NIST Director
Urges Better Security for Critical
Industrial Systems
In
remarks on Oct. 20 to a workshop on critical infrastructure
protection,* the director of the National Institute of Standards
and Technology (NIST), Arden L. Bement Jr., called on industry
to take immediate action to ensure the security of industrial
control systems such as those used to manage the power grid.
While the August blackout—the worst such event in the
nation’s history—was probably not the result
of a deliberate act, Bement said, it did highlight the fragility
of a critical part of the nation’s infrastructure.
Bement’s
remarks were made at a National Science Foundation workshop
in Minneapolis. He noted that there was a vital role
for measurements and standards in improving the security
of systems used in industry to monitor and control major,
widely
dispersed operations such as power generation and distribution
systems, water and gas utilities, and large chemical plants
and refineries.
Systems
for handling Supervisory Control and Data Acquisition,
or SCADA, are designed for performance
and reliability. Response
time is often a critical factor, which complicates the
task of adding cryptographic modules and other security
features.
Bement cited on-going NIST work with a broad range of industry-led
standards-development organizations to develop testbeds
and guidelines for implementing SCADA security.
While
much work on standards remains to be done, Bement said,
there
were many actions that could be taken immediately
including
creating basic security policies, closing system “back
doors,” and making better use of existing standards.
Bement’s prepared remarks
are available at http://www.nist.gov/speeches/bement_102003.htm.
Media
Contact:
Michael
Baum, (301) 975-2763
*Workshop
on Critical Infrastructure Protection for SCADA (Supervisory
Control and Data Acquisition) and IT, Minneapolis, Minn., Oct.
20-21, 2003.
Symposium
to Address Voting Standards Issues
As
part of its responsibilities under the Help America Vote
Act of 2002, the National Institute of Standards and Technology
(NIST) will hold a symposium on building trust and confidence
in voting systems at the agency’s Gaithersburg, Md.,
headquarters on Dec. 10-11, 2003. Enacted by Congress in
October 2002, the legislation gave NIST a key role in helping
realize nationwide improvement in voting systems by January
2006.
The
two-day symposium will bring together a wide range of election
technology experts, including federal,
state and local election
officials; university researchers; independent testing laboratories;
election law specialists; hardware and software vendors;
and others.
World-renowned
experts in the voting standards arena are scheduled to
take part in the meeting. Among
the confirmed
panelists
are: Jim Adler, founder, president and CEO of VoteHere,
a manufacturer of electronic voting systems; David Dill
of
Stanford University,
the initiator of the VerifiedVoting.org Web site; Rebecca
Mercuri, electronic voting systems expert at Bryn Mawr
College; and
Avi Rubin, technical director of the Information Security
Institute at Johns Hopkins University.
For
more information, including an online registration form,
go to http://vote.nist.gov.
Developing
Elevators that Function During Fires
In
the aftermath of the Sept. 11, 2001, terrorist attacks, U.S.
fire
experts are beginning to advocate the use of elevators
in high-rise buildings throughout a fire, both to carry firefighters
to the site of the blaze and as a secondary method (after stairwells)
for evacuating building occupants. The National Institute of
Standards and Technology (NIST) has joined others to study
ways to build “protected” elevators.
As
reported at a recent conference in Malaysia,* NIST is working
with the
elevator industry to develop and test redundant, more
reliable elevator-dedicated emergency power systems and waterproof
elevator components. NIST is investigating software and sensing
systems that can adapt to changing smoke and heat conditions,
maintain safe and reliable operation, and not shut down during
fire emergencies. Such changes could allow elevators to be
operated with remote control from the ground floor during fires,
thus
freeing urgently needed firefighters from elevator operation
duties.
NIST
also will use its expertise in virtual reality simulation to
test scenarios for coordinating firefighting
activities,
elevator egress and stairway evacuation. By incorporating
elevators into
its graphic computer models, NIST will help fire safety experts
identify the most effective operational procedures for specific
fire conditions.
NIST fire researchers hope to collaborate on emergency elevator
operations standards with colleagues from around the world.
Global standardization should reduce confusion during an
emergency, enabling people to take evacuation actions with
confidence.
Media
Contact:
John Blair, (301)
975-4261
* Richard
W. Bukowski, “Protected Elevators
for Egress and Access During Fires in Tall Buildings” Proceedings,
CIB-CTBUH International Conference on Tall Buildings, Oct. 20-23,
2003.
Gauging
the Economic Impact of Government R&D Programs
Over
the last 10 years, the National Institute of Standards and
Technology (NIST) has conducted more than 40 economic studies
to estimate the costs and benefits of both completed and
potential research efforts. As a result, the agency has collected
an impressive amount of information
on best practices for assessing the value of government-funded
research and development programs.
In
a new report,* NIST senior economist Gregory Tassey strives
to leverage that experience
by describing the major steps required
for designing, implementing, analyzing and disseminating economic
studies of government R&D programs. While he says there
probably will never be a single “manual” for such
studies, he outlines methods common to all economic assessments
and offers
advice for selecting analysis and data collection methods.
The
report notes that timing of a study and selection of the
right “metrics” for
program outcomes are critical to the design of economic assessments.
A study that estimates
the benefits of government technology infrastructure should
be conducted about three to 10 years after significant marketplace
impact. This ensures that enough time has passed for the
new technology to be disseminated widely, without losing
valuable
sources of impact data. Metrics vary widely but typically
are similar to those used in corporate finance and include
impacts
on productivity, quality and reliability that affect R&D,
production and commercialization of a technology.
Ultimately,
writes Tassey, economic assessments should be “an ongoing
function” that R&D agencies use as a reality check on
whether programs targeted at specific technologies or industries
actually produce the expected economic benefits and conform to
the agency’s mission.
The
full text of the report is available at: www.nist.gov/director/prog-ofc/report03-1.pdf
Media
Contact:
Michael
E. Newman, (301) 975-3025
*Gregory
Tassey, Methods for Assessing the
Economic Impact of Government R&D, (Planning Report
03-1).
Only
15 Minutes of Life, No Fame, for Lone Neutrons
|
Proton
trap used by the NIST-led research team to determine the
lifetime of the neutron. |
Once
freed from its home inside the nucleus of an atom, a neutron
lives, on average, 886.8 seconds (about 14.8 minutes), plus
or minus 3.4 seconds, according to recent measurements performed
at the National Institute of Standards and Technology (NIST).
This
result, published in the Oct. 10 issue of Physical
Review Letters, is the most precise ever achieved using beams of neutrons
and is the culmination of almost 10 years of work. The new neutron
lifetime value is consistent with physicists’ current theories
about the particles and forces of nature. It will help scientists
better understand the creation of matter immediately after the
birth of the universe, an important factor in determining what
the universe is made of today.
Scientists
have been measuring the lifetime of the neutron since the
early 1950s. While slightly
less precise than a measurement
made in 2000 by a different research group using a different
method, the new in-beam measurement provides a strong, independent
check
on the neutron lifetime and reduces the overall uncertainty
in the recommended value.
As
neutrons die, they disintegrate into other particles, including
protons. The NIST-led group
simultaneously counted both the
number of neutrons and the number of protons formed as the
neutrons
fell apart. A beam of slow moving neutrons was passed through
a vacuum
system. As the neutrons decayed, protons—which have
a positive charge—formed and were captured in a powerful
electromagnetic trap. Periodically, the trap was opened and
the protons were counted
as they crashed into a semiconductor detector.
The
research team included participants from NIST, Tulane University,
Indiana University, University of Tennessee/Oak
Ridge National
Laboratory, and the European Commission’s Joint Research
Centre (Institute for Reference Materials and Measurements)
in Belgium. The research was funded by NIST, the U.S. Department
of Energy and the National Science Foundation.
Media
Contact:
Laura Ost,
(301) 975-4034
Two
Extension Centers Help Manufacturer Get ‘Lean’
Materials
such as utility flooring and wall coverings used by the airline
and rail industries not only must be attractive, durable, and
easy to care for, they also must adhere to strict safety requirements.
For nearly 40 years, Schneller Inc., with facilities in Kent,
Ohio, and Pinellas Park, Fla., has been manufacturing and selling
these materials to aircraft, rail, marine, and architectural
industries around the world. But, following the upheaval of
the transportation sector after the Sept. 11 terrorist attacks,
Schneller managers realized they would have to make changes
if the company was to remain profitable and competitive.
NIST’s
Manufacturing Extension Partnership centers in Ohio and Florida
helped the two facilities implement “lean” principles,
a concept that eliminates activities that add no real value
to the product or service, and focuses on continuous improvement
initiatives. As a result, Schneller has reduced costs, inventory
and lead times. In addition, they have improved on-time delivery
and overall customer response time. Richard Organ, president
and CEO of Schneller, said, “Our lean initiatives have
not only resulted in an overall transformation of the company,
they have enabled us to meet the growing needs of our customers.”
For
more information on MEP go to www.mep.nist.gov or call (800)
MEP-4MFG (637-4634).
For
more information on the work with Schneller, contact Maria
Alfano, (321) 939-4000 (Florida
MEP), or Cindy Nelson, (216)
432-5386 (Ohio MEP).
Media
Contact:
Jan Kosko,
(301) 975-2767
Quick
Links
New Computer
Security Guidelines—National Institute of Standards and Technology
has released five new special publications designed to help organizations
design, purchase, test, and implement effective information security
systems. The five reports are: Guide to Information Technology
Services (SP 800-35), Guide to Selecting Information Security
Products (SP 800-36), Guideline on Network
Security Testing (SP 800-42),
Building an Information Technology Security Awareness and Training
Program (SP 800-50), and Security Considerations in the
Information System Development Life Cycle (SP 800-64). Full text of each report is available at: http://csrc.nist.gov/publications/nistpubs/index.html.
Information
Standards for Biomedical Research—On Nov.
4-5, the National Institute of Standards and Technology (NIST)
will sponsor a workshop in Bethesda, Md., to define the current
and emerging state of information science (IS) standards related
to bioscience and biomedical research, and to identify barriers
and gaps to IS standards development and implementation. See:
www.nist.gov/director/NIH/goals.htm.