NIST is working with stakeholders from across government, industry, and academia to research and prototype methods and tools to enable predictive risk analytics and identify cyber risk trends. NIST’s goal is to enable information sharing among risk owners about historical, current and future cyber risk conditions and is intended to help not only enhance existing cyber risk mitigation strategies but also improve and expand upon existing cybersecurity risk metrology efforts.

We will be leveraging past and present efforts such as data repository for cyber incident analysis, predictive analytics and strategic analysis on threat coverage, prioritization and gap identification. Our initial research focus will be on technical framework and enabling functions for a trusted and secure repository that enterprise risk owners can use to anonymously share, store, aggregate, and analyze sensitive cyber incident data. As part of this process, NIST plans to solicit feedback and create opportunities for collaborations on proof of concepts to facilitate data sharing.