The Engineer's Role in Homeland Security

I welcome this opportunity to describe the varied activities that the National Institute of Standards and Technology—or NIST—is undertaking to help strengthen homeland security. Interactions like this one can improve understanding of roles and responsibilities. Even better, they may lead to productive collaborations that can make our economy and our society less vulnerable to the villainy of terrorism. And that's what we need to do.

I commend ASME International and this board for mobilizing the society's resources and organizing the considerable expertise of its members in support of homeland security efforts. Your contributions toward accomplishing this enormously complex task are most welcome.

To be here, in New York City, is to fully appreciate the urgency and deadly serious nature of the challenge that our nation faces. But at the same time, the determination, perseverance, and resilience demonstrated by the people of this great city should inspire us to work together and to succeed.

Cooperation is an absolutely essential ingredient of efforts to counter the asymmetric threats of terrorism. Public and private sector organizations must work together; bureaucratic, jurisdictional, and geographic boundaries must be transcended; and, in the domain of science and technology, specialization among disciplines must not fragment our responses.

Through partnerships and coordination, we must galvanize and leverage human and technical resources along many fronts so that the nation can master what is, in effect, a systems problem of the highest order.

To comprehend the dimensions of this important challenge, think in terms of physical infrastructure-this nation's collection of utilities, bridges, ports, water systems, airports, hospitals, and other structures. An estimated 85 percent of this vast assortment is privately owned. Think also in terms of our immense information infrastructure and its multitude of vulnerabilities. Then, think in terms of levels of emergency preparedness-56 states, territories, and possessions, more than 3,000 counties, tens of thousands of communities, and 285 million people.

The mountain of technical issues and scientific questions aside, we face a gigantic organizational and operational challenge that we are still wrestling to the ground. That is the context for this conference and for our work.

At NIST, industry, government, and university collaborators contribute to the 120 homeland security projects under way in our seven laboratories.

These projects are in addition to promising embryonic technologies that companies are bringing to life with cost-shared awards from NIST's Advanced Technology Program. Since 1992, this competitive program-the ATP-estimates that more than $270 million has been obligated to companies and joint ventures pursuing promising commercial technologies that can be enlisted in the fight against terrorism.

For example, among the 40 ATP awards announced just 10 days ago, there is a project to develop novel three-dimensional imaging technologies that could improve facial recognition capabilities. Another project aims to push sensor and analytical technologies so that they can be used to assess, in real time, the integrity and remaining functional life of large metal structures and equipment.

By the way, a bill passed by the House of Representatives, and now before the Senate, would create a new grants program at NIST to fund university-led research on computer security.

In our laboratories, NIST scientists and engineers concentrate on measurement and standards needs related to homeland security. And there are many such needs. Exacting measurements improve and assure the accuracy and reliability of homeland security technologies. Standards help to foster consistent performance and interoperability among technologies from different vendors.

Our laboratory projects can be sorted into six key areas:

• First, information security and critical infrastructure protection;
• Second, the safety of structures and occupants;
• Third, biometric identification;
• Fourth, detection and remediation of chemical, biological, radiological, nuclear, and explosive threats;
• Fifth, air transportation safety; and
• Finally, the effectiveness and safety of personnel in emergency services and law enforcement.

I'll give a few examples to convey a sense of NIST's role in homeland security. I'll start with our investigation of the structural failure and progressive collapse of the World Trade Center buildings following the terrorist attacks.

This study includes technical experts from industry, academia and other laboratories. We are interacting regularly with the professional community, local authorities, and the general public. We also assigned a special liaison to families of first responders and to families who had members in the buildings at the time of the attacks.

The investigation is part of a broader NIST response to the World Trade Center disaster. Concurrently, we are conducting two programs that aim to accomplish the crucial goals of learning from the events of September 11th and, most important, applying the lessons learned from that tragic day.

In concert with The World Trade Center investigation, NIST is conducting a multiyear research and development program that also engages experts from the private sector, including professional societies. For example, we are focusing on making elevators more available for fire fighters and safer for those fire fighters and occupants in emergencies. We are doing that in conjunction with ASME Committee 17 and the elevator industry.

The results of these collaborations will provide the technical basis for improving building and fire codes, standards, and practices.

We also will be facilitating an industry-led program to disseminate information and technical assistance. This will accelerate the adoption and use of practical guidance and tools to better prepare facility owners, contractors, designers and emergency personnel in the event that they must respond to future disasters.

An obvious challenge is getting consistent, reliable technical information into the hands of people who are on the front lines of homeland security - and to do that in a timely manner.

We are working with industry leaders to develop an understanding of what sorts of changes are coming down the pike. That will help us all to work on the performance requirements for improvements to practice, standards, and codes -- and to engage support in facilitating the adoption and use of these improvements.

Something that everyone already can see is coming is the need for to better secure industrial control systems against assaults by terrorists, hackers, disgruntled employees, or anyone else intent on disrupting these vitally important elements on the nation's infrastructure. This work is being carried out under the National Information Assurance Partnership, a joint initiative of NIST and the National Security Agency.

The initial focus is on process industries. These include electric, gas, and water utilities; oil producers; chemical and pharmaceutical manufacturers; pulp and paper mills; and mining operations. In this diverse sector, the trend has been toward increased automation and increased connectivity, posing a unique set of security challenges that, before September 11th, had been neglected.

For example, legacy systems must be retrofitted with security hardware and software. In turn, there is the concern that resource-intensive technologies will degrade control-system performance.

These challenges are now being addressed collaboratively by the Process Control Security Requirements Forum. The forum was established to focus sector-wide attention and effort on control system vulnerabilities and security priorities. Its growing membership includes companies and a variety of industry associations and societies. Ultimately, this collaboration and others that have allied with the forum will yield "protection profiles" that will guide development and testing of new security standards technologies for industrial control systems.

This is important work, and some of your organizations already may be contributing.

Standards are key to our efforts to improve security. Now more than ever, there is a vital need for high-quality, consensus standards in cybersecurity, communications, database management, and in other technology areas fundamental to homeland security.

The public and private sectors are collaborating--through ANSI, ASME, and a variety of other organizations-to address these issues. To get the job done, we must cooperate even more effectively.

Earlier this month at a major conference on security and competitiveness, I said that streamlining the voluntary standards process and decision making would benefit the nation in the area of security standards - and more broadly.
The response I received - actually, the lack of response - told me that we still have a long way to go in communicating the importance of the standards process.

And while I'm on communications: I think we can gain greater appreciation about the importance of this task of streamlining and involvement if we make it clear that there would be concrete spillover benefits in terms of trade and adoption of U.S. technologies. The fact of the matter is that we are in a standards system competition with others, especially the EU, and we need to make sure that our system is as nimble as possible if we are going to make it attractive to emerging economies.

We need to find ways to ensure that industry and government leaders better appreciate the importance of standards -- and of having an efficient voluntary standards-settings process as we go forward with our efforts improve security. The participants in this conference are well positioned to help do this.

Perhaps we need to make it clear that if the voluntary standards process doesn't rise to the challenge for streamlined actions, we run the risk of having government mandate certain requirements. I feel comfortable that I speak for most of you here when I say that is not the direction in which we want to see the standards process heading.

Clearly, there is an enormous amount of work to do, and we can accomplish so much more by working together. NIST is working with ASME and with a number of your organizations on several fronts.

For example, as a member of the construction and building subcommittee of the White House Office of Science and Technology Policy's National Science and Technology Council, NIST cosponsored with ASME and the American Society of Civil Engineers the Critical Infrastructure Protection Priorities Workshop last month.

That workshop addressed critical infrastructure, particularly buildings, R&D needs and priorities for homeland security. Of the 17 resulting research priorities, the top four are areas in which both NIST and ASME have much to contribute:

• Guidance on risk assessment,
• Recommended practices for addressing terrorist threats in buildings,
• Facility knowledge systems for first responders, and
• A collaborative infrastructure security resources matrix through The Infrastructure Security Partnership, or TISP. ASME and NIST both are members of TISP.

In addition to these areas, NIST and ASME are working together or have strong potential mutual interests in:

• Making elevators safe and usable in emergencies, as I noted earlier,
• Technologies for reducing vulnerability to chemical and biological attack in buildings, and
• Tools to evaluate building or facility response to extreme fires.

Clearly, there is an enormous amount of work to be done. At NIST, we look forward to working with ASME and with your organizations even more closely to prevail against the threats of terrorism and to ensure a bright economic future for our nation and the generations to come. There is plenty of reason for optimism that we can improve our security even in an uncertain world. The key will be in how decisively and cooperatively we act. Meetings like these should invigorate us to do just that.

Thank you.