IN THIS ISSUE

• ARTIFICIAL INTELLIGENCE: AN ITL PRIORITY RESEARCH AREA
• ITL RELEASES CYBERSECURITY FRAMEWORK VERSION 1.1
• NIST'S NEW QUANTUM METHOD GENERATES REALLY RANDOM NUMBERS
• NIST AND FLORIDA INTERNATIONAL UNIVERSITY JOIN FORCES ON CYBERSECURITY EDUCATION OUTREACH
• PROFILES OF ITL DIVISIONS
• STAFF ACCOMPLISHMENTS
• SELECTED NEW PUBLICATIONS
• CONFERENCE CALENDAR

ARTIFICIAL INTELLIGENCE: AN ITL PRIORITY RESEARCH AREA

Artificial Intelligence (AI) refers to computer systems that think and act like humans, and think and act rationally. AI is rapidly transforming our world with innovations like autonomous vehicles driving our city streets, personal digital assistants in our homes and pockets, and direct human brain interfaces (link is external) that can help a paralyzed person feel again when using a brain-controlled robotic arm (link is external).

In recent years, the field of AI has experienced a remarkable surge in capabilities. Factors contributing to this include: 

• Improved machine learning (ML) techniques, 
• Availability of massive amounts of training data, 
• Unprecedented computing power, and 
• Mobile connectivity. 

AI-enabled systems are beginning to revolutionize fields such as commerce, healthcare, transportation and cybersecurity. AI has the potential to impact nearly all aspects of our society including our economy, yet its development and use come with serious technical and ethical challenges and risks. AI must be developed in a trustworthy manner to ensure reliability and safety.

READ MORE

ITL RELEASES CYBERSECURITY FRAMEWORK VERSION 1.1

On April 16, 2018, ITL released the Cybersecurity Framework Version 1.1, The updated Framework refines, clarifies, and enhances Version 1.0, which was issued in February 2014. It incorporates comments received on the two drafts of Version 1.1. (Picture credit: N. Hanacek/NIST) This voluntary Framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk. The Cybersecurity Framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security. Version 1.1 is intended to be implemented by first-time and current Framework users. Current users should be able to implement Version 1.1 with minimal or no disruption; compatibility with Version 1.0 has been an explicit objective. READ MORE

NIST'S NEW QUANTUM METHOD GENERATES REALLY RANDOM NUMBERS

Researchers at the National Institute of Standards and Technology (NIST) have developed a method for generating numbers guaranteed to be random by quantum mechanics. Described in the April 12 issue of Nature, the experimental technique surpasses all previous methods for ensuring the unpredictability of its random numbers and may enhance security and trust in cryptographic systems. (Picture credit: K. Irvine/NIST) READ MORE

NIST AND FLORIDA INTERNATIONAL UNIVERSITY JOIN FORCES ON CYBERSECURITY EDUCATION OUTREACH

NIST has announced a cooperative agreement with Florida International University (FIU) to help build national relationships that advance outreach in the cybersecurity education, training and workforce development communities. The collaboration will be managed by NIST’s National Initiative for Cybersecurity Education Program (NICE), as part of its mission to energize and promote a robust network and ecosystem of cybersecurity efforts. (Picture credit: Maksim Kabakou/Shutterstock)

READ MORE

Advanced Network Technologies Division Abdella Battou, Chief One of seven divisions within the Information Technology Laboratory, the Advanced Network Technologies Division  (ANTD)  provides expertise  in Network Science and Engineering. It develops  knowledge  about networks  to understand their complexity and inform their future design. It seeks to discover and understand  common principles and fundamental structures underlying networks and their behaviors.  It studies the processes underlying networks' evolution and the paradigms for network engineering to enhance their efficiency, reliability, security, and robustness. ANTD remains  very active in the Internet Engineering Task Force (IETF) where it participates in the development of network protocols and algorithms, studies system issues in interoperability of communication networks, and actively transitions the lessons learned to industrial partners for  commercialization.

READ MORE

Wo Chang

Congratulations to Wo Chang for receiving the InterNational Committee for Information Technology Standards (INCITS) Merit Award. For more than 10 years as a member with significant contributions to at least two international Subcommittees or Working Groups in a technical contributor or a leadership role, Chang demonstrated continuous support for the work of INCITS.

Donna Dodson

Congratulations to Donna Dodson for receiving the Federal 100 Award. Dodson was a seasoned and steady influence on federal cybersecurity policy in 2017 as new leaders settled into the White House, the Department of Homeland Security and the Defense Department. She served as the top cybersecurity adviser at NIST in a year when new executive orders elevated the agency’s cybersecurity mission, and she helped oversee the first update to NIST’s Cybersecurity Framework since 2014.

Joshua Franklin

Congratulations to Joshua Franklin for receiving the Federal 100 Award.  Franklin literally wrote the book on mobile device security. He had a huge impact in 2017 as one of the authors of NIST’s Mobile Threat Catalogue, and he was responsible for setting the standards for cybersecurity in a series of hot-button policy areas.

Naomi Lefkovitz 

Congratulations to Naomi Lefkovitz who received the Federal 100 award for promoting the development of trustworthy systems that protect individuals’ privacy and civil liberties. In 2017, she published a NIST Internal Report that introduces a systems engineering approach to privacy, including a novel privacy risk model.

Eric Simmon

Congratulations to Eric Simmon for receiving the InterNational Committee for Information Technology Standards (INCITS) Service Award. He is recognized for his outstanding service to the INCITS organization through committee work or duties during the past year.

Applied and Computational Mathematics Division Summary of Activities for Fiscal Year 2017 (NISTIR 8208)
This report summarizes recent technical work of the Applied and Computational Sciences Division of the Information Technology Laboratory at the National Institute of Standards and Technology (NIST). Part I (Overview) provides a high-level overview of the Division’s activities, including highlights of technical accomplishments during the previous year. Part II (Features) provides further details on three projects of note this year. This is followed in Part III (Project Summaries) by brief synopses of all technical projects active during the past year. Part IV (Activity Data) provides listings of publications, technical talks, and other professional activities in which Division staff members have participated. The reporting period covered by this document is October 2016 through December 2017.

Codes for the Identification of Federal and Federally-Assisted Organizations (NIST Special Publication 800-87r2)
This document provides the organizational codes for federal agencies to establish the Federal Agency Smart Credential Number (FASC-N) that is required to be included in the FIPS 201 Card Holder Unique Identifier. SP 800-87 is a companion document to FIPS 201.

Criticality Analysis Process Model (NISTIR 8179)
In the modern world, where complex systems and systems-of-systems are integral to the functioning of society and businesses, it is increasingly important to be able to understand and manage risks that these systems and components may present to the missions that they support. However, in the world of finite resources, it is not possible to apply equal protection to all assets. This publication describes a comprehensive Criticality Analysis Process Model -- a structured method of prioritizing programs, systems, and components based on their importance to the goals of an organization and the impact that their inadequate operation or loss may present to those goals. A criticality analysis can help organizations identify and better understand the systems, subsystems, components, and subcomponents that are most essential to their operations and the environment in which they operate. That understanding facilitates better decision making related to the management of an organization's information assets, including information security and privacy risk management, project management, acquisition, maintenance, and upgrade decisions. The Model is structured to logically follow how organizations design and implement projects and systems, can be used as a component of a holistic and comprehensive risk management approach that considers all risks, and can be used with a variety of risk management standards and guidelines.

Fog Computing Conceptual Model (NIST Special Publication 500-325)
Managing the data generated by Internet of Things (IoT) sensors and actuators is one of the biggest challenges faced when deploying an IoT system. Traditional cloud-based IoT systems are challenged by the large scale, heterogeneity, and high latency witnessed in some cloud ecosystems. One solution is to decentralize applications, management, and data analytics into the network itself using a distributed and federated computer model. This approach has become known as fog computing. This document presents a definition of fog and mist computing and how they relate to cloud-based computing models for IoT. The document further characterizes important properties and aspects of fog computing, including service models, deployment strategies, and provides a baseline of what fog computing is, and how it may be used.

IREX IX Part One, Performance of Iris Recognition Algorithms (NISTIR 8207)
Iris Exchange (IREX) IX is an evaluation of automated iris recognition algorithms. The first part of the evaluation is a performance test of both verification (one-to-one) and identification (one-to-many) recognition algorithms over operational test data. The results are summarized in this report. Thirteen developers submitted recognition algorithms for testing, more than any previous IREX evaluation. Performance was measured for 46 matching algorithms over a set of approximately 700K field-collected iris images. This report is very similar to IREX IV: Part 1, Evaluation of Iris Identification Algorithms [1] in both format and scope.

Recommendation for Key-Derivation Methods in Key-Establishment Schemes (NIST Special Publication 800-56Cr1)
This Recommendation specifies techniques for the derivation of keying material from a shared secret established during a key-establishment scheme defined in NIST Special Publications 800-56A or 800-56B.

Recommendation for Pair-Wise Key-Establishment Schemes Using Discrete Logarithm Cryptography (NIST Special Publication 800-56Ar3
This Recommendation specifies key-establishment schemes based on the discrete logarithm problem over finite fields and elliptic curves, including several variations of Diffie-Hellman and Menezes-Qu-Vanstone (MQV) key establishment schemes.

Security Content Automation Protocol (SCAP) Version 1.3 Validation Program Test Requirements (NISTIR 7511rev5)
This report defines the requirements and associated test procedures necessary for products or modules to achieve one or more Security Content Automation Protocol (SCAP) validations. Validation is awarded based on a defined set of SCAP capabilities by independent laboratories that have been accredited for SCAP testing by the NIST National Voluntary Laboratory Accreditation Program (NVLAP).

Subscribe / Unsubscribe