Our third Director’s Corner series blog post brings insights from Ram D. Sriram, NIST’s Information Technology Laboratory’s Software and Systems Division (SSD) chief. Ram oversees the work of NIST staff members who conduct state-of-the-art software testing and standards development by creating scientifically rigorous and innovative techniques, which includes cybersecurity software.
Ram has worked at NIST for more than 25 years in several different laboratories and divisions. He developed the engineering design program in the Manufacturing Engineering Laboratory (now just Engineering Laboratory) and became the SSD chief in 2010. He was named a Solid Modeling Association (SMA) Fellow in 2020 in recognition of his more than three decades of research in manufacturing systems integration and qualitative geometric modeling. Before joining NIST, Ram was on the engineering faculty at the Massachusetts Institute of Technology (MIT).
Our staff work on a number of NIST initiatives. We are involved with software testing and standards development, computer forensics for the digital forensic industry and law enforcement, computational metrology, material design, accelerator-based computing, voting systems, cloud computing, electronic health records, semantic interoperability foundations, and so much more.
In response to a March 2020 White House Call to Action for the nation’s AI researchers to develop methods to analyze literature related to the coronavirus, SSD Staff, along with collaborators from MML and EL, created the COVID-Data Repository. The repository provides a one-stop shop for AI experts to develop new text and data mining techniques that can help the science community answer high-priority scientific questions related to COVID-19. Some SSD staff have been collaborating with the Center for Disease Control and Prevention (CDC) to develop COVID-19 surveillance systems by providing support in standards creation and quality, test case creation, and conformance testing tools.
SSD has several cybersecurity projects. The Federal Cybersecurity Research and Development Strategic Plan underscores the importance of developing robust and trusted software systems. Software is like a house’s plumbing system. If security is not properly designed into software, then harmful leaks can happen. We are developing materials to help people find and prevent security-relevant software bugs through the Software Assurance Reference Dataset, a large collection of software with known specific bugs and often with a matched piece of software without the bug. The Common Vulnerability and Exposures (CVE) list provides a basis for gaining understanding of the cybersecurity threat landscape. To test the CVE’s effectiveness, we developed the Cybersecurity Knowledge Mining and Discovery Platform, which uses automated and data-driven approaches for reporting cybersecurity vulnerabilities and exposures. Other major cybersecurity projects are the National Software Reference Library (NSRL) and the TrojAI project, which will let us develop an evaluation infrastructure for trojan detectors.
There will be a considerable focus on the use of AI tools for metrology, including testing algorithms and developing standard datasets. We are working on several machine and deep learning metrology projects to help industry, academia and government build secure software and software systems, and working with stakeholders to develop standards to ensure fair and reliable software.
I came to NIST from MIT in 1994 thinking I would spend a couple of years and move on to another university. However, 25 years have elapsed, and I am still here. The things I like about NIST include the great support from my supervisors, excellent technical staff who are willing to collaborate, marvelous administrative staff, high quality researchers from all over the world, excellent balance between family and work, and reasonable financial support for research activities.
Remember to follow us on Twitter: @NISTcyber!
Dr. Ram, this is a great article regarding the research being done in your Department and in NIST.
Good insights into the type of work being done at NIST.
I would like to learn more on any NIST research involving software bill of materials to address risks in software supply chains.
The scope and breadth of the work is amazing!