instead of a piecemeal approach.

Cybersecurity is an urgent concern for small and medium enterprises (SMEs) in Uganda, driven by the rapid digital transformation of businesses and increasing dependence on online platforms. This study explores Ugandan SMEs' cybersecurity challenges, highlighting prevalent cyber threats, risk exposure, and a cyber maturity typology to mitigate cybercrime effectively. Using a qualitative, descriptive research design based on secondary data and a literature review, the study examines how Digital, Blended, and Traditional Business Models influence SMEs' cybersecurity preparedness. A key contribution of this research is the development of a context-sensitive typology of SME cyber maturity, which categorises businesses as Traditional, Transitioning, Digitally Enabled, and Digitally Mature, aligned with the National Institute of Standards and Technology (NIST) Cybersecurity Framework but adapted to Uganda's unique environment. The study identifies ongoing issues such as data breaches, financial fraud, and weak digital infrastructure, as well as gaps in policy enforcement and the disconnect between cybersecurity regulations and SME operators' literacy levels, as key cybersecurity threats. Informal responses to cybercrime, including vigilante actions, are also highlighted. This study provides a maturity typology for SMEs that guides policymakers and business owners in improving cybersecurity practices in Ugandan SMEs. The study calls for multi-stakeholder collaboration, stronger regulatory enforcement, and scalable awareness programs to build a more resilient SME sector. Overall, this study contributes to the discourse on SME cybersecurity by proposing literacy-sensitive interventions tailored to the needs of Uganda and offering a foundation for future research into the effectiveness of Uganda's cybersecurity frameworks.

Data protection is notoriously complex and artificial intelligence (AI) has only added to that complexity. In addition, many organisations are floundering as they seek to adopt AI in an ethical and trustworthy manner. This paper addresses skill sets and frameworks familiar to IT and cyber security professionals that can be leveraged to help build a robust approach to AI governance. Adopting the maxim of ‘govern once/comply many’, the paper compares and contrasts existing cyber security frameworks and approaches that address the governance concerns that arise with AI. It also uses the National Institute of Standards and Technology (NIST) Artificial Intelligence Risk Management Framework as a lens through which to assess the utility of cyber security frameworks to inform AI governance efforts. Generally, the map, measure, manage and govern functions of the NIST Artificial Intelligence Risk Management framework align well with the confidentiality, integrity, and availability foci of established cyber security frameworks, forming the beginnings of a common language, when it comes to issues of data protection and AI governance. This article is also included in The Business &amp; Management Collection which can be accessed at https://hstalks.com/business/.

Detecting tattoo images stored in information technology (IT) devices of suspects is an important but challenging task for law enforcement agencies. Recently, the U.S. National Institute of Standards and Technology (NIST) held a challenge and released a tattoo database for the commercial and academic community in advancing research and development into automated image-based tattoo recognition technology. The best tattoo detection result in the NIST challenge was achieved by MorphoTrak with accuracy of 96.3%. This paper aims to answer three questions. 1) Is the NIST database suitable for training algorithms to detect tattoo images stored in IT devices of suspects? 2) Can convolutional neural networks (CNNs) outperform the MorphoTrak's algorithm? 3) How do training databases impact on tattoo detection performance? The NIST tattoo detection database containing 2,349 images and a database containing 10,000 collected from Flickr are utilized to answer these questions. The Flickr images taken in diverse environments and poses are used to simulate images stored in the IT devices. A CNN is trained on the NIST and Flickr images for this study. The experimental results demonstrate that the CNN outperforms the MorphoTrak's algorithm by 2.5%, achieving accuracy of 98.8% on the NIST database. When the CNN is trained on the NIST database to detect Flickr images, the accuracy drops to 65.8%. It implies that the NIST database is not an ideal database for training algorithms to detect tattoo images in IT devices of suspects. However, when the training database size increases, the detection performance improves.

Upholstery fabrics for residential use were obtained from various fabric shops and manufacturers' catalogs. Screening was conducted with four experimental cigarettes of varying design. By the National Institute of Stan dards and Technology (NIST) cotton duck mockup method, two of the cigarettes display "low" ignition propensity and two show "high" ignition propensity. Of the fabrics obtained for this study, 316 smoldered when in contact with at least one of the experimental cigarettes. Further examination within this set of upholstery fabrics showed once again that cigarette ignition propensity rank ing are dependent on fabric characteristics. The number of fabrics that showed ignition propensity rankings opposite to the NIST test "ranking" was similar to the number that agreed with it. That is, on the fabrics with rankings opposite to the NIST ranking, cigarettes of "low" ignition propensity by the NIST test showed more ignitions than cigarettes of "high" ignition propensity by the NIST test. These results are consistent with those of a previously published study with a smaller set of ignitable fabrics. Fabric weight was a key factor in determining fabric ignition behavior; two of the cigarettes showed increasing ignition propensity and two showed decreasing ignition propensity with fabric weight. For the majority of fabrics, however, cigarette design was unimportant in determining ignition behavior; that is, no differences in ignition behavior were observed with the different cigarette designs. The physical and chemical properties of the cotton duck fabrics of the NIST test are such that they repre sent only a fraction of the ignition behaviors observed with "real-world" upholstery fabrics. The NIST test, therefore, provides an incomplete picture and can be misleading in defining "low" ignition propensity.