ITL Newsletter for September - October 2019

ISSUE 160

September - October 2019

VIEW AS WEBPAGE

information technology laboratory

CULTIVATING TRUST IN IT AND METROLOGY

IN THIS ISSUE

AI COMPOSITE HERO

PLAN OUTLINES PRIORITIES FOR FEDERAL AGENCY ENGAGEMENT IN AI STANDARDS DEVELOPMENT

The National Institute of Standards and Technology (NIST) has released a plan for prioritizing federal agency engagement in the development of standards for artificial intelligence (AI). The plan recommends that the federal government “commit to deeper, consistent, long-term engagement” in activities to help the United States speed the pace of reliable, robust and trustworthy AI technology development.

“The federal government can help the U.S. maintain its leadership in AI by working closely with our experts in industry and academia, investing in research, and engaging with the international standards community,” said Under Secretary of Commerce for Standards and Technology and NIST Director Walter G. Copan. “This plan provides a path to ensure the federal government supports AI standards that are flexible and inclusive—and suited for a world of rapidly changing technologies and applications.”

READ MORE

NEWS UPDATES

BEFORE CONNECTING IoT DEVICE, CHECK OUT A NEW NIST REPORT FOR CYBERSECURITY ADVICE

roadmap for IOT

Seemingly every appliance we use comes in a version that can be connected to a computer network. But each gizmo we add brings another risk to our security and privacy. So before linking your office’s new printer or coffee maker to the internet of things (IoT), have a look at an informational report from the National Institute of Standards and Technology (NIST) outlining these risks and some considerations for mitigating them. 

READ MORE

ITL HOSTS 29 STUDENTS IN THE SUMMER UNDERGRADUATE RESEARCH FELLOWSHIP (SURF) PROGRAM

2019 Surf Students

This summer ITL hosted 29 undergraduate students for the NIST Summer Undergraduate Research Fellowship (SURF) program. Students conducted research in cybersecurity, biometrics, mathematics, statistics, software, and information access. Students concluded the program by giving a scientific talk on their research.

 

PROTECTING THE INTEGRITY OF INTERNET ROUTING: NIST PUBLISHES CYBERSECURITY PRACTICE GUIDE SP 1800-14

It is difficult to overstate the importance of the internet to modern business and to society in general. The internet is essential to the exchange of all manner of information, including transactional data, marketing and advertising information, remote access to services, entertainment, and much more. The internet is not a single network, but rather is a complex grid of independent interconnected networks. The design of the internet is based on a trust relationship between these networks and relies on a protocol known as the Border Gateway Protocol (BGP) to route traffic among the various networks worldwide. BGP is the protocol that Internet Service Providers (ISPs) and enterprises use to exchange route information between them.

 

READ MORE

STAFF RECOGNITION

 

 

Congratulations to the following ITL Award winners:

 

Lochi Orr, Outstanding Administrative Support for outstanding initiative, precision, and speed in providing services as a property officer and purchase card holder.

Omid Sadjadi, Outstanding Associate(s) of the Year for outstanding contributions based on his expert knowledge of speaker recognition systems that improved the NIST Speaker Recognition Evaluation.

Katjana Krhac  and Kamran Sayrafian, Outstanding Conference Paper for scientific innovation in the study of ingestible electronics for health applications.

Michael Cooper, Murugiah Souppaya and Barbara Cuthill, Outstanding Contribution for serving as evaluators for a mission-critical contract to provide strategic and technical support to ITL’s cybersecurity and privacy program.

Bonita Saunders, Outstanding Contribution to Enhance Diversity for exemplary service as a role model, mentor, and tutor in support of STEM careers by women and minorities.

Alfred Carasso, Outstanding Journal Paper for outstanding scholarship in the journal paper “Stabilized backward in time explicit marching schemes in the numerical computation of ill-posed time-reversed hyperbolic/parabolic systems.”

Chris Schanzle, Outstanding Technical Support for outstanding dedication and initiative in the application of computing resources to high-visibility research projects.

Thomas Lafarge and Antonio Passolo, Outstanding Technology Transfer for exemplary technology transfer through the development and implementation of the NIST Uncertainty Machine (NUM).

Robert Byers, “Thank You” for his work in operating the essential NIST-ITL system, the National Vulnerability Database (NVD) through the lapse in funding furlough. 

SELECTED NEW PUBLICATIONS

Cybersecurity Framework Smart Grid Profile

The Smart Grid Profile applies risk management strategies from the Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework) to the smart grid and will serve as a foundation for refinements to support new grid architectures. The Profile provides cybersecurity risk management guidance to power system owners/operators by prioritizing cybersecurity activities based on their effectiveness in helping power system owners/operators achieve common high-level business objectives for the smart grid. The Profile also provides a list of considerations relevant to the challenges power system owners/operators may experience as they implement these cybersecurity activities in infrastructures with high concentrations of distributed energy resources (DERs).

Recommendation for Cryptographic Key Generation

Cryptography is often used in an information technology security environment to protect data that is sensitive, has a high value, or is vulnerable to unauthorized disclosure or undetected modification during transmission or while in storage. Cryptography relies upon two basic components: an algorithm (or cryptographic methodology) and a cryptographic key. This Recommendation discusses the generation of the keys to be managed and used by the approved cryptographic algorithms.

Situational Awareness for Electric Utilities

Through direct dialogue between NCCoE staff and members of the energy sector (composed mainly of electric power companies and those who provide equipment and/or services to them) it became clear that energy companies need to create and maintain a high level of visibility into their operating environments to ensure the security of their operational resources (operational technology [OT]), including industrial control systems(ICS), buildings, and plant equipment. However, energy companies, as well as all other utilities with similar infrastructure and situational awareness challenges, also need insight into their corporate or information technology (IT) systems and physical access control systems (PACS). The convergence of data across these three often self-contained silos (OT, IT, and PACS) can better protect power generation, transmission, and distribution.

Microservices architecture is increasingly being used to develop application systems since its smaller codebase facilitates faster code development, testing, and deployment as well as optimization of the platform based on the type of microservice, support for independent development teams, and the ability to scale each component independently. Microservices generally communicate with each other using Application Programming Interfaces (APIs), which requires several core features to support complex interactions between a substantial number of components. These core features include authentication and access management, service discovery, secure communication protocols, security monitoring, availability/resiliency improvement techniques (e.g., circuit breakers), load balancing and throttling, integrity assurance techniques during induction of new services, and handling of session persistence. Additionally, the core features could be bundled or packaged into architectural frameworks such as API gateways and service mesh. The purpose of this document is to analyze the multiple implementation options available for each individual core feature and configuration options in architectural frameworks, develop security strategies that counter threats specific to microservices, and enhance the overall security profile of the microservices-based application.

 

CONFERENCE CALENDAR

September - October

September

17

Software and Supply Chain Assurance Forum Fall 2019

READ MORE

September

24

Human Factors in Smart Home Technologies

READ MORE

October 

22

Cybersecurity Innovation at NIST...and Beyond

READ MORE


for more events click on calendar