NIST's IT Lab well-heeled to answer agencies' expanding calls for its services

Thursday - 1/10/2013, 9:56pm EST

Charles Romine, IT lab director, NIST

Download mp3

The National Institute of Standards and Technology's Information Technology Laboratory has its hand in nearly every major federal technology initiative from cloud to mobile to healthcare to cybersecurity.

And the ever-increasing dependence on the IT Lab by the rest of government suits Charles Romine, the director of the IT Lab, just fine.

Romine, who took over as director of the lab from long-time leader Cita Furlani about a year ago, said their collaboration with agencies lets them become more effective in meeting the technology needs of the government.

The list of agencies NIST works with is long and growing.

For example, the Energy Department on smart grid, the FBI on biometrics, the Homeland Security Department, the General Services Administration, the Intelligence Community and the Defense Department on cybersecurity and the Treasury Department on securing financial services.

"There aren't very many federal agencies we don't have some engagement with and I'm very proud of that," Romine said. "The breadth of our mission has grown dramatically over the last decade or so, and our contributions are running the gamut from smart grid; we do biometrics; we do software quality assurance. The IT Lab has gotten a lot more attention and there are some challenges that we've been assigned, we have to very, very remain strong in order to meet those challenges."

Tackling the cyber challenge

No challenge is bigger than cybersecurity.

Romine said NIST is close to finalizing updates to special publications for information assurance, 800-53 Rev 4, which governs computer and network controls, and PIV 201-2, which governs the makeup of secure identity cards.

He also said the lab's leadership with the new National Cybersecurity Center of Excellence (NCCE) and the National Strategy for Trusted Identities in Cyberspace (NSTIC) continue to stretch the bureau's impact on the public and private sector communities.

The NCCE launched with 2012 with a $10 million appropriation from Congress.

"The goal of the center of excellence is to accelerate the adoption of the security technologies, both in the federal government, but particularly in the private sector," he said. "We want to demonstrate…the feasibility of an integrated platform of security technologies that can provide a more secure environment for various sectors, whether it's healthcare or financial services or other specific sectors. We are using specific use cases that are sector oriented to drive that research and development."

NIST will issue calls or statements to collect use cases, and then go out and ask for technologies to be applied to those areas.

"It's far less a center of excellence for doing research in a broad array of new technologies, and much more about trying to accelerate the adoption of existing or emerging technologies in an integrated platform for specific use," Romine said. "We've decided on a couple of uses cases. The first one is in the health IT space, trying to address the need of small health care providers to be able to transfer in a secure manner, subject to HIPAA regulations which are a little bit different than standard security regulations, information to other providers or hospitals. The goal there is to try to figure out what the underlying techniques are and the technologies that can be used in order to make this cost effective for small providers."

Another use case focuses on continuous monitoring for federal systems and a third use case is around supply chain security for a specific manufacturing process.

Along with cybersecurity, Romine said the IT Lab is spending a lot of time focusing on cloud computing and mobile devices—much of it cyber related as well—and big data.

"All of these are intertwined," he said. "One of the advantages of a place like IT Lab at NIST is that we have the breadth, the scope and the capability across our staff to not only address these challenges, but also explore the intersections among them."

Romine said NIST is developing new guidelines for cloud computing, but couldn't give a specific timeline.

He said NIST isn't as far along with big data.

"The challenge really in part is there are a lot of concepts about what the big data actually represents," Romine said. "So we will be seeking to clarify that in the big data component to the joint workshop in January."

NIST is hosting in Gaithersburg, Md. a cloud computing and big data workshop Jan. 15-17.

RELATED STORIES:

NIST's Furlani to retire in early 2012

New head of NIST's IT lab says cloud, mobile to drive vision

NIST cloud guidelines address security, privacy concerns

NIST taking on big data problem