Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
NIST's IT Lab well-heeled to answer agencies' expanding calls for its services
Thursday - 1/10/2013, 9:56pm EST
And the ever-increasing dependence on the IT Lab by the rest of government suits Charles Romine, the director of the IT Lab, just fine.
Romine, who took over as director of the lab from long-time leader Cita Furlani about a year ago, said their collaboration with agencies lets them become more effective in meeting the technology needs of the government.
The list of agencies NIST works with is long and growing.
For example, the Energy Department on smart grid, the FBI on biometrics, the Homeland Security Department, the General Services Administration, the Intelligence Community and the Defense Department on cybersecurity and the Treasury Department on securing financial services.
"There aren't very many federal agencies we don't have some engagement with and I'm very proud of that," Romine said. "The breadth of our mission has grown dramatically over the last decade or so, and our contributions are running the gamut from smart grid; we do biometrics; we do software quality assurance. The IT Lab has gotten a lot more attention and there are some challenges that we've been assigned, we have to very, very remain strong in order to meet those challenges."
Tackling the cyber challenge
No challenge is bigger than cybersecurity.
Romine said NIST is close to finalizing updates to special publications for information assurance, 800-53 Rev 4, which governs computer and network controls, and PIV 201-2, which governs the makeup of secure identity cards.
He also said the lab's leadership with the new National Cybersecurity Center of Excellence (NCCE) and the National Strategy for Trusted Identities in Cyberspace (NSTIC) continue to stretch the bureau's impact on the public and private sector communities.
The NCCE launched with 2012 with a $10 million appropriation from Congress.
"The goal of the center of excellence is to accelerate the adoption of the security technologies, both in the federal government, but particularly in the private sector," he said. "We want to demonstrate…the feasibility of an integrated platform of security technologies that can provide a more secure environment for various sectors, whether it's healthcare or financial services or other specific sectors. We are using specific use cases that are sector oriented to drive that research and development."
NIST will issue calls or statements to collect use cases, and then go out and ask for technologies to be applied to those areas.
"It's far less a center of excellence for doing research in a broad array of new technologies, and much more about trying to accelerate the adoption of existing or emerging technologies in an integrated platform for specific use," Romine said. "We've decided on a couple of uses cases. The first one is in the health IT space, trying to address the need of small health care providers to be able to transfer in a secure manner, subject to HIPAA regulations which are a little bit different than standard security regulations, information to other providers or hospitals. The goal there is to try to figure out what the underlying techniques are and the technologies that can be used in order to make this cost effective for small providers."
Another use case focuses on continuous monitoring for federal systems and a third use case is around supply chain security for a specific manufacturing process.
Along with cybersecurity, Romine said the IT Lab is spending a lot of time focusing on cloud computing and mobile devices—much of it cyber related as well—and big data.
"All of these are intertwined," he said. "One of the advantages of a place like IT Lab at NIST is that we have the breadth, the scope and the capability across our staff to not only address these challenges, but also explore the intersections among them."
Romine said NIST is developing new guidelines for cloud computing, but couldn't give a specific timeline.
He said NIST isn't as far along with big data.
"The challenge really in part is there are a lot of concepts about what the big data actually represents," Romine said. "So we will be seeking to clarify that in the big data component to the joint workshop in January."
NIST is hosting in Gaithersburg, Md. a cloud computing and big data workshop Jan. 15-17.