ITL Newsletter July - August 2021

National Institute of Standards and Technology (NIST) sent this bulletin at 07/21/2021 10:56 AM EDT

View As Web Page

Information Technology Lab (ITL) at NIST

July - August 2021 Newsletter

Credit: Natasha Hanacek

Improving the Nation's Cybersecurity: NIST’s Responsibilities under the Executive Order

The President’s Executive Order (EO) on Improving the Nation’s Cybersecurity (14028) issued May 12, 2021, charges multiple agencies – including NIST – with enhancing the security of the software supply chain. Section 4 directs the Secretary of Commerce, through NIST, to consult with federal agencies, the private sector, academia, and other stakeholders in identifying or developing standards, tools, best practices, and other guidelines to assist software developers in enhancing software supply chain security. Those standards and guidelines will be used by other agencies to govern the federal government’s procurement of software. These will address critical software, secure software development lifecycle, security measures for federal government, and requirements for testing software.

The EO also directs NIST to initiate two labeling programs related to the Internet of Things (IoT) and software to inform consumers about the security of their products. These programs will be addressed in other forums.

CULTIVATING TRUST IN IT AND METROLOGY

FEATURE STORIES

NIST Evaluates Face Recognition Software’s Accuracy for Flight Boarding

The most accurate face recognition algorithms have demonstrated the capability to confirm airline passenger identities while making very few errors, according to recent tests of the software conducted at NIST. The findings, released today as Face Recognition Vendor Test (FRVT) Part 7: Identification for Paperless Travel and Immigration (NISTIR 8381), focus on face recognition (FR) algorithms’ performance under a particular set of simulated circumstances: matching images of travelers to previously obtained photos of those travelers stored in a database. This use of FR is currently part of the onboarding process for international flights, both to confirm a passenger’s identity for the airline’s flight roster to record the passenger’s official immigration exit from the United States.

NIST Proposes Method for Evaluating User Trust in Artificial Intelligence Systems

Every time you speak to a virtual assistant on your smartphone, you are talking to an artificial intelligence — an AI that can, for example, learn your taste in music and make song recommendations that improve based on your interactions. However, AI also assists us with more risk-fraught activities, such as helping doctors diagnose cancer. These are two very different scenarios, but the same issue permeates both: How do we humans decide whether or whether not to trust a machine’s recommendations?

STAFF SPOTLIGHT

Wo Chang

Chief, Software and Systems Division
Congratulations to Wo Chang, recipient of a 2021 ANSI Edward Lohse Information Technology Medal. Mr. Chang was recognized for outstanding efforts to foster cooperation among bodies involved in global IT standardization.

John Messina

Supervisory Computer Scientist
Congratulations to John Messina, recipient of INCITS Service Award. INCITS recognizes Mr. Messina for his numerous contributions to the INCITS/Cloud38 – Cloud Computing and Distributed Platforms standards community.

Ellen Voorhees

NIST Fellow
Congratulations to Ellen Voorhees on being named a NIST Fellow.
Dr. Voorhees is a pioneer and recognized leader in the U.S. Government’s efforts to advance the state of the art in information retrieval technology through evaluation-driven research. She has had a sustained and profound impact on the direction of information retrieval, information access, and search technology research and development. Dr. Voorhees has been extremely successful in championing the need for measurement, standardized evaluation methodologies, and metrics that align with people’s criteria for success in search.

ITL IN THE NEWS

“Zero Trust Architecture” Is Officially Here: NIST Publishes New Cybersecurity Framework | JD Supra
Best Practices to Protect Your Organization Against Ransomware Threats | Google Cloud Blog
NIST IoT Cybersecurity Guidelines Near Completion | EDN
President Biden Announces Sweeping New Cybersecurity Reforms | JD Supra

PUBLICATIONS

LOOKING AHEAD

CONFERENCES & EVENTS

On July 27^th, Federal Cybersecurity Workforce Webinar: Assessment Policies, Strategies, and Practices for Cybersecurity Hiring

On July 29^th, Fireside Chat: Improving the Cybersecurity Posture of Healthcare Delivery Organizations

SUCCESS STORIES

The NIST Cybersecurity Framework Excels at Expel

Bruce Potter, Chief Information Security Officer (CISO) at Expel, expounds upon the key benefits of utilizing the NIST Cybersecurity Framework as a starting point to help an organization evaluate, establish, and transform their cybersecurity posture. After forming an understanding of the NIST CSF, Expel crafted a self-scoring spreadsheet that helps organizations of various sizes evaluate, establish, and transform their cybersecurity posture. The synergy from the NIST CSF and Expel may be indicative of how the NIST Cybersecurity Framework can be a useful tool to organizations. The NIST CSF could possibly reach more organizations due to Expel’s new self-scoring tool because of its simplicity, so that means more organizations may have a chance at strengthening their cybersecurity networks, which is an important aim of NIST.

NOTABLE QUOTES

“When we’re talking about machines and algorithms, one goal should be understanding biases.”

- Elham Tabassi, ITL Chief of Staff