VISITING COMMITTEE ON ADVANCED TECHNOLOGY (VCAT)
MINUTES OF FEBRUARY 8-9, 2012, MEETING
Visiting Committee Members Attending
VCAT Exec. Dir.
NIST Leadership Board
St. Pierre, Jim
NIST Staff Cont.
Bryson, John- Secretary of Commerce
Kalil, Tom-Executive Office of the President
Miller, Jason- Executive Office of the President
Morales, Dan-Stanford University
*Participated by Webinar.
Call to Order and Elections – Dr. Vinton Cerf, VCAT Chair
Dr. Cerf called the meeting to order at 9:00 a.m. and pointed out the location of the building’s emergency exits. Elections are held every two years for the VCAT chair and vice chair. Although there was only one nomination for each of these positions, the elections took place at the meeting by secret ballot and absentee ballots to express the will of the Committee. The members unanimously elected Vint Cerf as chair and Alan Taub as vice chair.
NIST Overview and Update – Dr. Patrick Gallagher, Under Secretary of Commerce for Standards and Technology and NIST Director
Presentation Summary – Dr. Gallagher welcomed the VCAT members to their first meeting held at the Department of Commerce (DOC) in Washington, DC to facilitate briefings by the Secretary of Commerce and other Administration leaders. His presentation covered an update on the NIST budget; a review of major issues relating to standards policy, advanced manufacturing, the Wireless Innovation Initiative, and technology transfer; a summary of NIST priorities for FY 2013-2015; and an overview of NIST’s program planning environment and processes.
NIST’s FY 2012 enacted budget totals $750.8 million and is essentially flat when compared to FY 2011; however, there are major changes in the three appropriation accounts for NIST. The laboratory programs were increased $69.6 million primarily for initiatives in manufacturing and cybersecurity. The Industrial Technology Services (ITS) account was reduced $54.4 million which reflects defunding the Technology Innovation Program (TIP) and the Baldrige Performance Excellence Program (BPEP), continuing steady funding for the Manufacturing Extension Partnership (MEP), and providing no funding for the proposed Advanced Manufacturing Technology Consortia (AMTech). The Construction of Research Facilities account includes an increase of $1.9 million to continue the renovation of Building 1 in Boulder and a $16.4 million decrease for Safety, Capacity, Maintenance and Major Repairs. The President’s recent State of the Union Address sets the context for the FY 2013 budget request scheduled to be released on February 13, 2012. NIST has begun planning for the FY 2014 budget request which will be submitted to DOC in June of 2012.
Dr. Gallagher provided updates on the ITS programs. With regard to MEP, Dr. Gallagher reviewed the status of the General Accountability Office’s (GAO) study of MEP’s cost share requirements as mandated by Congress and noted that although GAO made no recommendations, NIST conducted an internal study of this issue and is in the process of preparing a decision memorandum for the Secretary. The NIST focus is to strengthen MEP’s important role in innovation. Dr. Gallagher indicated that TIP is in a shutdown mode and highlighted the number of active agreements, full time employees (FTEs), and close out costs not funded by Congress for FY 2012 through FY 2014. NIST is aggressively trying to place as many affected employees into new positions, as possible. In FY 2012, BPEP’s costs are covered by carryover, deobligated balances, and a gift from the Baldrige Foundation. The Foundation is actively discussing their future funding which will impact NIST attrition plans. However, staffing levels have already decreased nearly 25 percent. Other actions underway for BPEP’s transition to a new business model include discussions on building a national enterprise structure and a focus on income generation. The next Baldrige Award ceremony for the 2010 and 2011 winners will be held on April 15, 2012.
Turning to standards policy, Dr. Gallagher provided a brief progress report on the National Science and Technology Council’s (NSTC) Subcommittee on Standards and highlighted the recent White House Memorandum which lays out the principles for federal engagement in standards activities. NIST’s increased involvement in this area is a result of the VCAT’s past recommendation that NIST become more proactive in its unique role of coordinating standards development.
Dr. Gallagher spoke about the Administration priorities in advanced manufacturing and the NIST role, emphasizing that advanced manufacturing has always been a key part of the NIST mission. The President’s State of the Union address focused on promoting advanced manufacturing. Advanced manufacturing is the number one priority for U.S. Commerce Secretary Bryson followed by investment and trade. The President asked Secretary Bryson to lead his Cabinet on all manufacturing issues and named him as the co-chair of the White House Office of Manufacturing Policy with Gene Sperling, the National Economic Council Director. The co-chairs have already convened a cabinet-level meeting to discuss how to construct a coherent policy framework to support advanced manufacturing. Secretary Bryson also established a National Program Office (NPO) led by Mike Molnar from NIST to support the Advanced Manufacturing Partnership (AMP) launched by the President last summer.
The VCAT report on “Desirable Properties of a National Public Safety Communication System” is now posted on the NIST website and will help set the vision for the framework. Dr. Gallagher reviewed the related legislation and status of the Wireless Innovation Fund tied to the Spectrum auction which would provide NIST with up to $300 million to implement a research program in this area. This funding remains uncertain. There are also considerable discussions regarding the governance model for public safety communications.
Dr. Gallagher also highlighted the NIST response to the President’s October 2011 memorandum on “Accelerating Technology Transfer and Commercialization of Federal Research in Support of High Growth Businesses.” Under the leadership of Phillip Singerman, NIST will help agencies with federal laboratories to develop a five-year plan to increase technology transfer activities with external partners. Among other activities, NIST was also requested to convene and lead an Interagency Work Group on Tech Transfer to identify opportunities for improvement.
The NIST priorities for FY 2013 through FY 2015 are 1) strengthening U.S. advanced manufacturing capabilities; 2) advancing the state-of-the-art in cybersecurity solutions; and 3) accelerating technology transfer and commercialization. Dr. Gallagher noted that the current priority-setting environment within the Administration is extremely dynamic and proposed to discuss planning at the VCAT’s June 2012 meeting. He also described some of the challenges involved with strategic planning versus tactical planning at NIST and summarized the planning environment drivers which include the NIST mission, statutory requirements/Congressional direction, budget, Administration priorities, and DOC priorities. Dr. Gallagher also addressed the different types of required assessments, which include the Government Results and Performance Act (GPRA) Modernization Act of 2010, Executive Order 13576, Priority Goals, and DOC quarterly performance reviews, and summarized several NIST’s planning process. Dr. Gallagher announced that NIST revamped the National Research Council (NRC) assessment process this year by requesting the NRC to perform a cross-cutting assessment of advanced manufacturing across the NIST laboratories.
Lastly, Dr. Gallagher presented certificates of appreciation to outgoing VCAT members Tom Baer and Paul Fleury for their six years of public service and valuable contributions to the Committee. He also expressed his appreciation to Michael McRobbie who recently resigned from the VCAT due to the time demands required of a university president.
For more details, see Dr. Gallagher’s presentation.
Discussion Summary – The group discussed the following topics:
- Likely reasons for Congress not funding the proposed AMTech program include the budget squeeze and policy issues related to the role of government in fostering consortium.
- Outyear funding was reduced for some of the TIP projects. The realized benefit of grant-based programs is critically important to capture for accountability. To strengthen its overall grant management, NIST is conducting an internal review of all of its grant programs from their conception to post-award management.
- Providing the amount of base funding associated with the initiatives may be useful to Congress.
- As part of the planning process, the NIST laboratories have been focused on identifying workshops in their mission spaces, such as the Engineering Laboratory’s recent workshop on cyberphysical systems.
- Strategic planning can become a vehicle of influence and help an organization become more proactive versus reactive.
- NIST’s work under the National Nanotechnology Initiative strategic plan is an interesting case study which demonstrates the need for funding to support the technical program as well as the need for standards engagement to be successful.
- The House Science Committee staff is very interested in the VCAT’s views about NIST being positioned correctly to play a role in addressing the Nation’s priorities.
- An organization’s future demographics are also an important part of strategic planning and for survival.
- NIST is making progress on its safety metrics. For example, a comprehensive incident management system is now in place for immediate reporting of actual accidents as well as near misses. A comprehensive set of assessments are also being developed as recommended by the NIST Blue Ribbon Commission on Management and Safety. Assessments of the safety management system will help with risk mitigation.
- The electronic kilogram program in the Physical Measurement Laboratory is a good example of the need to have the core competence as well as the funding.
- In the area of technology transfer, the group commented on the appropriateness of the government charging for patents and shared their experiences in technology transfer activities with federal labs. According to some of the members, national labs need to make the right connections with industry. Also, some of the technology that resides in national labs and universities should be mined before it is transferred to industry. NIST views itself as a technology enabler rather than a technology developer or product tester as much of its work is accessible for free. The Association of University Technology Managers is looking at broader definitions of technology transfer. Technology transfer also takes place through convening of best practice sharing as done in the Baldrige program.
- NIST has some flexibility in reprogramming its base funding and changing priorities; however, Congress sets limits on the amount of funding that NIST can reprogram to different budget elements without Congressional approval. The management process for reprogramming funds, including the identification of core capabilities and capacities, will be covered at the June 2012 VCAT meeting.
- NIST’s reprogramming rate is quite high and programs are constantly being shut down. This process has been invisible to the VCAT.
- Presentations to the VCAT about initiatives should include information about the base for context and NIST may want to consider developing a standard template for providing this data as a preview.
- Some reasons for not funding new initiatives out of base funding involve other agency work leveraged by NIST funding, legislative mandates for certain projects, and concern over a loss of core competencies.
- NIST has a Strategic and Emerging Research Initiative (SERI) fund which allows for funding activities across laboratories.
- Operating under multiple budget time scales is a management problem for NIST.
- Unlike industry, NIST has constraints on reducing staff.
Overview and Discussion of the Department of Commerce Priorities – U.S. Commerce Secretary John Bryson
Discussion Summary – In his introductory remarks, U.S. Commerce Secretary Bryson thanked the VCAT members for their significant commitment in serving on the Committee, remarked that NIST is critical to the entire Federal government, acknowledged Dr. Gallagher as a well-respected leader, and asked for questions. He also announced that he read the Committee’s report on public safety communications and provided a brief summary of its contents.
Secretary Bryson also spoke about his key priorities in supporting advanced manufacturing to help create jobs, attracting more investment to America, and increasing U.S. exports along with examples of recent activities in each of these areas. Another priority for Secretary Bryson is working more effectively with the Chinese as DOC is responsible for the annual negotiations of the U.S.-China Joint Commission on Commerce and Trade. The Secretary also noted the role of clean energy technology and high technology products in enhancing U.S. competitiveness.
The Secretary agreed on the importance of investing in enabling technologies for advanced manufacturing and emphasized that the appropriations process in Congress makes these final decisions. He also remarked that he valued the VCAT’s report on advanced manufacturing. The Secretary has visited many large, medium-sized, and small manufacturers to discuss the strengths and gaps in manufacturing. The AMP NPO hosted by NIST will help enhance efficiency and productivity by coordinating federal resources and programs.
With regard to the recent presidential proposal to reorganize DOC, the Secretary described the challenges faced by the appropriation committees in addressing this proposal. He also recognized NOAA’s important work and will remain supportive and deeply engaged with NOAA while it resides in DOC.
In closing, Dr. Bryson thanked the VCAT members again and remarked that this was his most important message to them.
Overview of the Administration’s Priorities in Advanced Manufacturing – Mr. Jason Miller, Special Assistant to the President for Manufacturing Policy, National Economic Council, Executive Office of the President
Presentation Summary – In his introductory remarks, Mr. Miller indicated that there has been a positive development on manufacturing policy since he spoke to the VCAT last June. Since the President’s FY 2013 budget has not yet been released, this talk does not address the specific Administration’s priorities and full set of proposals in advanced manufacturing.
Mr. Miller described why advanced manufacturing is a priority for the Administration. In the State of the Union, the President laid out American manufacturing as the first pillar of an economy that is built to last. Advanced manufacturing is an essential component in shaping our future economy for the following reasons: 1) manufacturing is critically tied to the U.S. innovation capacity; 2) manufacturing represents 60 percent of exports; 3) manufacturing plays an important role within supply chains and communities; and 4) manufacturing plays a role in providing good paying jobs. The overall blueprint in the State of the Union is aimed at creating a broader ecosystem where investments in production, infrastructure, education, and innovation are valued.
From a metrics standpoint, the primary goal of the set of proposals addressing advanced manufacturing is to increase manufacturing production rather than creating manufacturing jobs which is an outcome. The overall framework for these proposals include four elements: 1) increase federal investment in advanced manufacturing R&D within the federal government; 2) leverage federal dollars and improve their effectiveness; 3) create an innovation infrastructure necessary for the overall manufacturing sector by encouraging R&D investment in the private sector, by creating partnerships across federal agencies to marry basic research into industrially relevant research, and by providing capabilities for small and medium manufacturers with help from the MEP; and 4) provide incentives for investment in production capacity, such as extending the full business expensing, expanding the manufacturing deduction, initiate a Manufacturing Communities Tax Credit, and reauthorizing the Advanced Energy Manufacturing Tax Credit.
Discussion Summary – The group discussed the following topics:
NIST and the Advanced Manufacturing Partnership National Program Office – Mr. Michael Molnar, Chief Manufacturing Officer, NIST
- Nearly 100 percent of the funds available from the American Recovery and Reinvestment Act (ARRA) have been obligated to date.
- Although Boeing shut down its manufacturing plant in Wichita, Kansas, the company will retain and use its supply chains located in Wichita.
- Mr. Miller’s personal view is that advanced manufacturing needs to shift more towards the process innovation gap.
- Since there is a discretionary cap on the FY 2013 budget, the discussions will focus more on priorities.
- Industrial policy is difficult to define. Some individuals are moving from thinking of industrial policy as purely picking winners and losers to creating the foundation for which a number of industries can have spillover effects on the broader economy.
- Support for the AMTech program should be framed around the government role in pre-competitive risks and the need for consortia and partnerships with industry and academia to be effective.
- Not all industries within the manufacturing sector need to develop pre-competitive technology. For example, the biotech industry requires post-competitive technology. Therefore, a “one size fits all” approach for solving the manufacturing sector problems is not a correct assumption.
- Productivity growth will lead to job creation and providing the appropriate skill set is a problem.
Presentation Summary – Mr. Molnar provided an overview of the Advanced Manufacturing Partnership (AMP), the President’s Council of Advisors on Science and Technology’s (PCAST) recommendations on advanced manufacturing, the White House Office of Manufacturing Policy (OMP), the NSTC Interagency Working Group on Advanced Manufacturing, the VCAT’s report covering AMTech, and the AMP National Program Office (NPO) led by NIST. An AMP timeline highlighted the parallel activities led by industry and academia and those led by the government in which the ideas are converging on the strategy and implementation for public-private initiatives and institutional structures. On the industry/academia front, the PCAST released its report on advanced manufacturing in June 2011 that emphasized the need for a strong, cogent innovation policy and included four recommendations covering the need to: 1) launch a Federal Advanced Manufacturing Initiative led by DOC, the Department of Defense (DOD), the Department of Energy (DOE), and the National Science Foundation (NSF) to focus on better government coordination and public-private partnerships; 2) improve tax policy; 3) support research; and 4) strengthen the workforce. Based on the PCAST’s recommendations, President Obama announced on June 24, 2011, the launch of the AMP to bring together private sector industry, universities, and the government to spark a renaissance in American manufacturing and to help its manufacturers develop the cutting edge tools needed to compete with anyone in the world. Mr. Molnar reviewed the AMP’s mission and goals and noted that the co-chairs of the AMP Steering Committee are Andrew Liveris, Chief Executive Officer (CEO) of Dow Chemical, and Susan Hockfield, President of the Massachusetts Institute of Technology. The AMP has held four regional public outreach workshops and has chartered four workstreams in the areas of manufacturing policy, technology development, shared infrastructure and facilities, and education and workforce development. Mr. Molnar summarized the study focus of each of these groups which are composed of and co-led by senior leaders from industry and academia and noted that government leaders have been supporting these efforts as well. Their work is nearing completion with the goal of submitting a report to the AMP Steering Committee in March for public release in April.
Turning to government activities, on December 12, 2011, President Obama announced the establishment of the White House OMP which for the first time provides for a federal champion of manufacturing. Commerce Secretary Bryson and Mr. Sperling, the Director of the National Economic Council, co-chair the OMP which held its first cabinet level meeting on January 20, 2012. The goal of the OMP is to ensure effective coordination of manufacturing policy implementation and to serve as a resource for agencies to highlight and coordinate their manufacturing activities. Another government activity is the NSTC Interagency Working Group on Advanced Manufacturing (IAM) co-chaired by DOE, DOD, and NIST. In response to the America COMPETES Reauthorization Act of 2010, the IAM plans to release a strategic plan for advanced manufacturing to Congress in late February 2012. Mr. Molnar also highlighted the recent VCAT’s report on the proposed Advanced Manufacturing Technology Consortia (AMTech) and remarked that this guidance will be very useful in developing the program.
On December 19, 2011, Secretary Bryson announced the establishment of the AMP NPO led by NIST. The NPO will lead other federal agencies involved in U.S. manufacturing and support interagency coordination of advanced manufacturing programs; provide a linkage to the private sector partnerships between manufacturers, government and universities; and satisfy the PCAST report recommendation to create an integrated private/public advanced manufacturing initiative. An organization chart of the AMP NPO illustrates the equality and importance of the broad advanced manufacturing portfolios in each of the four core federal partners – DOC, DOD, DOE, and NSF. These agencies will be working within the NPO in a coordinated effort to develop a unified vision for advanced manufacturing from a portfolio standpoint. Mr. Molnar also reviewed the key activities planned for the AMP NPO ranging from responding to recommendations from AMP, PCAST, and IAM to budget planning, to establishing engaging mechanisms among stakeholders. The preliminary NPO work plan includes a core team located at NIST in Gaithersburg, Maryland and the use of other offices in Washington, DC to host meetings and house some area detailees. Lastly, Mr. Molnar provided examples of the coordinated initiatives to be addressed under the work plan, including the Material Genome Initiative, Technology Roadmaps, Manufacturing Jobs Accelerator Grants, Manufacturing Demonstration Facilities, and Advanced Manufacturing Pilot Projects.
Discussion – The group discussed the following topics:
Update on the National Science and Technology Council’s Subcommittee on Standards – Dr. Mary Saunders, Director, Standards Coordination Office, NIST
- The AMP has been making considerable progress and building momentum although their work product is not yet public.
- NIST recognizes the importance of building the right team of people from other federal agencies, academia and university to support the AMP recommendations. NIST role is to support the technology part of advanced manufacturing while the OPM will be addressing work force and tax issues. In support of Manufacturing Jobs Accelerator Grants, the NIST MEP has been working with DOC’s Economic Development Office to launch an economic development grant for regional manufacturing
- Neither the House nor the Senate is expected to create subcommittees to engage in advanced manufacturing. However, the members are extraordinarily interested and supportive of a strong U.S. manufacturing sector. The bi-partisan House Manufacturing Caucus has 87 members and is growing.
Presentation Summary – Dr. Saunders provided an update on the key deliverables of the NSTC’s Subcommittee on Standards (SOS) since her last presentation to the VCAT in June 2011. Her talk focused on the SOS Framework Report, Federal Engagement in Standards Activities to Address National Priorities, published in October 2011; the White House Memorandum on Principles for Federal Engagement in Standards Activities to Address National Priorities issued on January 17, 2012; and next steps.
Dr. Saunders reviewed the establishment and mission of the SOS, a subcommittee under the NSTC’s Committee on Technology. Input from the December 2010 Request for Information (RFI) issued by the SOS, the January 2011 Roundtable on Federal Government Engagement in Standards, and subsequent meetings with industry and trade associations provided the basis for the Subcommittee’s recent discussions. The SOS charter, the RFI and its comments, the Framework Report, and the White House Memorandum are available from the standards.gov website.
NIST Director Pat Gallagher chaired the June 30, 2012, SOS meeting to discuss the Subcommittee’s proposed deliverables of a Framework, case studies in four technology areas, and recommendations on best practices/principles for future engagements between the public and private sectors in national priority areas. The Subcommittee reviewed two draft documents which were tabled: 1) the draft Framework Report including the case studies; and 2) the rough draft of the White House policy memorandum which is to include high level recommendations. The Subcommittee decided to further engage the private sector and the Standards Developing Organizations (SDOs) and established an interagency task group to prepare a more succinct draft Framework Report and set of recommendations that reflected extensive public and agency input and engagement.
On October 14, 2011, the Office of Science and Technology Policy (OSTP) released the 12-page SOS Framework Report. This report includes a clear statement of the U.S. government (USG) role in the U.S. standards system, outlines the legal and policy framework relating to USG participation in and use of standards, addresses developments since the 1988 revision of the Office of Management and Budget (OMB) Circular A-119, and includes six policy recommendations for federal agencies. With consensus from 20 agencies, this Framework is the first unambiguous articulation of how the USG interacts with the standards system and its importance to the U.S. economy’s capacity to innovate. The American National Standards Institute (ANSI), IBM, and Microsoft were among the early organizations that expressed strong support for the principles outlined in the report. Dr. Saunders also highlighted the near term and medium term impacts of the Framework document, which include serving as the basis for the Executive Office of the President’s position on proposed standards policy recommendations and for further discussions on key issues.
The White House Memorandum on Principles for Federal Engagement in Standards Activities to Address National Priorities was issued by Aneesh Chopra, U.S. Chief Technology Officer, OSTP; Miriam Sapior, Deputy, U.S. Trade Representative (USTR); and Cass Sunstein, Administrator, Office of Information and Regulatory Affairs, OMB, to the heads of agencies. It was launched in conjunction with the Smart Grid Green Button event in Santa Clara, California. The Smart Grid effort reflects many, if not all of the principles outlined in the policy memorandum. This memorandum addresses the importance of the U.S. standards system in enabling innovation, the role of the private sector, five key strategic objectives for federal engagement in standards activities, and agency responsibilities. The USTR will summarize this policy memorandum as an achievement in its annual report on how the U.S. is seeking to overcome technical barriers to trade. Dr. Saunders also reviewed five impacts from the principles in this memo including establishing a framework for policy makers in the Administration and the Hill to use while defining their standards’ needs. NIST can take a lead role in facilitating these discussions due to its contacts both within the federal government and the private sector.
Turning to next steps, NIST plans to continue to leverage the White House formal commitment to the importance of standards in spurring technology development, and in particular, the deployment of technology. The principles from the policy memo will also be applied to address interagency coordination issues in areas such as cybersecurity and cloud computing. In addition, NIST has begun to update its guidance for agencies on conformity assessment and will pursue changes to OMB A-119 if needed.
For more details, see Dr. Saunders’ presentation.
Discussion – The group discussed the following topics:
- Paying attention to non-tariff trade barriers is important.
- The State Department is also a member of the SOS.
- The issue of freely available standards, especially those that are referenced in regulations, is very complex and being actively discussed with the SDOs. Various business models and solutions exist within the standards communities.
Overview of the Federal Risk and Authorization Management Program (FedRAMP) – Dr. Chuck Romine, Director, Information Technology Laboratory (ITL), NIST
– In his introductory remarks, Dr. Romine acknowledged the staff in both the Information Technology Laboratory (ITL) and the Standards Coordination Office for their contributions to the Federal Risk and Authorization Management Program (FedRAMP). An OMB policy memo established FedRAMP on December 8, 2011 as a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring to guide federal adoption of cloud products and services. This overview included the background and goals of FedRAMP, the NIST role in FedRAMP, and FedRAMP’s phases and timeline. Additional information about this program is available in a 47-page Concept of Operations document which was just released by the FedRAMP Program Management Office on February 7, 2012 and can be downloaded from FedRAMP.gov
FedRAMP was initially announced in 2010 by former Federal Chief Information Officer Vivek Kundra as part of OMB’s IT modernization strategy. By reusing existing security assessments across agencies, the goal of FedRAMP is to assess once and use many times. Dr. Romine summarized the roles of the federal government’s Chief Information Officers (CIO) Council, DOD, Department of Homeland Security, and the General Services Administration (GSA) in implementing FedRAMP. The latter three agencies comprise the Joint Authorization Board. He also compared the current assessment/authorization model applied to Cloud Service Providers (CSP) with the FedRAMP model which will result in greater efficiency and cost savings.
The NIST role is serving as technical adviser to the agencies implementing FedRAMP due to its technical expertise regarding the Federal Information Security and Management Act (FISMA) and its expertise in conformity assessment. NIST has collaborated on the development of the FedRAMP concept, the development and implementation of a formal conformity assessment program, and compliance with FISMA; and advised the Joint Authorization Board on compliance requirements. Dr. Romine also described how FedRAMP is built on international standards for conformity assessment and noted that the oversight and communication associated with the accreditation will be overseen by the FedRAMP Program Management Office operated by GSA.
Lastly, Dr. Romine described FedRAMP’s phases and timeline for key activities and outcomes from FY 2012 through FY 2014. In FY 2012, pre-launch activities will result in an initial list of accredited third party assessment organizations followed by the launch of FedRAMP into Initial Operating Capabilities so that Federal agencies can begin to migrate to the cloud. By the second quarter of FY 2013, agencies should have full operational capabilities to migrate to the Cloud including a full pipeline for conducting assessments and authorizations. By 2014, the goal is to move to full implementation with on-demand scalability where NIST and the Federal agencies are no longer involved in the accreditation, and instead; third party assessments are led by the private sector with oversight by the Joint Authorization Board and the Program Management Office. In closing, Dr. Romine remarked that the actual decision to accept the level of risk associated with moving to the Cloud is still retained within the Federal agency and that the goal of FedRAMP is to provide the agencies with the tools necessary to do the risk assessment in a scalable and reusable manner.
For more details, see Dr. Romine’s presentation
– The group discussed the following topics:
Cybersecurity Center of Excellence Concept Plan – Ms. Donna Dodson, Chief, Computer Security Division and Deputy Chief Cybersecurity Advisor, ITL, NIST
- By continuing to update the FISMA catalogue and guidelines associated with its application, NIST is helping to ensure that security concerns are addressed in the Cloud as well as on the desktop.
- With regard to ISO quality management standards, federal competency requirements were added for inspection bodies and specific technical competences were added for accreditors to make the Cloud system work well.
- Two surveillance mechanisms will be put in place to ensure that the assessment organizations are meeting accreditation requirements.
Presentation Summaries: Ms. Dodson provided an overview of the Cybersecurity Center of Excellence (CCoE) concept plan which included its mission, strategy, approach, goals, and potential structure as well as a sketch of a use case framework, its participants, and its development process, along with an example of a proposed health IT use case. NIST has a long history of working in the cybersecurity space and received $10 million in the FY 2012 budget to start a CCoE. The cybersecurity standards and guidelines that NIST has developed for the U.S. federal government in concert with industry have often been adopted nationally and internationally, and there are still many cybersecurity challenges that face the nation today.
The mission of the CCoE is to foster the development and rapid adoption and broad deployment of comprehensive cybersecurity platforms that support automated and trustworthy government and industry business operations and e-commerce. NIST’s strategy is to work as partners across the commercial, academic, and government sectors to develop and deploy cybersecurity platforms for innovative business solutions. For example, the Department of Health and Human Services has requirements for the medical community which need a stronger cybersecurity posture. In addition, Ms. Dodson noted the importance of working with partners to understand the challenges in building these platforms, identify the need for new advanced technologies, and identify where additional guidelines and support are needed from the NIST perspective.
The CCoE strategy will be pursued through public-private-sector team research, development, and deployment acceleration efforts including the development of multi-institutional, collaborative programs; a modern development facility located off the NIST campus; a team environment; project objectives that are jointly identified and shared; and creation of opportunities for collaborative leadership among technologists and business communities. Ms. Dodson emphasized the importance of the CCoE concept which will bring together both technology and security needs for business use cases.
The main goal of the CCoE is to drive adoption of practical, affordable, and useful cybersecurity capabilities and practices across the full range of commercial and government sectors. New and tested methods for composing, discovering, and measuring the security postures of systems and enterprises will be disseminated. Ms. Dodson remarked that the best and brightest people from academia, industry, and government are needed to collaborate on these critical problems from both the business case side and the technology side to begin to foster the adoption of strong technologies.
The potential structure of the CCoE includes an Executive Board, Executive Director, and a Board on Science and Deployment. Engineers and scientists will be working on different projects to build out cybersecurity platforms in a test bed environment but using real world use cases. This will help identify places where better or new technologies and/or additional standards or guidelines may be needed.
Turning to a business use case framework, Ms. Dodson noted that it is easy to purchase IT products with security features and put them in place in your environment but much more difficult to use these components to maximize security and still meet your business needs. This is a big challenge in both the U.S. government and in industry. Use case participants should involve the CCoE as well as consumers, IT vendors, and NIST. The use case development process begins with the CCoE collecting the requirements; identifying applicable standards, guidelines, and IT vendors; then integrating and demonstrating the solution for deployment in the operational environment. Ms. Dodson also described a proposed health IT use case where the federal government and the health care community would work together in addressing several challenging business requirements.
For more details, see Ms. Dodson’s presentation
– The group discussed the following topics:
National Strategy for Trusted Identities in Cyperspace (NSTIC)– Mr. Jeremy Grant, Senior Advisor, NSTIC, ITL, NIST
- The ability to solve the nation’s cybersecurity infrastructure problems with only $10 million was debated.
- It was suggested that NIST should focus on a particular business case and move fast with the right stakeholders.
- NIST plans to leverage these partnerships with its brain power as illustrated by its work in cryptography and will be seeking industry’s support in setting the priorities for the most important business use cases. NIST also plans to leverage its existing relationships in the IT sector as well as other arenas when considering use cases. For example, NIST developed another potential business case for the financial services sector to leverage its relationship with this sector where progress has been made in identifying some of its requirements.
- Access to encrypted digital legacy information in the future is also important.
- NIST’s strongest contribution to the CCoE structure is the depth of its capabilities in the technology space.
- Software usability and software assurance are also important areas which should be addressed.
- The deployment of well-defined software tools can be very difficult such as the case with Domain Name System Security Extensions (NSSEC).
- The fundamentals of a risk management infrastructure and the technical underpinnings are key and apply across many of the business use cases. For example, much of the Computer Security Division’s work can be tailored for use in different environments, such as cyberphysical systems as well as the Smart Grid space.
– Mr. Grant reviewed background information on the National Strategy for Trusted Identities in Cyperspace (NSTIC) and highlighted four key implementation activities of the NSTIC since the VCAT’s June 2011 briefing on this topic.
The NSTIC was called for in the President’s Cyberspace Policy Review in May 2009 and officially launched in April 2011 with the release of the signed NSTIC document. The core of the NSTIC calls for an identity ecosystem which is defined as “an on-line environment where individuals and organizations will be able to trust each other because they follow agreed upon standards to obtain and authenticate their digital signatures.” The four guiding principles for identity solutions are that they must be privacy enhancing and voluntary; secure and resilient; interoperable; and cost-effective and easy to use.
Mr. Grant described the three problems addressed by NSTIC: 1) broken usernames and passwords; 2) difficulty of verifying identities over the Internet; and 3) privacy remains a challenge. The economic impact of identity theft is significant with 8.1 million victims last year at an estimated cost of 37 billion dollars. A joint study by the Secret Service and Verizon on data breaches identified the top methods of attack, of which many were tied to weak authentication at the back of the system. With regard to privacy, individuals often must provide more personally identifiable information than necessary for a particular transaction and individuals have few practical means to control the use of their information. A diagram on the Personal Data Ecosystem published in June 2010 by the World Economic Forum illustrates the abundance of data collected which is expected to grow exponentially over the next few years. Trusted identities provide a foundation to solve all three of these problems by providing enhanced security, improved privacy standards, and economic benefit from enabling new types of on-line transactions.
The vision of the NSTIC is to have an identity ecosystem by January 1, 2016, with some real improvement sooner, where individuals can choose among multiple identity providers and digital credentials for convenient, secure, and privacy-enhancing transactions anywhere, anytime. This effort will be led by the private sector which is in the best position to drive technologies and solutions as well as identify barriers while the federal government provides support by helping to develop a private-sector led governance model, facilitating and leading development of interoperable standards, providing clarity on national policy and legal framework around liability and privacy, and act as an early adopter to stimulate demand.
NIST has been establishing the NSTIC National Program Office (NPO) charged with leading day-to-day coordination across government and the private sector in implementing the NSTIC. Congress appropriated $16.5 million for the NPO for 2012 in which the bulk of the funding will support grant programs, including pilots and the Identity Ecosystem Steering Group. Mr. Grant described four key NSTIC implementation activities. A new two-year grant will fund a privately-led Identity Ecosystem Steering Group to convene stakeholders and craft standards and policies to create an Identity Ecosystem Framework. For input on how to set up this Steering Group, NIST published a Notice of Inquiry (NOI) on this topic in which 57 responses were received, held a two-day workshop, and had a panel look at governance models in other public/private partnerships. The most popular model cited was Smart Grid. Based on this input, NIST published recommendations in mid-February on the structure of the Steering Group. The second activity involves the NSTIC Pilots Grant Programs with an anticipated $10 million for 5-8 awards expected by late summer, as recently announced in a Federal Funding Opportunity. These grants will focus on addressing barriers the marketplace has not yet overcome. The third activity is building out the NPO, and NIST is in the process of hiring key staff. The NPO will be operating under the model to influence through active engagement in the Steering Group and managing pilots. The fourth activity is coordinating federal efforts for .gov adoption, including identifying agencies with potential killer apps and willingness to be early adopters.
In closing, Mr. Grant provided an example of a cybersecurity success story from DOD to illustrate that trusted identities matter but barriers exists. He noted that barriers can help guide the areas in need of pilots and R&D and showed a chart with topics associated with privacy, usability, security, liability, and interoperability.
For more details, see Mr. Grant’s presentation
– The group discussed the following topics:
- Machine-to-machine authentication is also important.
- Near-field contact should be explored as an alternative to a Universal Serial Bus (USB).
- The responses to the ROI are posted on the NSTIC website and include comments regarding the Smart Grid model.
- Certificate of authorities fall within the interests of the NSTIC and could be considered by the Steering Group as a focus topic.
Administration’s S&T Priorities and Directions – Mr. Tom Kalil, Deputy Director for Policy, Office of Science and Technology Policy, Executive Office of the President
Presentation Summary – Dr. Gallagher introduced Mr. Kalil as one of the most instrumental people in the science and technology arena in Washington, DC, through two key positions as Deputy Director for OSTP and as part of the National Economic Council. Since the President’s FY 2013 budget has not yet been released, Mr. Kalil will be speaking in generalities about the Administration’s priorities and directions. In his opening remarks, Mr. Kalil noted how much the Administration appreciates the service of the VCAT members who are experts in science, technology, and innovation and can inform the Administration on decisions in these areas.
Mr. Kalil described several recent Administration S&T activities, including the State of the Union address which focused on research funding, clean energy, and advanced manufacturing; the celebration of the first year anniversary of Start Up America held on January 31; the second White House Science Fair; an event focused on the role that innovation can play in global development; and the President’s February 7 meeting with deans of engineering to discuss how to increase and retain the number engineer students. The CEO of Intel, the Secretary of Education, the Secretary of Energy, and VCAT member Pradeep Khosla attended this meeting. On February 13, the President will unveil the FY 2013 budget with investments in research, education, and infrastructure as referenced in his State of the Union address.
Mr. Kalil also summarized the President’s innovation strategy comprised of three pillars, provided examples of specific initiatives under this strategy, and described the role of NIST in advancing these priorities. The first pillar addresses the government’s role in investing in the building blocks of long-term economic growth and job creation, particularly around research, human capital, and infrastructure. The second pillar focuses on the government’s role in creating the right environment for private sector investment. The link between innovation and national priorities is the focus of the third pillar. With regard to research funding under the first pillar, the President has called for the doubling of the budgets of three key science agencies ¬– NSF, DOE’s Office of Science, and NIST. Big data and bioeconomy are among the specific priorities for research funding. The Materials Genome Initiative is also under research funding and NIST is playing an important role in this area, particularly in informatics. The President also unveiled the National Robotics Initiative in support of the first pillar. The Administration is encouraging the agencies to work together and to develop a national strategy for these priorities. In support of the second pillar, Mr. Kalil described the Start Up America initiative aimed at encouraging and promoting high growth entrepreneurship. In addition, a Presidential Memorandum was issued to help accelerate the technology transfer and commercialization of federally funded research and NIST has a key role in this effort. Mr. Kalil characterized the third area in terms of grand challenges and noted the value of having the country identify ambitious but achievable goals that require science, technology, and innovation.
Discussion Summary – The group discussed the following topics:
VCAT Administrative Session – Draft Initial Observations, Findings, and Recommendations for the 2011 VCAT Annual Report
- Ways to ensure that intellectual property generated from science and technology initiatives remain in the U.S., including the interpretation of the Bayh-Dole Act;
- Suggestion that NIST have a stronger coordination role with the national labs in helping to align their projects and competencies with the Administration’s initiatives and industry needs;
- Ways to strengthen the national laboratories partnerships with industry, including the Executive in Residence Model in place at various agencies and other opportunities for personnel exchanges;
- Actions needed for the U.S. to develop supply chains earlier in the process;
- Importance of industry providing their priorities to the Administration for areas of collaboration between industry and government;
- Examples and importance of government activities in support of the bioeconomy; and
- Mr. Kalil’s instrumental role in connecting R&D activities with economic development programs, particularly in the areas of regional clusters, in advancing the President’s innovation agenda.
VCAT Chair Dr. Cerf led this session which focused on the Committee’s revisions to the draft 2011 VCAT Annual Report. He expressed the need to know of any significant differences of opinion among the members about the content of the current draft. The group reviewed the recommendations under each topic and suggested revisions and additions as needed. Safety metrics will be included in the final report. The report is due to the Secretary of Commerce for submittal to Congress not later than 30 days after the President submits the annual budget request to Congress.
The report will include the following topics:
- VCAT Focus in 2011
- NIST Role in Advanced Manufacturing
- NIST Role in the Wireless Innovation Initiative
- Update on Ongoing Programmatic and Operational Issues
- NIST Strategic Planning and Performance
- NIST Budget
The meeting was adjourned at noon on Thursday, February 9, 2012.
I hereby certify that, to the best of my knowledge, the foregoing minutes are accurate and complete.
Gail Ehrlich, Executive Director, NIST Visiting Committee on Advanced Technology
Dr. Vinton Cerf, Chair, NIST Visiting Committee on Advanced Technology