So I want to welcome everybody this morning to our roundtable discussion on standards. Both all of you in the audience, we're delighted that you made it here this morning. I can think of no better way to kick off the State of the Union address today than to have a discussion about standards this morning. I also want to welcome everybody who is joining us by webcast and remind you that if you want to have us follow up with you, please send an e-mail to us at standards_roundtable [at] nist.gov (standards_roundtable[at]nist[dot]gov). Let us know your name and email address so that we can get you on a list and follow up with you. I am delighted that we have a special guest to kick off our discussion this morning. He has been my boss since March of 2009, and has been the point person within the President's cabinet on kick starting our economy and getting Americans back to work, and as part of that agenda, he has had a very significant impact within the Commerce Department in bringing our programs into alignment around this goal. That includes a focus on innovation and entrepreneurship, efforts to promote trade, and efforts to frankly, make the departments of the Commerce Department work more efficiently and more effective to support businesses. Whether that's patent reform, whether that's making grant mechanisms more efficient, his leadership has been instrumental in making this happen. On a personal note, let me add that one of the very first things I interacted with the Secretary on was in the realm of standards. I think within the days of becoming confirmed as the Secretary of Commerce, the issue of smart grid standards and trying to fast track that effort was something we discussed. And his leadership was instrumental in engaging the business community and setting us on a path that many of you are participating on today. So without any further ado, let me please introduce our welcoming guest, Secretary Gary Locke. [applause]
Well, thank you very much, Pat, for the introduction. And it's really great to have all of you attending this morning. I also want to thank those who are joining us via the web. And we are really especially pleased to have with us this morning and participating several key colleagues from President Obama's White House staff. Aneesh Chopra, who is the U.S. Chief Technology Officer, and also Phil Weiser, who is the Senior Advisor on Technology and Innovation with the White House National Economic Council. While the development of technical standards may be arcane to some, those of you here know the tremendous impact that standards can have on U.S. competitiveness, innovation, job creation, and ultimately, our quality of life and our standard of living. We meet here this morning three weeks into the new year, 2011, with the American economy stronger than at any time since the great recession began in December of 2007. Retail sales just had their strongest quarterly gain since 2001. Private sector employment grew every single month in 2010, with the manufacturing sector posting its first increase in annual employment since 1997. Beginning with the Recovery Act and continuing with the December 2010 tax cut package approved by the Congress, there are strong indications that the measures that the Administration have been taking to foster economic recovery are working. But that's not to suggest that anyone within the Administration or even the Commerce Department is satisfied, not when you have an unemployment rate over nine percent. So as we move forward this year and next, I hope everyone in Washington remembers that the most important contest for Americans right now is not between Democrats and Republicans, but really between America and countries around the world that are competing like never before for the jobs and the industries of the future. And the people in this room and participating over the web are going to have a lot to say about how well America does in this competition because standards are an important part of the economic infrastructure that the private sector needs to build upon. And the common practices, specifications, and guidelines that you all help deliver are integral to the growth of any new product and even to new businesses. Your role will only increase with the passage of the America Competes Act of 2010, which is designed to strengthen U.S. leadership in science and technology. The legislation puts new emphasis on the work that NIST is doing in the standards area, and NIST has been a focal point of the federal government standardization efforts for over 100 years and has played a key role in promoting international standardization since the end of World War II. The legislation directs NIST to collaborate with industry on cloud computing standards, formalizing NIST's cloud computing activities, which actually began in the last two years. Additionally, the legislation authorizes a green manufacturing and construction initiative that will help produce high-performance building standards. The legislation also created a new position, Under Secretary of Commerce for Standards and Technology, which is now being added to Pat's title. So, congratulations, Pat, on your additional title. I have to say that really NIST could not have a more confident, more far-sighted leader at this important time in our economic history than with Pat Gallagher. NIST is at a bit of a crossroads, and when you have such a crossroads, an institution requires wise and sound leadership. I say NIST is at a crossroads, and perhaps our perspective on standards is at a crossroads. Because the nation has recently relied on NIST to coordinate and support private industry efforts to help America achieve a series of key national priorities. For example, the nation needs, and President Obama's administration is helping to build a cleaner, more efficient system of energy generation and transmission. And of course, a huge part of that effort is the development of a more secure and more efficient national smart grid. If smart grid technology is deployed across the United States, it could help reduce power demand by more than 20 percent in many areas of the country, which is significant enough to eliminate the need to run hundreds of power plants during times of peak demand. And if we want to scale up clean energy generation and the new jobs that come from creating thousands of new wind turbines and solar panels, you better believe that we'll need a reliable, interoperable smart grid to manage the energy that powers our homes and our businesses. But to make it happen, we'll need to have a common set of standards to ensure that all the hardware and software is compatible. We've got to ensure that the appliance makers and the utilities and the IT companies are all singing from the same song sheet. It's like building a house, because I love remodeling and construction. You can't have some guys on one side of the house framing walls, assuming that the ceilings are going to be 10 feet high and another crew on the other side framing the walls, assuming that the ceilings are 12 feet high, or working off 16-inch centers on your stud pattern, and some working off a 24-inch pattern. You know, Pat and his team have already done an incredible, really a tremendous job moving us toward common standards so that smart grid technology can pervade the nation and indeed the world. And last year, they rolled out version 1.0 of the Smart Grid Interoperability Framework. And important progress has already been made on harmonizing software base standards for the computers that will support and operate our smart grid network. I really believe that because of the involvement of NIST, we've been able to accomplish in a year-and-a-half, in the standardization process for the smart grid, what took the telecom industry some five to seven years to do. Of course, the smart grid is only one example of how we are helping move the ball forward on a series of national priorities. Look at health care, where digitized medical records will play such an important role in bringing down costs and reducing medical errors. We've been, the nation has been talking about this for years, and now NIST is helping the private sector as it develops standards for that suite of technology. Or look at nationally critical areas like public safety communication, where robust standards efforts are also under way. The list goes on. Importantly, we're also continuing to collaborate on world standards with the EU and other partners in the international community to come up with compatible systems and to keep markets open. If we in the west, or if we in the United States do not work with other nations, other countries will adopt their own standards to protect their own domestic markets to keep foreign company or competition out. And by virtue of their own size as they sell to the rest of the world, force other countries, including the United States, to follow their standards, and relegate our standards to opposite lessons. We cannot have the balkanization of the standards in some of these key emerging fields. The United States must work in collaboration with partners around the world. But over time, these types of protectionist measures can only frustrate trade, but also will threaten the free flow of capital and ideas that are so necessary for innovation. It's been over a hundred years since standards became a U.S. government focus, when manufacturers began moving en masse to foreign markets. They wanted to be able to guarantee the uniformity and the quality of their exports. But as the noted scientist Vannnevar Bush pointed out, standards development cannot occur in an ivory tower. So we are here today to ask a few questions, and I'm really that we have a very esteemed panel that will be presiding and engaging with us, people from all around the country, from a variety of different perspectives. But here are some of the questions that we would like you to consider. What can government do better to enhance the efficiency and responsiveness of the private sector standards development process? What is the proper role for the federal government in catalyzing positive outcomes? And how well are existing public/private initiatives in standardization working? And finally, can we articulate a rule of thumb for when the government ought to play a catalyzing role and when it ought to stay on the sidelines? These are all very important questions and this set of questions has many, many nuances. I am very much looking forward to your answers and to hearing the results of your discussions. But we need you. Things are moving so quickly, not just within technology, not just with the United States but indeed, all around the world. And if our industries, if our R&D institutions are to have a meaningful role in addressing the challenges and the technologies emerging, we have to have a clear set of understanding on the role of standardization process, the role of the government, the role of the private sector and indeed, how we can work together. Have a good afternoon and a good day. Thank you very much.
Thank you, Mr. Secretary. Let's thank him again. He has another meeting he has unfortunately to run and catch, but I was delighted that he was able to join us and kick off this event for us. Once again, let me welcome everybody here for this roundtable discussion. I particularly want to thank our distinguished panel for coming, literally, in some cases, from other side of the planet, to join our discussion today, and for seeing so many friends and colleagues and leaders in standards in this audience today. And I assume the same is true in our webcast. And the leadership is both from our private sector, from industry and from standards organizations, but also from government. So I want to thank each one of you for being here today and for joining us. So one of the questions that has been asked is why are we doing this? Why are we having this discussion today? I don't need to explain to this audience the importance of standards setting and the entire standards process all the way to conformity assessment. Standards are the central nervous system of technology. They define the interfaces, they define the functionality, and they define the performance of technology systems and components. They underpin the building blocks of innovation and they form the basis under which we develop the technology systems that we put to work for important tasks. What's striking about this discussion we're having today is that I think that it's happening for the first time in government. I don't know that a NIST director has ever stood right after a Secretary and just before a senior White House official to initiate a discussion about standard setting in the federal government. And the reason we are having this discussion today is I believe due to two fundamental things. One is, it's become very clear that technology and these technology systems play a critical role in addressing public needs. Some of the most important priorities we have as a nation are ones that will be solved or tackled in large part by the technology and the ingenuity that we bring to bear to solve them, whether that's our energy needs, promoting health care and quality of health for all of our citizens, for promoting an effective education, to ensure that the security of our nation is protected. So technology, because it's become foundational to how we solve problems, we have become keenly interested in the building blocks of technology, and I think you see that awareness manifested today in the interest at very senior levels of our government. The other reason I think that we're have this discussion today has to do with the way technology itself is developing. We are moving from a time when technology was largely component-based to robust ecosystems of technology that are working together. This cannot happen without a framework that defines mutual functionality, that defines interfaces and defines performance. In other words, standards really underpin these technologies and how they develop. And because they are a form of mutually agreed upon behavior, they underpin and touch many other aspects of our innovation. They touch competition, they touch trade, they touch patents. They touch a whole number of things. And because we know how important this is, we know that this is an important discussion. And Aneesh and Phil are co-chairs of the cabinet-level Committee on Technology under the National Science and Technology Council. And last year they formed a subcommittee on standards and asked us to look at how to make the standards process more effective and more supportive of these national priorities.
And one of the key steps there, because standard setting is a private sector-led activity in this country, is to turn to you. And so we've published a request for information, a request for public comment, where we are seeking your input in how do we make this process more effective and more efficient. We have extended the comment, the original request for information actually had a deadline of next week, and realizing how important this is and how busy everybody is, we have extended it another month, to March 7. The request for information covers five primary areas of interest. What is the role of federal participation? How should agencies participate in standard setting and conformity assessment? It touches engagement. What are the right vehicles for public-private partnerships to tackle these problems? And to do that, we're interested in case studies. What has worked well, and what hasn't worked so well. And what lessons can we draw from those experiences. What are considerations that we should take into account when we're looking at standard setting? What are the impacts of standards on other areas of interest? Intellectual property protection, trade, commercial activity, competition. What are the resource issues that would enable or create barriers in this process? And very importantly, and something I think we need to really strive in, what are the most effective metrics? How do we put in a robust, continuous improvement loop into our standards dialogue and discussions so that we learn from mistakes and we adopt best practices so that the next time we are faced with a challenge, we're starting from a very strong position. So today's panel discussion for me is designed to stimulate and expose the criticality of standard setting and to stimulate the community to participate in this public comment. It is imperative if, as federal agencies, we're going to work together to look at ourselves and decide how we're going be more effective, that we have the best input we can get from you. So I want to thank you once again for joining us today. And I want to stress how critical your input is to this entire process. And hopefully today's panel will be something that you can share with friends and colleagues in the community so that we absolutely have the best input to moving forward. Let me at this point introduce a real leader in this area. The other first we've had, the Secretary commented very graciously on my new title. But seated to my left is the nation's very first chief technology officer, Aneesh Chopra. I think all of you have probably worked with Aneesh or know him. And he has the lead within the President's White House, looking at how technology can be brought to bear. And you see the central role that this plays. And he has been a central leader in this effort from the very beginning. So let me welcome Aneesh up to the stage.
Thank you. You know, Pat has been an incredible partner at NIST. And I just wanted to acknowledge in front of all of you how much we appreciate his leadership. And I must say his support for this effort and his engagement with all of you I think is a testament to our true commitment to collaboration. So, for that I just want to say one more round...applaud his speech. Let's do it now, give him thanks. Pat. [applause]
Today is about listening, not lecturing. So I will be brief. But I want to just put a little bit of context as to why the role that I serve in, the chief technology officer role, why am I keen on your input on this topic today, of all days, when we're celebrating the President's vision for the country. It is because as I've come into the work that I do on policy topics which we could talk about over the course of the session, I have come to learn that there's an underleveraged asset in how we conduct public policy in the United States, and that underleveraged asset is the role our government can play as convener. I am a Virginian, and I come from a commonwealth. And I learned when the queen had come to visit on the 400th anniversary of the birthplace of democracy at Jamestown that the notion of commonwealth was that we all come in together to celebrate and work towards our greater common good, our shared interests. And as I came to Washington to serve in this role, I was taught the traditional policy levers. Pass laws, engaging with the congress, I should say, in their actions to pass laws. Promote budget investments that would help move programs forward. Budgets, laws, budgets, laws, rules, everything in that ecosystem, but not taught was this conversation about the role that government can play as a convener. So what have I learned in the last two years? I have learned that there are at least three areas where the government can act as convener. The first was my first homework assignment the President offered when he came in on the first full day he had as President of the United States, which is to change our government's posture towards data and information by becoming more open and transparent. So the first policy lever is just the power of information if we were to release it. And that led to our open government initiative and a whole series of activities. Second, we spend roughly 145, 147 billion dollars a year on research and development. Increasingly, and one of our panelists is a gentleman from Cable Labs, increasingly, we're seeing opportunities for research and development and collaboration. Same budget amount, but engaging more stakeholders in how to take advantage of and collaborate with our research institutions, be they federal labs or our universities. But third, and the reason why we're here today, is to build on the successful model we have in this country of industry-driven voluntary consensus standards activities, and to engage that ecosystem in support of those public priorities that Pat had alluded to. You are one of the three key variables in the government's role as convener to deliver transformational change that will improve the lives of everyday Americans and, yes, create economic growth opportunities for our businesses big and small, not only here, but in the export context around the world. A quick example of this, and then I'll let you all to the panel. It was a year ago November, where I held a public hearing on the question of health care IT, and what our standards process and what our program that was in the Recovery Act would mean for everyday doctors and hospitals. And we wanted to have a hearing much like today to hear from people who are living in the real world. They don't often come to Washington routinely. They're not the lobbyists or the people that know when the Federal Register notice is published, and you kind of know the mechanics of how to navigate this complicated terrain. We wanted to hear from regular folks. And a family doctor from northern Virginia testified. And I remember this because it hit me right in the face. After the formal remarks, and he had his written material, and he kind of presented his story, we had a dialogue. I asked him some questions and I said no, no, no. I know you gave me the prepared remarks, let's just dig a little bit deeper. What does this mean for you? It came out. He said, what's gnawing at me is that I have a patient in Virginia who's moving to Arizona. And that patient has asked me if she could have her electronic medical records, which I have in my soft, in my system, if they could be e-mailed to the new doctor she's picked in Virginia--I mean in Arizona. And darn it, the software didn't have a usa-button that said, e-mail colleague. And so I scratched my head and asked the IT guy and the staff to say can you help figure this thing out? And the patient said, let's make this an experiment. I'd like to see this work. Could you in fact technically do this? Can you export my record? And after some clunky activity they exported the record, attached it to the public Internet, e-mailed it over regular e-mail, if you will, exported the file off of the attachment and imported it to the new doctor's practice in Arizona. And it worked, clunky as it was. But as the physician was testifying, a room not unlike this, had a collective gasp!, you can't use e-mail for patient medical data. That violates every concept of security and HIPAA, and whatnot. That's crazy. And the doctor knew it. And his ask of us was this. He goes, you're doing great work for years on this health care stuff. When can I have safe, secure e-mail so that I can meet my patients' requests? And we said, oh, my god, absolutely. That's a critical component of the Meaningful Use Program that we had just launched. Our policy framework said, gosh, we want doctors to share data with other doctors. So we didn't have an answer. But Gallagher over here is, like, hey, man, we got this voluntary consensus process. Let's engage. So we asked the private sector, can you come together and develop some specs that would allow us to have some safe, secure e-mail messaging in health care? And in 90 days, 80 organizations ranging from entrepreneurs all the way to large firms reached consensus on an SMTP-based protocol called the Direct Project that would allow for safe, secure e-mail messaging. They did it in 90 days. It then took them three months to share a reference implementation of roughly 25,000 lines of code and off they went to the races. The private sector went in droves. Dozens of organizations announced their commitment to commercialize the specification. I'm pleased, Pat, to report today, the very, 14 months after this physician asked this of us, the very first direct specification e-mail message occurred between a county public hospital in Minnesota called Hennepin County and the State Health Department on the issue of a patient's immunization records, which is a requirement as part of our Meaningful Use Framework, supported by a commercial vendor called Vision Wear--Vision Share, forgive me, Vision Share. That took this concept in the physician's mind who voluntarily shared this request, and that led to this voluntary process that is turned around in 14 months the idea is real. And dozens and dozens and dozens of vendors will have this service widely deployed across 2011. In fact Vision Share itself said it's now available to all of their current client base and they're excited to see the second and the third iteration. It's why people like Steve Midgley in the back of the room on educational standards has proposed his own request for information, to say how do we take that same mojo in learning technologies, because more and more applications are going to enter the educational market, and they're going to want to understand how to measure a student's assessment or performance. And how should that assessment information be shared with teachers and school districts and other applications that might be in a coordinated fashion helping to educate the kids of the 21st century. It's why my man George Arnold in the front of the room in smart grid, one of the brothers in arms to deliver on this framework, engaged with NAESB in the publication of the PAP-10 standard, which by the way has to be renamed, it sounds kind of boring. PAP-10 standards to promote energy usage standardization for consumers. We are engaging in this collaborative model. And it's happening, as Pat said, in a manner that is consistent with our principles of engaging the private sector and allowing all of you to drive the success and the work. But all of these stories have a convening, a problem we are trying to solve. That's the interest we have today, whether it be in education, health care, energy, cloud computing, and all the other aspects that you're going to hear about over the course of the day. I end with this final observation. In the President's memo on open government, he made, he referenced the observation that knowledge in our society is widely dispersed. Okay. Phil, Pat, myself, we think we're reasonably smart, but there's no way we have answers to all these problems. None of us want to come to the tech community and say here is the tablet from on high, go execute and implement this, because we will inevitably get it wrong. Knowledge is widely dispersed. You all have the information and the knowledge to achieve these mission objectives. It is our challenge to find the right models of engagement. And with your input, I'm confident we will achieve that objective. Forgive me for taking up too much time. Good luck today and thank you. To pass the baton to my brother, Phil Weiser, who's going to lead our expert panel in conversation. Please allow him to say some words, and then we'll bring the panelists up.
I will speak from down here very quickly. And I just want to say, that it's such a pleasure to work with both Aneesh and Pat Gallagher because both of them get something fundamentally important that is underappreciated about government and in particular, their work in this administration. It's not easy to take time to ask how government operates and how can government operate better. Generally the sexier issues are the high-profile substantive debates about health care or about getting a man to the moon. What doesn't get people excited are the more mundane, how do we develop the PAP-10 standard. Now, I will say, however, that behind every health care success story or man to the moon mission is a standard like PAP-10 that has helped to catalyze innovation and development and technological change, and if we in the government don't ask ourselves how the government role of convener can be played most effectively, then whether it's cloud computing or cyber security, we're going to find ourselves, in effect, reinventing the wheel every time, and have different agencies trying to make sense of this standards challenge. And what we can instead do and what we're talking about how to do, is have NIST play the empowered role the American Peace Act give to it as, in effect, the standards reservoir of knowledge and goodwill, of how to engage the private sector, how to motivate a discussion about standards development. And what this RFI represents is taking a step back from each individual standards effort to ask, as Aneesh put it, what are the overall lessons about how can we in the federal government use our role as a convener and engage in this important topic of standards? And to help us in that discussion today, we're going to have some expert panelists and then have, most importantly, discussion from the audience. There are people out there on the webcast, and we want to know who you are too. So if you can send an e-mail to standards_roundtable [at] nist.gov (standards_roundtable[at]nist[dot]gov), that'll help us engage you. Because I believe it's Bill Joy who says, the smartest person on any issue is not the person working for your organization, and so your job is to find them. And when people talk about models of open innovation, or in fact, standardization, the goal is to bring people to the table and get their good ideas. And that's what we are doing here. So we invite you all, wherever you are, to send that e-mail. And if you are here and you don't get a chance to engage myself, Aneesh, or Pat, let me acknowledge some other people who are critically important to this conversation. Nick and Ajit, standing right over there, are two of the people who put this event together. Put your hands up, guys. Let's have a round of applause for Nick and Ajit. And two other people on Pat's all-star team, we already heard about George Arnold also Ari Schwartz, raise your hand George and Ari. They're both here as well. Pat is doing an amazing job bringing extremely talented people into his organization. And I think he realizes that's what it's all about, attracting very talented people, giving them authority like the case of George and smart grid. And that's something that I think people are going to look back at NIST during period and see a real effort that has moved the needle and has helped put this concept of standard setting into a vocabulary where often, like Aneesh said, this government convening role, you know, it's not easily understood. But if you look at certain things happening, whether it's smart grid or whether it's health care or cloud computing, you can see that standards are a part of that story. And this effort to understand where it fits is something which I'm very excited about. So to that end, let's get our expert panelists to come up. We'll say adios to our friends here.
We have Raj, Geoff, Ari, Mark, Ralph, and Steve. You should have information from them in your bio. This is not going to be a pre-set set of presentations. Instead, we're going to have a conversation among us, and then we're going to bring you all into the conversation. And we made an effort to get a wide representation. Unfortunately, we only had enough seats on the table for six people, but we picked some pretty stellar candidates here. So we're going to have Nick put people's name tags here. Have a seat here, Raj. Do we need another chair, too? You see. Only have chairs for six. That means I need to stand. Is that the idea, that I'm supposed to take the podium? Do we have another chair or should I take the podium, Ajit? Well, I'm going to take the podium until we're ready. You take the good comfortable chair. Alright. Here you go, Raj. So I'm glad to say that only Raj got my memo about the dress code. The rest of the crowd insisted on wearing ties. In technology circles and standards bodies, ties are not necessarily the derigueur that they are in government settings. So, we are trying to keep some of that standards ethos. This discussion should really be about people jumping in. I will not be afraid to call on people as a former professor. But I really want to get a conversation. And I want to start with a real level setting, which is we started by hearing about important standards are, and I want to ask you from sort of a market perspective and a public policy perspective, to think a little bit about the role standards play and what the risks and benefits are. I will start with one topic that gets often highlighted, which is interoperability and compatibility as a role that standards can play. And to start us off on that, I know something that Mark Chandler and Cisco thought a little about. Why don't you start with how important you see standards in terms of economic development.
Thank, Phil. First, I want to thank you and Aneesh and Pat and NIST in particular for the role in creating this forum and for the work that the White House and NIST are doing to drive this process. It's really inspiring and encouraging for us in industry to see that our governmental leaders understand how important an open and transparent standards process is to our ability to be successful in the world and I think it's more than just being a convener in a way. The role is critically important to the competitive success of American industry. And to that extent you're driving our success and defending us around the world in cases where we need that as well. So thank you for doing this. I think we're at a critical moment with respect to the role of standards in industrial development and for national competitiveness. We are looking more and more to find ways to develop a range of services that use the Internet and the network of networks as a platform to disrupt entrenched ways of doing business, to enhance economic efficiency and lower costs to consumers, and create a better energy future for our country as well. And I think we've referred already to health care, electronic health records, and smart grid as critical areas there. And many of the key initiatives of the administration, including those really are about transforming the way our country operates to make us more competitive and effective going forward. It's not an accident that the standards process that led to the creation of the Internet is more open and transparent than in many previous uses of the standards world that were motivated toward health and safety requirements, and limited interoperability. And so my answer to your question is we have to look more broadly to industrial transformation and not just to interoperability and compatibility. Many Internet standards were created with a model that even required participants to agree to contribute intellectual property on a royalty free basis as participants recognized the need for speed. We believe a royalty free regime would create perverse incentives if it were mandated, and should never be mandated. But government at least has a critical role in assuring transparency and predictability. And the work that NIST is doing in smart grid, and I'm glad George got a shout out earlier, is a great example of where there's an opportunity to do that. I would close that answer by pointing out that the president has spoken to the fact that all we need to succeed is to have a level playing field. And there is nothing more important than both domestically and internationally, than having clear and transparent standards process to create that level playing field on which our country will be successful. So thanks for doing this. And I think compatibility and interoperability are just a small piece of a bigger picture of what we're doing here.
So Raj, Mark adverted to smart grid, we've already said that a couple of times. Maybe you can help us from your perspective at Silver Spring. How do standards in this emerging smart grid transformation play a role?
So, much like any other domain as the Secretary said at the beginning, this is a critical piece of infrastructure for the nation. And there are a number of areas in which standards contribute. The first is that standards, generally speaking, go back to the compatibility point that we just talked about. So it is important to be able to move around, to be able to interoperate, and then plug in devices as you need to. The fundamental simplest way of thinking about that is that one of the simplest standard interoperable pieces that we are really familiar with, with what used to be the non-smart grid is the power plug. It allows you to sort move around and plug in your devices wherever you go. Similarly, as we move to make the grid smart and communicating, that same level of sort of interoperability and transferability needs to be maintained. The other important piece of the--of what standards do, though, is that they actually drive costs down and allow us to more economically deploy new technologies. So for those reasons, this process that NIST has really been driving for the last couple of years, has been very critical in moving this process forward as quickly as possible. The last thing that I think standards do, is really, because of the first two, allow the people deploying that infrastructure to move more rapidly because they have confidence that they're not getting locked into some technology that will be obsoleted, that they're spending money needlessly and so on. So overall, in terms of the investment that we're making as taxpayers, as a nation, and as individual corporations trying to deploy the infrastructure that serves our needs, standards are really critical to all of that.
So one of the tricky parts of this discussion is, often standards are viewed differently in different segments or different industries, with some suggesting that the interoperability role, let's say in the IT sector might not necessarily be the same role standards play in other sectors. Ari, you've looked at standards from other industry case studies. How do you see standards playing a role in different sectors other than IT?
Sure. So my focus has been in the life sciences of late, at least. I've got, NIH has thankfully funded me to do some research in this area. And I've been focusing on the way that FDA and NIH have been involved in standard setting. And in the health and safety context, standards play a somewhat different role, as you might imagine. It's, in health IT, interoperability is very important. But in health and safety, qua health and safety, for example, FDA approval of drugs, standardization is a very interesting concept because it's often standardization on a performance standard. So in other words the drug has to have a certain predicted ability with respect to safety or efficacy. And the FDA has been doing some very interesting things in this regard and it very much harkens to the role of the government as convener and trusted intermediary, if you will, even in certain cases. The problems in the drug development context are legion. And there was a front page article, actually in the New York Times on Sunday talking about the ways in which the pharmaceutical industry's R&D pipeline is simply quite barren at this point. So what the FDA has done over the last six years or so has been to target one critical piece of the problem, which is the lack of standardization with respect to predictability of safety and efficacy. And it has set up a consortium called the Critical Path Institute in which all the major pharmaceutical companies have contributed, to which all the major pharmaceutical companies contribute information to develop performance standards for determining the safety and efficacy of drugs. Now, these aren't necessarily, there is no need for interoperability but nonetheless, we need performance standards. Otherwise drugs fail really late in the process, in the clinical R&D process, and that's expensive and more importantly, is obviously deleterious in terms of people's lives and health. So if we can find good predictive biomarkers, which the FDA is assisting these companies in doing, early on, that will save money and lives. And I am very pleased to note there are seven biomarkers of kidney toxicity that have already come out of this Critical Path Institute that are currently being submitted to the FDA, the European medical authorities and the Japanese medical authorities for approval as reliable, predictable biomarkers of future safety and efficacy.
So you've actually raised a topic that I'm going to hand off here to Geoff, which is the role of performance standards and the accompanying role the government sometimes plays of conformity assessment with standards. Because if you have certain expectations for how products perform, government can play a role ensuring that they meet those certifications. So for example, the Federal Communications Commission for years had its own testing laboratory to deal with the so-called Part-68 rules to ensure that equipment could connect to the network. If you see that FCC certified logo on your computer, that's because they meet that standard. There's other standards the FCC's had with respect to what's called their low power or Part-15 rules to ensure that unlicensed devices could operate using wireless spectrum that won't interfere with other devices. Motorola's obviously lived in that world for quite some time. Is the conformity assessment part of standards a conversation that also has some significance? How would you explain the government role in that context, and any observations you have, Geoff?
I think if you look at conformity assessment is something that continues to evolve as our systems get more and more complex. I think Pat said it earlier in terms of the range of networks and systems that we are dealing with today, how complex it gets. I mean, you look at the wireless world and you're dealing with infrastructure from multiple vendors operated by multiple operators, maintained by multiple back office platforms, and having to communicate with a variety of devices that are far beyond just a telephone hand set. Now we're dealing with tablets and computers and devices that plug into your pc to enable them to work in the system. So you really look at conformity in our perspective on a number of different levels. The first and the most basic probably still is the government regulatory framework in terms of does a device put out radiation in the band, and only in the bands it's supposed to. Does it present a health hazard? Does it interfere with other types of devices? Does it meet the hearing aid compatibility, for example, requirements that exist today? Those types of things which exist in what I will call the various government agencies regulatory realms. On the other hand, there's a whole broader level of how do we interoperate with other elements in the system. And there is a range of conformity assessments that take place. Perhaps the most basic is things we do ourselves. Next level up is one-on-ones with some people who, in many cases, even our competitors. And then a number of our customers or even associations of our customers like Cable Labs run plug fests where we bring our equipment and others bring theirs, and in kind of in real time work through what it takes to make interoperability happen, often refining the specifications as we move forward. And as we start to continue that increase in the range of devices that have to interoperate, those kinds of things are becoming increasingly important.
So that actually takes me to Ralph and Cable Labs, because it bears notice that you have the government as a convener. You have standard-setting bodies, and you've got a lot of activity that happens before and between the standard-setting bodies, including Cable Labs playing a role, and sort of a notable one as sort of a industry collaboration effort. How would you explain this sort of broad ecosystem of standard setting activity in the U.S.? And are there particular strengths or weaknesses that you would point out?
Yes, and just to start off, I was really happy to hear the discussion about the government as a convener because I think that's a great role for the government to play. Cable Labs, as you mentioned, is one of those industry consortia that works with the manufacturing community and our membership, which are capable operators. We are a nonprofit R&D organization for the cable industry. And we work in a precompetitive way with the manufacturing community to develop specifications for the cable industry, which ultimately we will take to standards bodies, both nationally and internationally, to be adopted as standards. So I think the ability for these kinds of consortia, Cable Labs participates in probably over 30 different consortia worldwide, and working collaboratively, to do the innovation and the technology development and have the freedom to do that without government mandated standards or those sorts of things. So I think it's a great role for the government and allowing industry to do that development is really necessary to provide that innovation and actually provide the opportunity for growth and jobs and those sorts of things.
I 'm going to start to pivot a little bit from the U.S. to the U.S. in international perspective. And Intel operates, obviously, around the world and has an exposure of standards setting as a global phenomenon. Steve, would you start? How would you describe the U.S. model vis-a-vis other countries, and how does the U.S. model standard setting achieve what Mark Chandler had talked about, which is giving the U.S. a comparative advantage in its ability to compete in world markets?
Well, so the U.S. model, and I'd like to tell a little story first. Compatibility for me meant, you know, I did one of Intel's first pc's, and compatibility was if you put in an add-in card, if it worked in an IBM pc and it didn't in yours, you had a problem. So over the years, we've been able to establish standards. But the industry has been able to come together and do that, as Geoff had brought up. We form not necessarily large standard bodies but special interest groups and sponsorships where we bring competitors as well as customers together for a common good to say this is where we really want to go and keep it fairly small but bring in a broader set of the community. So the overall governance body's fairly small. But then we have different levels of which people can participate. We have a very robust IP model. Somebody mentioned, the gentleman from Cisco mentioned royalty free. There are some cases where standards do need royalty free. There are others where reasonable nondiscriminatory royalties are necessary. And it just depends on the particular market. But the industry's been able to do that on a case-by-case basis. Internationally it's becoming more of an issue. There are some markets that want to have more indigenous technology. And I think what we're going to have to start looking at as an industry is being more collaborative in bringing in the international community because you know we've, the IT industry, the majority of it's really evolved in the United States, and we have included European customers over the years who have been major participators. But as we start looking at the Asia Pacific region and whatnot, bringing in that collaboration and bringing in the U.S. model of where we allow private industry to be able to drive a certain amount of that because we can have the agility to change as the market dynamics change as quickly as possible. And there are roles where their governments will come in and say, okay, well, this is what we expect to do. It's difficult because we don't necessarily have a seat at the table. But I think in terms of building a more collaborative effort, I think we can drive a more common set of global standards because as you point out, it's difficult to design a product that implements different standards. And it takes us on, we're starting the process here for 2017 now, and so we have to think four, five, six years ahead in terms of where we think the market's going to go so we can plan our products accordingly. So having that level of interaction with foreign, with overseas companies is going to be extremely important for us going forward.
Ralph, I know that Cable Labs participates even as it develops technologies and take them to standard setting bodies. And it's worth reflecting that there're some bodies that were traditionally, as Steve said, that grew up in the U.S., but then other international bodies include some bodies that are more governmental, so the international standard centerization, or the IT, for example. Do you notice a different cultural or even sort of rhythms of some of those international bodies versus those bodies that grew up in the U.S. and how would you articulate that?
Yeah, I think that's true. And we have a fairly close relationship with a number of cable- related consortia around the world as well as standards bodies as you point out, and we've worked closely with them. Some are more deliberative. Some are more, how best to describe it, focused on complete agreement or total consensus, which can, can bog down issues. Oftentimes it raises the issue of IPR and people who are putting IPR in to essentially assure themselves a monopoly position in the technology. And there has to be ways to work through those sorts of things. I think Steve pointed out there isn't a all-size-fits-one on terms of IPR terms and things like that. So I think that's an area where again, allowing the industries involved to come to consensus around what makes sense to reach those points.
So that gets the question I had for Geoff. In a sort of famous book, Exit Voice on Loyalty, critical scientist Albert Hirschman talks about the relationship of these three different ideas. And he basically says that your ability to provide voice sometimes is conversely related with the ease of exit and what (inaudible) is how loyal you are to the institution. So the standard setting body, we've already heard I think both Steve and Ralph, you've heard it that sometime it's hard to play because there may be owner's demands put upon you. How does that dynamic play out, and how real is the opportunity to exit from some of these international standards setting bodies, or how much can firms find themselves somewhat potentially hemmed in by standard-setting efforts? Geoff, what are your thoughts on that?
Well, if you look at a lot of the participation in standards, probably the most conflicted or confusing issue to deal with is how IPR is going to get handled within that standards process. And we understand and certainly respect that to create IPR costs R&D money. And the people who invest in R&D, including companies like ourselves, have to have ways to monetize that investment, whether it be through IPR licensing or whether it be through managing or manufacturing products or some combination. So as part of the standards process it's important that the ground rules be set, and that there be some set of certainty. And by that I mean, one of the most difficult things in the standards process is some firms kind of operate around the periphery of the standards activities, taking notes and picking up ideas in the standards meetings that don't happen to be in the IPR that was officially contributed to that forum. And then they show up as trolls, or that IPR shows up in the hand of trolls a couple years later, creating a very different business model than what a company planned on when they joined the standards body, helped to set the standard, and proceed down the road. And I think that's one of the areas where government, or I'd actually say governments is a plural, can help in the processes. How do we get the right kind of patent regulation and operational domains that protect the rights of legitimate IPR rights but at the same time put some ring around how do you have people migrate in from outside.
So for those keeping score at home, I asked about one side that was related to our international property rights question, and Geoff gave me the other side. I will review it, because obviously one was more in your mind. But the side that also comes up is one that I think Steve and Ralph had kind of adverted to, which is, you can find yourself in a standards setting body where they would insist that you give up your technology and it would become royalty free. And then you have the uncomfortable choice. Do you stay as part of the standard setting body, or do you exit because it's too onerous. That's one concern. Geoff articulated a different concern, which is people participate in the body, but find a way to exit from the body and any potential obligations that the body might have imposed upon them, even RAND obligations, and then later can lie in wait. And so this intellectual property issue is not an easy one. And you've raised it. Why don't we go to it and go to our intellectual property professor at the other end of the panel to put this in context. I've articulated two sides of this issue. Standards are often connected with intellectual property. I don't know if you want to take a step back and give us the issue in context and any thoughts, Ari, you might have for us on this topic.
Sure, so in some sense, the patents and standards question is a subset of a larger question of what role, how you distribute incentives between an initial inventor and somebody who follows upon that invention. In the standards context, that's basically the question on steroids. Because you are trying to distribute rewards, another way of thinking about incentives, between thousands, arguably, of initial patentees. Often we have thousands of patents that can quote, unquote, read on standards. In other words, a standard will infringe upon those patents. And downstream developers who need that standard to create value in the marketplace. So that's the general problem. I think that if we see it in that general context, there is some good news on the horizon. The courts have done some good things with respect to the general problem of how to distribute incentives between the initial inventor or inventors and downstream follow-on improvers. So the Supreme Court, in a case that it issued, a decision it issued several years ago, Ebay versus Merc Exchange, said that there wouldn't be automatic injunctive relief in every case where an initial inventor could claim that a subsequent invention infringed on their patent. And I think that's good because to the extent that there is a concern about patent hold up, a lot of that concern revolves around the injunctive relief situation where you're faced with taking your product off the market if you infringe. And one can imagine how in the context of that very extreme situation, a company might be willing to pay huge sums to the initial inventor, sums far in excess of what the inventor contributed initially in terms of the value of the patented product to the ultimate invention that's sold in the marketplace. There have also been some good cases coming out of the courts recently with respect to how royalties are measured for those upstream inventors. So the Cornell versus Hewlett-Packard case, and Lucent versus Gateway case are cases, I think, where even absent legislative intervention courts are taking some of the economic scholarship on how to distribute rewards very seriously and thinking hard about what a reasonable royalty would look like, in particular, thinking about what is the actual value of the patented invention relative to the ultimate product. And how does this relate to standards? Well, the threat, I think, of hold up is considerably alleviated or mitigated by the reality that if, in certain situations the courts are not going to ultimately give you more than a certain amount of money for your invention, the money that your invention's actually worth, then the opportunity to either hold up a company, or for the company to extract too little value for you is mitigated as well.
So for those I know, who are starting to have questions or thoughts in the audience, to get you in the conversation sooner, Ajit is going to be able take any questions you have. Please write them down on a piece of paper, and he can bring them up to me so we can kind of get your thoughts in closer to real-time. We'll have time at the end as well, but I wanted to give people that opportunity. So everyone knows who Ajit is. If you have questions you want to write down, feel free to give them to him. He has some paper he can give you as well. Mark, Cisco obviously is involved in numerous standard setting bodies, has to keep track of numerous IP policies. How do you do it all, and how do you think about this issue in terms of a real-world impact on your business?
Well, intellectual property is very important to us. We have a patent portfolio of almost 20,000 issued and pending U.S. and foreign patents. And IEEE has rated us in the last three years as having the strongest patent portfolio in the telecommunications industry. That said, however, we have a very strong commitment to making sure that our participation in standards bodies is aimed toward as open and transparent a process as possible. And many the bodies that we participate in, the general rule goes beyond a RAND requirement in ways that we then will obviously comply with. On any given day I think there are engineers from Cisco participating in a standards body discussion somewhere in the world. I think that--
How do you deal with the fact that you've got these engineers dealing in these discussions who are not lawyers, necessarily, and who are not your business executives, forced to make judgments about what types of IP restrictions? How do you handle that?
It's a very difficult process because engineers are focused on how do we get to the right technical solution, not necessarily on how do we maximize downstream legal rights. But from our standpoint, in looking at the opportunities that exist in the industry that we participate in, that's really just fine. And I mentioned before that I think a royalty-free regime, and I want to make this clear for everyone creates perverse incentives if it's mandated. I don't think we can or should mandate from the governmental side that kind of standards body because the issue of nonparticipation will render standards bodies much less relevant if that were the case. On the other hand, in many of the standards bodies that we participate in, we voluntarily take that position. So in fact, we have never brought a claim related to infringement of intellectual property related to a standard where we participated in.
Even if you had a right to demand RAND royalties.
We have never done so. And it's because we, I think one of the key features of the way networks operate is so-called network effects. The value of a network depends on the, or it increases exponentially, Metcalf told us, with the number of end points in the network. And so from our point of view, we think it's both good for Cisco, good for other industry participants, and good for the world at large to have networks to grow as quickly as they possibly can. And that means reducing barriers to entry and increasing transparency so that buyers don't get worried that they will be subject to technological obsolescence, and other vendors won't feel that they will get locked out somehow or subject to unreasonable demands downstream. Now, what I'd like to say on this, though, is that there's a very important role for government to play. And Ari referred to what, I see Carlos Shapiro from the Justice Department here. So with apologies to him I'll paraphrase what he has said in the past and written about with respect to patent thickets. But where you have very complex products made up of many, many elements, the number of patents that can be asserted against those technologies and the royalty stacking that could result can create really impossible situations. As an example, there's more than 157 different patent holders who claim that they have patents that read on the Wi-Fi standard. Almost 700 for gsm, almost 2,000 for umts. More than 800 for lge, the long-term evolution, the next generation of cell technology. And I could go on from there. I think what government can do and should do is first respect the private, voluntary nature of the standards bodies that we have in the United States. I think our system works very, very well as a framework. What government can do is drive more transparency and clarity into that framework as a key feature of growing American success and competitiveness. Now, one of the statements that the government has made is Circular A-119 of the OMB issue. It has not been updated since 1998, really the dawn of the Internet age. And Circular A-119 focused on government procurement being, using industry standards that had at least a reasonable and nondiscriminatory royalty requirement. I think the way the jurisprudence has developed in many cases have rendered RAND unintelligible in a lot of ways, where you really don't know if there's going to be 1 percent or 6 percent. Is it tied to the inventive value component that a standards participant's patent offers, or is it related to the value of the entire system? So we would suggest that A-119 be revisited and updated to show a bias toward standards development organizations that meet four key tests. First, there should be express allowance in accordance with Justice Department guidance that's been given already in the case of VITA and IEEE Business Review Letters allow ex-antinegotiation of royalty rates, so that participants know in advance what it's going to cost if a certain contributed piece of intellectually property is used. Second, have the standard developments organizations be encouraged to have the IP be valued based on the centrality, the contribution to the standard, not on the fact that there may be a much larger product that it plays a minimal role in. Third, have participants agree as part of their participation in the FCO that the evaluation will be made based on the value of the contributed technology compared to alternatives available at that time. Because once intellectual property is incorporated in a standard, it necessarily becomes much more valuable. But the value shouldn't be based on the fact that it was incorporated in a standard because the standards body is comparing it to other things that are available.
This is the same point Ari was making, in fact, that's happening in patent law. And so Ari, out of your point--
So I think Mark is probably asking for a bit of an acceleration. Yeah, there are a few cases that are beginning to look at all of the literature that Carl and others have written on how you should value patents. And the important thing is to have ex-ante evaluation relative to available alternatives at the time. Now, that can be very difficult to do. But at least if the participants commit to that, then they can't argue for some other evaluation after the fact. I think the courts are moving towards that anyway, but perhaps this would accelerate the movement to have people commit to it.
And just as an example of that, Ari explained the implications of the Ebay case for availability of injunctive relief. We think that in participating in standards bodies where there is a RAND requirement, participants should agree that they will not seek an injunction unless a potential licensee refuses to pay after there's been a third party determination of what is reasonable because it ends up putting too much leverage on the intellectual property if you don't do that. And it's very consistent with the Ebay case, but the Ebay case didn't go to that point. And I think these are things that government can do by building a bias toward SDOs that do that in the federal procurement rules that A-119 helped set.
And I do think that if the government were to do that it wouldn't be as radical a move as it would have been say pre-Ebay and pre some of these recent cases because going back to exit voice and loyalty, it's harder to exit a situation where the government does that, where the background law is that anyway. And so there is no incentive to exit where you have background law that essentially does the same thing but is developing a little bit more slowly.
So Raj, in terms of you living in the smart grid space, you're at the dawn of this era. How much are you worried about IP rights holders out there? How much are you worried about your IP being dragooned into a more common pool resource? This is an issue that is only beginning in this space. I am curious just from that time space how do you see it?
Well, it has been a concern, exactly as you say. This is the beginning of the process in smart grid. And therefore there are a number of participants who perhaps operate differently than they would in a more mature environment. I happen to be one of the a co-founders of Silver Spring and in trying to lay out our intellectual property philosophy, I think it's fair to say that what Mark articulated as CISCO's was, frankly, an inspiration for us because exactly for the reasons he articulated. Taking that kind of approach basically enhances these sorts of network effects and fundamentally grows the market. This is something that many people, I think, at the dawn of a standards process or a move from proprietary or standards-based process miss. There are many vendors at the time who feel like their advantage exists by digging in their heels and continuing to preserve proprietary technology. Whereas what they miss is that, what that means is they have locked in their customers. It also means that their competitors have locked in their customers. And the difference is that in a standards-based environment, as soon one of their competitor's customers enters a market, they can actually go compete for that customer in a standards-based environment, where it's much more difficult to do in a proprietary environment. This is why the standards-based approach actually grows the market. And so eventually most vendors figure that out and the industry moves along to that aspect. So that is the transition that the smart grid sort of environment is going through now. But it's happening much more rapidly, and has been, frankly, happening more rapidly in the states at least largely because of the convening aspect that we talked about, basically NIST and others bringing vendors together and slowly educating them in that process.
Mark mentioned about transparency, exponential property and how that's something standards bodies can do more effectively. He also mentioned rules and regimes around a more effective reasonable nondiscriminatory approach. Steve, do you see either of those two strategies as ones that standards-setting bodies can profitably pursue? How would you see this as a state of practice?
That's an interesting question, and I think it's going to be one that we need to spend a little more time on. The experience that I have is certainly in the IT industry, is we bring, when companies want to come to the table on more mature standards, the bylaws already stipulate if they come in, what they're going to agree to in terms of intellectual property. And again, as I said, if you are trying to grow a new market like html with w3c or the first instantiation of usb1, you pick a fairly open IP protocol, like in that case it's either RAND or royalty free, with reasonable, nondiscriminatory and royalty free. As they become more mature, then you pick a particular RAND, a particular model that actually makes sense. Having standards bodies actually go in--I agree with the transparency, you put your IP on the table. What I really would worry about is if we ask standards bodies to actually go do patent searches to see what particular patents could actually read on a particular protocol. I think it will bog down the committee, and I don't know if it's going to be that effective going forward. Even though the private industry, at least in the IT sector, sometimes looks a little chaotic, I agree with Mark, it has worked over a number of years and a number of different organizations. And most companies that come to the table, they do so that they can get a time-to-market advantage, not necessarily an IP advantage. There are those few that will play trolls, but generally speaking, the majority don't. So they are either open and honest and put their IP on the table up front, or they don't get to participate.
Ralph, do you see the RAND system as currently constituting, working well or do you share Mark's concern that there's serious flaws in it?
Well, Cable Labs has a lot of experience with different types of royalty pools or IPR pools. We've gone everything from simple mutual nonassert, royalty free, which has been very good, as Steve mentions, in terms of emerging markets. It helped us establish the cable modem as a worldwide standard and really develop that marketplace. So that's one end of the spectrum. The other end of the spectrum is we've actually established royalty bearing pools like mpeg, and done on that end. And it really does depend upon where you are in the market and the market maturity. I think there are very real issues and it even shows up in some of our specifications and standards, where there's the opportunity for trolls to come in and either try and seek injunctive relief or some sort of unreasonable license terms. So some ability to try and mitigate those kinds of levers after the fact, I think it would be a beneficial thing.
I agree with that.
Geoff, you got us start off in this conversation. Any further thoughts about sort of what the key challenges are and a few thoughts about of the role for government in the IP policy area?
Well, I think if you look at the role of RAND, it is working reasonably well in a number of different venues today. I think the challenge as complexity grows is how do you assess rate relative values of some of the contributions. A lot of that gets worked out between the major players in terms of offsetting one's IP against another and putting something together that works out economically. I mean I think it was mentioned before the issue in doing patent searches and things like that. And absolutely agree, that's probably something that doesn't work in real time, particularly when you consider the amount of time it takes for something to clear through the patent process, that there could be significant IPR out there that you'd miss in that kind of search and really couldn't accomplish the goal.
So let me move to another, and related area. And I will start with Steve on this. Which is the trade concerns and dimension, the standards, and in particular, how do standards interface with global supply chains, export strategies, international markets? And are there concerns about what some have called nontariff barriers to trade, that is, companies who might insist their own standards, not allowing participation in broader standards ecosystem? And how does that affect your product strategy and how does it affect U.S. economic policy? Steve?
Sorry, Ralph. It's a big concern of ours. There is the belief or there is the feeling, and we have seen some demonstration of this, at least in some isolated cases of where there will be the move to try to grow indigenous technology, and products that would be sold in a particular region would have to implement standards that aren't necessarily global standards or they're local standards. A company like ours just has to be flexible. And working with the--we have a worldwide policy and practices group that keeps track of what's going on in these geographies. And we either have to send the appropriate engineering bodies or work with the appropriate agencies to make sure that we can get whatever standards effort that's going to actually become more of a global standard or something that we can actually live with and implement. Because at end of the day, it's about the agility for us to able to build product to serve those markets. It would be more beneficial for us if we could have a worldwide standard. I love the global standards bodies as long as they are agile and they allow us to react to with the market. The products that were invented in the year 2000 wouldn't have anticipated where the market has gone today because we just didn't have that kind of insight. So that level of agility has to occur. It would be great if those standards exist. We recognize that there're always going to be those efforts for countries and companies and regions to be able to grow their indigenous technology. And we're going to have to just--we as a company, and I would like to hear the response of the others, have to actually work with those areas and make sure that we can bring the standards to something that's a little more global, but recognize there's going to some local capability there that we're just going to have to respond to if we're going to compete in those markets.
A number of dimensions there. Let me actually add a few more and go to Ari. In health and safety standards, for example, in biotechnology or aviation, there is a trickier evaluative criteria because it's not merely indigenous innovation, qua indigenous innovation. It might be we have our own health and safety concerns or other values that standards could arguably constitute a nontariff barrier to trade, but also there might be reasons to support them. How does the question best be asked and evaluated to benefit from the economies of scale and larger markets, but yet respecting that standards are part of traditional health and safety regulation, etc?
Right, so I think I can answer that question at least quickly from, by giving one example. And that is the example of the FDA, going back to the FDA. One criticism of the FDA is that its health and safety standards tend to be higher than those of Europe and particularly in the drug area. And I do think that there is a balance to be struck, but I think even the FDA commissioner has recognized publicly that there is something to be learned from the fact that the Europeans, for example, have signed off on a particular drug as being safe and effective. And so I do agree that there may be national interests in having somewhat divergent standards. But one can also take that national interest too far.
Well, that actually a broader theme I wanted to get to in the trade conversation. One can tell two different stories about standards as used as a potential barrier to trade. One is the countries who do that will ultimately find it self-defeating and will find themselves remorseful if they did, in effect, use standards strategically. The other is, no, it could actually be a very effective strategy for those companies, for those countries, rather, even though it may actually hurt in some global, economic way. That would look at it as a extranality they wouldn't have to actually internalize. Mark, do you have a view as to which of those two stories of standards international trade is more accurate, or is there truth both of them?
Well, I think there can be truth in both. But what we are seeing, just to echo what Steve said, is more and more efforts of governments to use standards in ways other than to attempt to address a legitimate public concern such as environmental or health and safety concerns where people may make different judgments as to where they want to balance those concerns just as we have a federal system in this country, and states have the authority here to make those judgments as well. What are we seeing is nation states, which want to limit market access or create a technical barrier to trade or gain control over technology. I think the way to link those two different stories that you put together and what the global implications are is to think of one point, to elaborate one point that Raj alluded to earlier, and that is in new industries as new technologies are coming to market, time-to-volume is very critical because it determines economies of scale and can determine who will be successful. And to the extent other nations that are large and have large internal markets or groups of nations that have large internal markets are successful in driving a standards creation process faster than we are. Industries that have participated in the development of those standards, in Europe, for instance, the votes in standards bodies are based on European revenues, and European players are often larger. To the extent they get to a standardization sooner, their industry participants will get to volume sooner, will have a cost advantage, and that marketplace cost advantage can then circle back and impact our own standards processes our companies seek to compete. So the way this plays out is a need for speed. And I think the story of hurting--those countries hurting themselves, except to the extent they have national security or other concerns they're trying to vindicate, I think it hurts them unless what they've done is really drive themselves to volume faster, in which case there isn't going to be a level playing field. And that precondition for our success in the world that the President pointed out won't exist. And I think that's why what NIST is doing in smart grid and health records is so critical that we drive that forward, get a clear set of standards quickly that's transparent. People aren't going to be afraid that they'll be subject to extortion demands later, know that our antitrust authorities are going to take action against those to try to gain the standards process, all of that will create the precondition for our industry to be successful, not just here but globally as these new industries roll up.
So, I want to segue to our final point to talk about and then we'll get the audience more directly involved. I've got a number of questions I'm going to pull in here, which is the role of government and how the government operates. And a couple people talked about can the government operate both more self consciously and more transparently. Let's talk a little about that, and let me put a couple questions on the table. One is, to what extent do you see the government as a customer in relevant standards bodies? So someone mentioned cloud computing earlier. Obviously the health and safety is there, where the government has a real interest. Does the government play a role literally at the standards committee, articulating what their thoughts, concerns, learning from? Is that a vibrant discourse? If not, do you think it should be? And secondly, is there a risk if the government goes and is involved that it can actually play too strong a role, in effect seeking to mandate, coerce, or just maybe nudge more stronger than it should, compliance in a way that is quasi-legislative and not really merely convening or agenda setting. So broadly conceptizing the government role, what are the opportunities and risks? Let me start with Geoff. I mentioned before the FCC, which had a very active role in a couple of the standards I mentioned. More recently, the FCC sometimes has not had a role. What are your thoughts about any government agency and its proper engagement with standard setting?
Well, there are a number of areas where the government involvement is obviously quite important. I mean, you look at, for example, our wireless business, our products utilize spectrums. And spectrum is really a national resource that has to be intelligently managed and how these specifications for that spectrum are written can very much influence both the use of that resource as well as how we manufacture products such as a government role in the delineating basic spectrum rules as well as coordinating those spectrum requirements with other national bodies because we look to sell the same general set of products across a variety of markets. To the extent that one product can be sold to multiple customers around the world obviously benefits us. I think there's areas in the business that clearly are relevant to the national interest. Where are wireless products used, for example? They are used in everything from public safety, right on up the food chain. And a number of aspects of how those products are manufactured are clearly important. Even in some of the wired businesses, I mean, we are a participant in a number of video standards bodies, most visible which is mpeg. Obviously, video standards have to exist across a variety of platforms on a wide variety of devices in a number of countries and across a number of delivery regimens. And a government involvement in helping guide that process, not necessarily setting the process, but being a participant in terms of some overall guidelines is often helpful, particularly when you look at a number of these international standards bodies where the other governments of the world are very visible participants and often carry a significant amount of weight because of their governmental stature.
Steve, is that your observation, that other governments are less shy and are more kind of supportive of their agencies and officials engaging in standard setting? And if so, is that a positive or a negative dynamic?
Well, in my limited involvement with foreign governments, it's absolutely correct. They tend to be a little more forthright and forceful in terms of being involved in the standards. Certain countries are starting to look at the way the United States does it, Japan and certainly Europe, and looking at are there models that they can follow there. So I can see governments starting to evolve. I think the big role that government can play is a convener and coordinator, as we mentioned today, in areas of national policy. I was pleased to hear Aneesh's example about medical health records. But cyber security is a huge concern. And I admire the complexity of the problem Raj is trying to solve, because every device that's out there that's monitoring something in your home or in your office is an attack vector. And making sure that we come up with standards that allow us to deploy reasonable solutions that we can get out quickly and effectively I think is going to be absolutely critical. So those are the places that government playing that role I think would be really critical, at least from my standpoint.
You beautifully led into my next question, and I will hand it off to Ralph, first with a retrospective. When you worked on the cable modem standard, which has become an international standard, did you have or did government employees raise the question of security, concerns about how would you protect? Because I think people when they look back at the internet, one of the great regrets I've heard some of the empires say is we weren't thinking about cyber security at all. It was designed without security in mind, and now we're trying to develop standards and facilitate effective cyber security. but it's after the fact. What is to learn from the cable modem story on that?
Well, actually, the cable industry themselves focused on security and integrity, primarily from the standpoint of theft of service as being a primary business motivator to build the security into it. With that being said, the cable modem specifications and standards all make use of X-509 certificates for conformance and authorization, authentic...
And for those who are not quite so in the know, I assume that was a standard you referred to, X...
And that would be a standard of which body? Do you know?
Gosh, you know, I don't remember off the top of my head.
Some standard setting body officially adopted X-509. I'm sure some in the audience will know. And you all built off that standard as you built your product.
That's right. And so that permits us to maintain the integrity of the network. Interestingly enough, as you talk about the government as a customer, and after a fashion, law enforcement is a customer through the CALEA, the Communications Assistance for Law Enforcement Act for performing wire taps and those sorts of things. As the technology deployed, in particularly voice over IP, and the ability for law enforcement to execute lawful intercepts of phone calls, voice over IP represented a significant problem. And they came to us at Cable Labs and said, can you help us? And working collaboratively with law enforcement, we were able to come up with solutions without completely re-engineering the network and meet their requirements. So that was a good example of how we worked with federal government to find...
So you and Steve now said, there is a real need and value of having law enforcement and those focused on cyber security mindful of the technological development. And this is an issue that Dale Hatfield has taught me well, which is if you wait to build the architecture and then later ask about the policy issues. This is one reason George Arnold has been so engaged in our policy smart grid discussions, because if you wait to talk to about the policy issues after you've already built an architecture, and then you decide that cyber security's a really important policy, but it hasn't been architected at all, or CALEA and wire tapping as a really important policy hasn't been architected, you have really compromised your position. Mark, is there a lesson in there? And how would you operationalize it? Obviously, you don't necessarily, you know, you have to be careful because they're, some of the downers of the Internet is because they always had to have as much caution all the time, but yet we now have a social mission critical platform of communications for it not to be secure and not to allow for wire tapping raises real policy concerns.
Well, I think in the law enforcement area there's always going to be a very strong national interest and a likelihood of statutory intervention. But I think there's a great example in the security area of how private voluntary industry-led standards setting can then be incorporated into global decision making, and that's the common criteria that are used for network assurance products and network security products where an industry standard was developed. It's now been adopted in a multilateral agreement that 26 nations have entered into. I believe another 50 are looking at it. And it really creates a platform for an understanding of network security on a global basis. To your question about what government can do, I think again, respect that voluntary open process but create a framework that drives transparency. I think NIST was given the authority under Energy Independence Security Act to set the--not only to choose pre-existing standards that need to be part of smart grid, but also to set the framework for how standards will be developed going forward. And those suggestions I made for Circular 119 could be used there as well for some basic principles that should apply and give preference to standards that meet those principles. Internationally, I think we need to identify hot spots where governments are using standard and conformity process as a technical barrier to trade. And we should consider using all the tools at our disposal, including a Section 301 case, or a WTO Technical Barrier to Trade case to eliminate use of standards as a TBT. And one final point about our group here, that is very interesting to me. We are very active in the smart grid space and compete very vigorously with Silver Spring and expect to have a very vigorous competition going forward in the marketplace for customers and for market share. The same goes with Motorola Mobility and Geoff Roman and his company. But despite that very intense competitive battle in the marketplace that our companies have with each other, what you hear today is a tremendous consensus about the importance of an open standard system for us to be successful around the world. And to me that's really a critical point when you see industry coming together like this.
So, I want to give Raj a last word on the government. Actually, we're going to go to Ari on the government role as well. But Raj, you've observed the government in smart grid. What--I know it's hard with George in the front row to be honest about this. But what's the lessons learned and the perspective you might offer? Is there a sweet spot? Do you think it depends on the particular industry lifecycle? How would you articulate the value that the government can bring or the risk of government involvement in terms of things to think about?
Yeah. I think I will go back to the way you framed the question originally, right, which is on the one hand government can be a large customer of these things. On the other hand, they have some legislative authority and that may also contribute, and what makes sense. So I guess I think that from the being a customer point of view, certainly government can move the needle on what the standards should be because they are such a large potential customer and they have in many industries and in many ways. But the danger there of course, is that even one very large customer, no vendor really wants to build something very specifically tailored to an individual customer, potentially, no matter how large, although people have in the case of various governments. The more interesting aspect is the legislative aspect. And I think that's where there is this very delicate balance because on the one hand, just coming in with legislation could be dramatically bad. It can be suffocating for what the standard is going to be and so on. However, what has proved useful, and I do notice that George has left his stick at home today. But what has been useful is the stick of potential legislation in frankly, knocking some heads together when there is a lack of consensus, to be able to drive this forward with at least the threat of being able to legislate something if consensus can't be reached. So that really does tend to focus the mind. It does tend to bring the vendors together and become sort of more readily accepting of reaching consensus. And so I think that has been a very delicate balance that frankly, in the smart grid space the last couple of years, has been struck very well.
In that space, the FERC has authority to establish standards so the threat was not completely an empty one.
The question goes to Ari. How do you think about the role of government in standards in terms of where the benefits and risks are?
Sure. So I think that where it's possible just to use performance standards, that's probably optimal because there is always the concern that the government will be less sophisticated than the private sector in terms of thinking about the correct design standard. So if it's possible to use a performance standard, which may not always be possible, that's the way to go, it seems to me. And this is again particularly relevant to health and safety. And the--in addition to the OMB A-119--we also have something called Executive Order 12866, which is on cost benefit analysis. And there was some a recent executive order kind of interpreting that further and the emphasis there is on performance standards. And I think that's very pro-innovation. In general to the extent one can use performance standards, one should use them. The other two points that I think are worth noting are that the government could, in addition to being a convener in certain circumstances, also provide money. Many SDOs are very thinly capitalized, to put it mildly, and so providing money for certain functions might be very useful. One trivial but one nonetheless kind of notable example might be to the extent that SDOs feel a need to make money off of copyrighting their standard, perhaps there should be a subsidy given to SDOs that want to make their standard non-copyrighted. So that's just a small example of a situation where money could help. And then finally, last but not least, I think what NIST has been able to do with the smart grid is a model that can be followed in many different contexts, in many different contexts where a standard or a set of standards may cut across different agencies so we don't have silo mentalities within agencies, and NIST can knock some heads together so as to get agencies out of silo mentalities. I think that would be a very useful role for government and particularly NIST to play.
So let me offer a final question someone offered here that is dynamite, and I've had this come up before. Here it is. The whole discussion has talked about open standards but has not talked about open source. When I had a roundtable on this topic when I was a law professor, venture capitalist who was there basically said, you know what? For smaller businesses, standard setting is irrelevant and unhelpful. It costs too much money to participate. It's not valuable enough. Instead, open source has kind of replaced open standards as a way to facilitate coordination. Is there any truth here, either as a critique of standard setting, or as a alternative model. Raj, you probably have to think about this alternative a little bit in your world in so far as you were there earlier on. Has open source been a part of your equation? Have you thought about it? And even if not, is it fair to say that standard setting is an expensive enterprise for smaller companies that may make it hard for them to engage?
So it is certainly an expensive enterprise to engage in, potentially anyway. But I think these are very different things. I think the goal of standard setting is--well, at some level the same as open source in the sense of accelerating innovation off a common platform on which to build, and so on. It is really about interoperability and those kinds of things. What open source is really about is providing a kernel of something that can then be sort of widely distributed and widely innovated upon separately. So, I don't really see the correlation between those two in that sense. I think they're really out to solve different problems.
Ralph, you want to jump in on that?
Yeah. I think--in Cable Labs we have some experience with open source as well as open standards. And the best example for us is we've open sourced an implementation of the software platform for set-top box specifications and standards called Open Cable Application Platform or OCAP, now part of true two-way specifications. And so we do both the specification, the interface specification for that platform as well as a reference implementation, and we see them going together. We also provide a set of test packages in compliance with following the java community process. So those three pieces go together to really fortify standard and the specification by providing an implementation and a reference. And that improves the interoperability. So we see them related. Of course, open source makes sense in the context of software. There are other network interfaces and those sorts of things where reference implementations may or may not be as relevant.
Well, and of course, nom IT, like, you know, if you're talking about standards in food and safety or aviation doesn't quite carryover there either.
All right. Let's go to our audience for people who want to offer questions. I believe Ajit may have a mic. There are four microphones in the back if you want to share your questions or thoughts in your own words, now is your opportunity. I'm, of course, not afraid to call on people either here or there, so. And if you could by start introducing yourselves, we are doing a live webcast.
Yeah, I'm [inaudible] from Harvard, [inaudible] FERC consultant. I also do a lot of research, I actually wrote two chapters on cloud computing in the recent guideline. The challenge was that -- in FERC next week we will have that meeting for smart grid. And the lawyers are looking at the technology. We're also talking about how do we look at cloud computing, cyber security and smart grid going together. Because really, these related areas will really help--they provide bring helpful information and look to [inaudible] and every aspect of technology. Are we actually putting stronger emphasis on security for the cloud? Because right now we see a tremendous drive from the private sector to get into cloud along with smart grid. So can we address the government to try to do some testing, independent testing of these innovations before they just move straight ahead in terms of security?
You got at least three really great questions, and let me see if I can tease them out for people. One is a challenge, how do you have, when you have different technologies that are converging and related, how does a standards effort take that into account? You mentioned cyber security, cloud, and standards, which sometimes--cloud and smart grid sometimes are talked as separate initiatives being interrelated. Secondly, you said what's the role for the government in cloud given the interest in security. There is, speaking of performance requirements, a fed-RAND document out providing some government guidance to how the government would implement its first cloud policy that our CIO has called for. There could be, indeed, more active engagement to follow on there as a possibility. Why don't we start with those two questions for people and maybe take the second one first. I think, Steve, did you start talking about this already? So maybe come back to your thoughts on that.
Yeah, that will teach me, won't it.
No good deed goes unpunished, every time.
So how governments--so I think the second one first, how governments can help in terms of evaluating different technologies.
Evaluating technologies and facilitating better security to build into the cloud.
Yeah, so I think there's a couple of existence proofs out there that I've actually seen work where certain government agencies have a very robust capability in terms of building information assurance and actually specifying platforms that actually the government would build. And they do a pretty good job of being able to look at those technologies and saying, hey, I know this is something new you are thinking about. Have you thought about this, this, and this. This is something I wouldn't use. This is what I would like to see. I'd actually--you know, the U.S. government does pretty well there. I think the U.K. government does pretty well. It would be good to see more governments get involved. And I'll briefly touch on the first one. The first one, though important, becomes somewhat of an obstacle as well because a particular government participating in a cloud solution could be interpreted by another one that you are trying to do something to advantage yourself, so I'm not going to allow those technologies to sell in that marketplace. So you know, at some point in time we're going to have to some mechanism of being able to address what we would do globally or we're going to develop difference security standards globally, so--
Ralph, do you have any thoughts on that?
Actually, it did occur to me the X-509 is an ITU standard, which I'm embarrassed that I forgot. But on the security side, I think there, you know, Steve brings up a very good point in terms of governments viewing it in somewhat of a competitive perspective. And there is, throughout all the securities is a fundamental issue root of trust, what is it you trust there. And having the authority and then also the oversight to prevent violation of that trust. So it's a very complicated problem. And there's technologies to address it, but you have to address some of those underlying questions.
Phil, I think it's clear that customers, and that includes government customers as well as private sector customers, for those customers security is really very top of mind with respect to cloud. And I think industry is on working hard to solve that, because customers aren't going to want to buy unless they have confidence. I would differ a little with the view that more governments need to get involved in directly engaging on the issue or in testing and certifying, because what can happen there is one of two things. First, it could become a cloak for other activities where source code or other types of design information are required. And we are seeing that in some nations around the world, which can then be also a basis for creating insecurity of intellectual property but all under the cloak of security. Second, governments can easily cross the line into dictating technological solutions, and I think when government chooses technology, it tends to freeze the market and stop us from doing advances. So I would say again I think the most important thing there is to set a standard and a framework that allows for industry to then work to come up with the best technological solution. And in security I think the common criteria is a very great role model for how we can do that internationally.
Great. Thank you. Next question.
I am Bruce Levenson with the Center for Regulatory Effectiveness. There's been a lot of good discussion about consensus standards, but particularly when starting from scratch the consensus process can be quite lengthy. OMB circular A-119 establishes a role for nonconsensus standards, also known as industry standards or consortia standards. How do you see these industry standards as meeting federal standards needs?
That's a very good question, for those, a little background, A-119 does provide this marker on these voluntary consensus-based standards but doesn't rule out other possibilities. How does an agency decide the consensus process is going to take too long. They need to work with and use an existing industry standard that never went through that process. Obviously in a famous example, Microsoft Windows is in effect an industry standard that gives us interoperability. It [inaudible], but it never went through that process. There are lots of technologies that would fall in that category. Is it ever acceptable and when and why would government take advantage of that option? Anyone wants to offer any thoughts? You've stumped the panel. Listen, we'll leave it out there. People can think about the question. It's obviously an open question and if no one here -- well, Ralphs' got --
You know, we are fools, you know, angels fear to tread, right?
No, take a shot at it.
So I think we manage I guess you would call it a nonconsensus process within Cable Labs, we are a bit of an agent for our member companies. And it is able to drive consensus by being the customer or acting on behalf of the customer. So I think there is some merit. And again as I said we take our work to standards-setting bodies, for example, SCTE, I see Steve Oksala here in the audience, and ITU and others where there is an opportunity for more of a consensus-based approach. But it gives you the basis that's well-developed and something to start from, so I think there's some merit.
I guess I would just add that the difference is when you're dealing with an industry association versus a government mandate, and an industry association of customers working with vendors can sometimes endorse something. I'm not sure it makes sense that the government goes and does that A priori.
And let me explain, if I can, on what I think some of the cautiousness is. The risk in that scenario, obviously, you've mentioned the reason for it, which is speed, is the, voluntary consensus has some built-in safeguards and check and balances, which makes it less risky for the government to choose the outcome of it. But for the government to embrace a propriety standard that hasn't gone through that, one worries about risks that don't adhere in that first model. So that's I think probably why you've got some of the caution here, but nonetheless it's a very fair and good question. Thank you for asking.
Excellent roundtable. My name is Dan Bart, Valley View Corporation, but I also wear the hat of chairman of the NCIPR policy committee, and I am past co-chair for the private sector for the ANSI Homeland Security Standards Panel. So I have two questions, somewhat in both veins, first directed to Phil. We have had discussions about the differences between open standards and open source, and they are very much different things, in the sense of one being implementation. But in your opening remarks I think you also used the term open standards, open innovation. And I am trying to find out what you mean by that term. I know what the USPTO told WIPO, and I like what the USPTO said to WIPO in terms of defining open standards. So my first question is what do you mean by open innovation and open standards. And my other question is more directed to the panel overall. We've talked about the role of government in terms of as a convener or getting people to work together. ANSI has had very many standards panels. The Homeland Security Standards Panel, nanotechnology, health care, a variety of them that brings together the four consortia, the traditional SDOs, NIST has their standards panel for smart grid. What are your comments about the value of standards panels, in general, whether they are ANSI standards panels or the NIST-type standards panel?
Great. Well, first a shout out to ANSI. I know we have got some good ANSI members here. We appreciate your involvement. This effort was kicked off with Aneesh, Pat and I at ANSI. We had a really good webcast, and I'll be speaking to some of ANSI's core folks here in an event in a week or so. So ANSI's done amazing work. And for those who haven't seen the ANSI document called the National Standards Strategy, it probably is the single best statement of sort of the theory of the case, sort of how the U.S. standards model works. So we appreciate all your good work. Open innovation, by that I mean the concept that innovation is no longer viewed as something that companies would wholly keep within their ranks but instead they would look to ask the question how do we engage people outside of our company to help us find new ways of doing business. Proctor & Gamble has taken that to a pretty impressive degree. For example, recently telling their technologists we want you to look outside actively and find opportunities. I think it's fair to say that open standards development is a form of open innovation. It is a collaborative effort among different firms that will create innovations that will be spread widely and firms will compete not based on proprietary technology, to use the example Raj was explaining, but based on their ability to produce more effective products, given an open environment. As for the standards panel question, anyone here have experience with how the standard panels have operated and to what effect? All right, another stump-the-panel question. Thank you very much.
Thank you, my name is [inaudible] and work with NIST [inaudible] information technology specialist and I am also a chairman of a standards body in the U.S. for security [inaudible]. So I am in this position of working both on federal standards and U.S. international standards. My question is in particular you added a word that I hear several times interoperability. I keep hearing this word in many, many context, but especially in the sector of security and increasing efficiency, when we talk about security, I still see it kind of a lot of times, both from the government side and the industry side to make a bold move to introduce, to embrace interoperability concept. And I would like to hear the consideration of the panelists on this topic, because interoperability is not just a word. It is something that is needed to increase efficiency and security, and we know how much we need it in the U.S. thank you.
So I put it this way, I think I asked the question of interoperability, and I believe it was Mark who said well, it's one piece of the overall story, but only one piece. Did we sell interoperability short, I think is another way to say the question, in terms of how it has reverbering benefits across a number of different areas including even promoting security.
Well, I think Raj filled that gap very quickly after I broadened the discussion by going back and saying interoperability is a critical part of it. And I think that is certainly the basis of a lot of why we do standards, so that we can buy different kinds of light bulbs, and they'll fit into the fixture. And I think beyond that in the networking space where my industry is and where my company participates, it's critical that customers know that as they put products from different vendors and for different applications into their networks that they will be able to operate together. It is so fundamental to the operation of networks that it can almost go without saying so I don't know how to ...
Is it counter intuitive, I mean, I think one thing that the U.S. standards strategy, which does have this firm commitment to interoperability and open standards, for some people security to them feels like it needs to be closed, right? This is one of the psychological challenges. And I think what you are saying, and I have heard others say it is actually if you figure out ways to open up the standard, that actually can promote greater security. And then to bring back the open source metaphor, what was the famous [inaudible] it's with enough eyeballs all bugs are shallow, right? So there is a pretty interesting cultural question about the role of open standards, interoperability, and security because some would suggest that that's a tension, and I think you're saying it's not. Raj?
It's not. It's not.
You seem to agree. Explain a little bit more, because that's an important point
So it's a great question, and I think you will probably find valid agreement on the panel about this. It actually goes back a little to the question the gentleman asked earlier about, so there are these initiatives going on in cloud computing and smart grid and one other thing that I forget now.
How do they tie together -- cyber security. So how do they tie together. And it turns out the answer is standards, that essentially rather than sort of reinventing things in each new domain, there is a lot of advantage to getting standards working across this. That is I think perhaps especially true when it comes to security, which might be a little bit counterintuitive. People like to think about it as, well, you know, if I have this wonderful proprietary secret that no one knows, that's the way to be secure. Security through obscurity always fails. And I think the easiest way to think about that is that if you have now shown up with a new security algorithm, technique, protocol and so on. I guess the first question to ask is has it been under constant attack for every minute of every day for the last 30 years? And if the answer is no, which I think the answer is probably no, then it is not as secure as IP-base, standard-base security that we are familiar with. That is the kind of crucible that that kind of standard security has been through. And furthermore, there is the "with enough eyeballs, bugs are shallow." When there is a flaw found, the entire global community rallies around fixing it as soon as possible. So all of those are tremendous advantages when it comes to interweaving sort of security through all of these new areas that we're trying do it to.
We've got some more people on [inaudible]—this is the opposite of stump the panel. It's get the panel going.
Yeah. I was just going to say in talking about interoperability, because that's really the foundation of the work that we're doing at Cable Labs. We actually have a complete compliance testing regime. We do interoperability events early on to bring the products together, to verify the specification, verify the products. And then we go through a formal testing process to make sure that the products are in compliance, and that our members can be assured that if they buy from multiple suppliers, they are going to interoperate in a way. So there is that additional assurance that we offer, and we also do that in terms of the security infrastructure that we've defined so there's one way to approach that.
And then I will pile on here. The other thing, maybe not related to interoperability but is to some extent is backward compatibility. If a new standard came out bit didn't necessarily incorporate the previous one, we would never really have standards, because it takes in our industry softwares, one of the lagging technologies because you have to get the systems out there for people to innovate on. So the backward compatibility is really the key, and that's where the real successful standards evolve over time, because they can use stuff that was three to five years old as well as the new stuff today.
Good morning, Stephanie Castorino with IPC-the Association Connecting Electronics Industries, and I want to focus today on a positive relationship between industry and government. IPC an electronics trade association is also an ANSI-certified standards organization. We develop standards for electronic manufacturing, technical standards, design standards, as well as data exchange standards for the industry, both for general electronics as well as defense and military. We have been fortunate over the past several years to work very closely with NIST. They have provided great knowledge and expertise in order for us to develop standards that are both useful and important to the industry. Unfortunately, funding for these standards, for manufacturing standards has been cut. And I am not sure if this is a question for the panel, but if you could speak to the government's priorities in relation to manufacturing standards and maybe provide an explanation for a lack of funding for manufacturing standards.
So I don't think anyone here is going to be able to answer that question. It's worth saying that this administration does value deeply manufacturing, and there is a manufacturing policy initiative going on. And to the extent there is not enough emphasis in that on standards, you should let Pat and myself know and we can talk further. So thank you for raising it. And that is one of the interesting things about discussion is you have to figure out the sort of themes that govern the call, government we need you more involved, versus the themes that say government, be careful, we don't want you too involved. So the goal of this exercise, to put it a fine point, is for us to get our best handle on exactly where those requests are coming from and what principles are motivating them so we can best orient our priorities. So thank you for raising this particular one.
Hi. Good morning, Tobin Richardson with the Zigbee Alliance. First, compliments to you for holding this. I think this is the right kind of conversation to have at least once a year, if not every two years. And two, I'd compliment George Arnold. I think he has done a good job in terms of keeping the folks on task but also related to my question here which is, what do these efforts have to do with the consumer? And for the Zigbee Alliance with roughly 400 members, that's our proxy is coming up with standards that have an ability to deliver some value. So when you look at this exercise, I think the question to ask is what is this group, what is the government, and what is the NIST effort doing that is not already done by industry. And what extra additional value is that providing to end consumers. I would also juxtapose that with the mission of government in terms of security and the reliability, and I think that's where FERC has seen in some of their discussions in terms of what they actually have the jurisdiction to cover, and then what they will then provide to different utilities and different regulatory regimes in the states. So I guess my question is really how do you see the customer as a proxy here, the consumer as a proxy in the standards development process, and is that a legitimate or relevant to the discussion here?
Well, I personally think it's a fantastic question: who represents the customer? Is that part of what government's role is, insofar as government blesses standard-setting activity, how does it take into account whether or not customers have been represented? Ari, do you want to start up on that?
So I can speak to that in one respect, and that is with respect to the stacking royalties issue. There is a concern, I think, with respect to some government-adopted standards, DTV being one, HTV being one, that because of the number of patents that read upon that standard, there are significant riche royalties being passed on to the customer, and I think that's something that the government should be concerned about, because the government ultimately does represent the customer.
Another question I would ask is some standard-setting bodies have you might call them intermediate customers, right? Big companies also purchase products and sometimes in that role they get involved in standards-setting activity. Does that play a positive role that is noteworthy, that people have seen or would comment on, Steve?
Yeah, it does. You know, excuse me, it does from our perspective, because we are purchasers of equipment that we expect to be standardized and we help drive a lot of those standards. To his particular question, I think the industry has done a pretty good job of having market-driven standards, at least in the IT area. I mean, you brought up Zigbee. There's 802.11, the entire Wi-Fi activity, 802.3, the Ethernet standards, and because it's market driven the consumer is first and foremost in mind. How do we get it into their hands as quickly as possible, as cheaply and reliably, and as easy to use, because that becomes a critical factor. And that's what drives our businesses. And, you know, again, government's role is if there are areas of national policy, at least it's my opinion, areas of national policy, they absolutely need to be critical on that. But the market can do a pretty good job of driving the needs of the consumer quite well, as we've demonstrated over the last 30 years.
Great. Thank you. And it looks like as our last question for the day, nope, second to last question.
One more lady behind me. Good morning. I am Sara Yerkes [phonetic] with the International Code Council, and I represent a different sector. We develop model codes that are used as the basis for construction regulations in all 50 states and also by the federal agencies. We've touched here a couple times, or you gentlemen have, on the role of the federal agencies in the private-sector development of codes and standards. I am going to use this opportunity since there are representatives here from the administration and hopefully from the legislative branch too to say that there needs to be clarification. And I hope when you review OMB 119 that you will clarify the rules of participation. We value the partnership with the federal government and encourage the agencies to participate in our national model code development process. But the problem we encounter many times is that the federal agencies seem to have different rules. Each agency interprets the law differently, as far as their participation in the process is concerned. And also the other, more for recommendation now, there needs to be funding for this involvement in the codes and standards development, because that's the other problem we hear frequently from the agencies. They don't have funding to travel to code hearings or committee meetings and so forth. So that's my observation and I hope that the OMB A-119 is reviewed so it reflects better clarification and uniformity for all agencies. Thank you.
Well, thank you. I would say something for all commenters, which is sometimes people assume that if you are running NIST or if you are working in the White House, you must know everything that's going on in every agency in the government all the time. If people thought that, you would be incorrect. You all have observations and experiences. And even if we heard from the people in the agencies who are doing it all the time, it's quite possible and likely that your experience of government employees and standards setting might be different and valuable. So that comment and suggestion is very welcome. Thank you for that. Good, we have a couple more.
Jennifer Cleary from the Association of Home Appliance Manufacturers. I think this question will probably build a little bit on the question from the gentleman from the Zigbee Alliance, but addressing the consumer perspective. One reason for interoperability that has been discussed I think a little bit is consumer adoption of the technology and promoting that consumer adoption and use. For example, in the smart grid. How do we get consumers to adopt all of these technologies that manufacturers are working on. So AHAM to that end has been working on, for example, a technical evaluation of communications protocols that are designed for its smart grid, and has been assessing those, which ones would be the best for the appliance industry, for example. And are looking for ways to take that type of a study to the next level, and we will be addressing that in our response to the RFI on how we think government might be involved. I would be interested to hear from the panelists how they think government might be involved in something like that, with the consumer in mind and adopting those technologies. And similarly how you might work with other, you know, outside of the standards context, maybe, and I know that's not our topic today, but we just want to keep in mind that that's also important for consumer adoption to jumpstart the smart grid. For example, we've submitted a petition to the Energy Star program to recognize the benefits of smart grid. And that's also important and we should keep that in mind.
Great, thank you.
Can I ask a quick question?
So this information you speak of, is it publicly available?
Yes, it's publicly available. The study is posted on the AHAM Web site, which is aham.org.
Thanks very much.
I think in answer to the question, I think that essentially home appliances are going to be end points in a universal smart grid. And fortunately, there are a lot of pre-existing standards for how end points like consumer devices can operate in the network. And as the effort proceeds to develop standards for national smart grid, I think it's important to take advantage and leverage the pre-existing standards that exist for end points participating in a network so that there doesn't have to be massive redesign. I think we already see appliances that for various reasons, our function is network end points, whether it's a refrigerator that can report the fact that it's out of order and so forth to others.
All right, for our final question.
My name is Daniel, Department of Defense. It's interesting listening to this, and I tell you, I as a computer scientist in the cyber security arena, in the DOD, appreciate standardization. We are struggling trying to understand. Now, you have to understand my background is 15 to 18 years of private industry and the last four years I came to government. Government is actively trying to recruit us to come into the government and bring our experience, and I see the value. There are IASB scholarship programs and stuff like that. To me when I'm looking, trying to figure out how to solve the problems in the DOD, one is the standardization is absolutely important for us, because from cyber I need to set a baseline. There needs to be a standardization baseline that we can all understand. Terminology is another issue. We talk about cyber, cloud computing SOA. The problem is, even among the DOD. agencies, nobody understands the same thing. So what is cloud computing? What is SOA and how to utilize it. The standardization of terminology across the industry is important, so we know exactly where we're talking from. One of the things that is a little frustrating is here we are having to deal with cyber security. We have to use [inaudible], which is a framework, COBIT, ISO. We have to try to secure the new technology coming in. We've got cloud computing. And if you don't have the standardization, particularly just in the DOD, how do we come to this formal understanding to how we're going to do this across, let alone now that with the directive of the government, with, like, for example HSBD 12, how do I do this across agency. I spent half my time at DHS and now the other half in DOD and I want to tell you it's not easy communicating between agencies, let alone getting information. So I will tell you the move to standardization is critical, at least give us this baseline. It doesn't mean, and people need to understand this, once a standardization is there it doesn't mean you can't push past and do more for example, in cyber security. People look at it and say, well, oh, if we follow standardization we're done. No, that's your baseline. Now, you need to push past and go ahead with the threat vector. So my question is how do you see federal government, private industry finally trying to standardize the way it should be in the sense that we all understand the same thing we are talking about to bring the national security? I am a little concerned with the acceleration of the threat vectors out there that we're going to be able to do this quick enough, at least to set a baseline. You get things like the Stuxsnet that was just sent out, and we look at this and I sometimes have a hard time going to sleep at night wondering is our enterprise going to be able to deal with this. So my question again is how are we going to able to collaborate on this, and if we don't, in a more quicker fashion, I am concerned about the national security of the grid, of the financial markets, of the ability for the country to keep itself safe and secure? And my big issue I tell people is if you want the country and us to move forward, you have to have a basis of security. The security then gives you the trust, which makes people allowed to communicate and develop and innovate. And so again my twist in the cyber side is, somehow we better start more quickly standardizing so we know we're talking about how we can set this up and then have the open interoperability.
So, is your name Danny, is that right?
First, thank you for coming to the government, and second, thank you for this closing thought and question. I promise people, this was not a plant. The reason for this whole conversation and the urgency that Dan offered is valuable, because like I said, we have this tension that you all will have to help us resolve. On one side the tension is, Dan said it with urgency, others said it with different levels of request, there is a constructive role the government can play as a convener, as an engaged participant in standard setting. We have also heard different levels of anxiety, and in some cases even paranoia. Gosh, what would the government ever have to do about anything in standard setting and don't do anything that could screw things up. There is truth in both of those and the challenge for us is to find our way forward. I will say in cyber security there is talk on Capitol Hill about what the role NIST should play to help in some sense be an engaged convener in cyber security in the way that has happened in smart grid. We adverted to this a little bit, but I think with Dan's urgency, let's go back and give us all a last whack for those who want to talk about it. Is the state of standardization in cyber security something we should be nervous about? And is there a role for government in helping to facilitate more effective coordination and interoperability in ways that will keep mission critical and other, you know, valuable infrastructure secure from an emerging threat environment that we're living in? So are you going to start on that?
Yes, thank you. Yes, I believe it is something we should worry about. I agree with Dan. The attack surfaces are getting more numerous and the problem is getting larger. And our ability to keep up with the sophisticated individuals out there is becoming more and more challenged. And so I think that at least having the dialogue of what are we going to do is actually critical to getting this started. And then we can decide what role does anybody play. Mark is right. There are standards out there that help in the network itself, but are those sufficient enough? And are we thinking about outside the network or things that touch the network that potentially have the opportunity to get in. Dan brought up Stuxsnet. That was spread by a USB key. And so, you know, the sophistication that's going on out there is really critical, and I think it has to be a priority.
Jeff, do you have any thoughts on that topic?
I think it's an issue that needs to be addressed across the entire ecosystem. I mean, it's a device issue. It's a network issue. And as you start having more and more devices connected into the networks, it's compounding the problem.
And one of the things I'd also say, which fits in the larger story that this effort we hope will be an education effort for us in the government is appreciating the role of standards and appreciating the role of user education. If people don't adopt key standards, then we haven't necessarily solved the problem either. So there's a multi-part of the problem, and one key piece that you remind us is people like yourself, you know, serving all of us. So thank you, Dan, so much for that.
Thank you all for taking your time to participate in this discussion. And we want to remind you this is the beginning of a conversation for those who have motivated themselves to think harder, please keep thinking and give us your comments to the RFI. That is available on the Web site. And for those who are on the webcast, again it's standards_roundtable [at] nist.gov (standards_roundtable[at]nist[dot]gov). Have a good rest of the day and we'll look forward to continuing the conversation. Thanks everybody.