Remarks as prepared.
Good morning — and thank you for having me here today.
I would like to share with you some of the work we are doing at the National Institute of Standards and Technology, or NIST, to help American businesses and government agencies prepare for the transformational changes being brought by our digitalized world.
I love our mission at NIST — to promote U.S. innovation and industrial competitiveness. I love how it supports our country’s private sector-led standards system and helps to ensure our collective economic and national security in today’s global economy.
I spent over 30 years of my career at NIST, went to academia for a few years, and have returned to NIST as the director.
It was the NIST mission — as well as the incredibly dedicated people that carry out that mission — that brought me back during this critical time for the country.
The theme of my talk today is cultivating trust in technology, which is core to everything we do at NIST.
We build that trust through our reputation for technical excellence, integrity, perseverance and uncompromising rigor, all of which are essential to our success. But as you will hear, we do not do it alone. Collaboration and convening the right people are central to everything we do.
Rapid technology innovation can bring with it amazing opportunities — but also new risks and challenges. NIST is working closely with our private and public partners to address those challenges, working toward a better future for everyone.
We now find ourselves in a time of accelerating technological change that is reshaping our lives in many ways.
This change involves a broad set of critical and emerging technologies that will be vital to the nation’s economic success in the coming decades.
These technologies are not being developed in isolation — they cut across scientific disciplines and even industries. Their development and wise use rely on collaboration across industry, academia, civil society and government — and across borders.
These technologies are accelerating the digitalization of our society and present us with many complex problems to solve. But solving the most challenging problems is exactly what NIST has done since its creation in 1901.
Today I want to focus on five digital technology-related areas where NIST is very active:
1. Artificial Intelligence,
4. Privacy, and
5. Quantum encryption.
But before I get into these technologies, I’d like to briefly talk to you about the importance of international standards, which will of course influence the futures of all these technologies.
Ensuring U.S. innovation and leadership in international standards development is a top priority for me in my role as the under secretary of commerce for standards and technology.
NIST has a long-standing and well-earned reputation for cultivating trust in many areas of technology, by participating in the development of standards and metrics both domestically and internationally.
As a nonregulatory agency, NIST is able to forge strong relationships with many stakeholders in industry and academia, and with international partners. These relationships strengthen our work, making it relevant and more impactful.
Standards make technology more secure, usable, interoperable, robust, and reliable.
In other words, more trustworthy.
More than 400 technical experts from NIST participate in the development of documentary standards for manufacturing quality, health, safety and global interoperability.
Our experts work closely with other Department of Commerce agencies and across the federal government with the Department of State, United States Trade Representative, Department of the Treasury, and many others. The administration and Congress have made U.S. participation in standards a national priority — and NIST is responding with a whole-of-government effort.
However, the U.S. government cannot do this work alone.
That is why international collaboration is so very important.
NIST is leading efforts to implement an International Standards Cooperation Network.
This network will enable us to share standards information and increase situational awareness across our governments. It is a proactive approach to protect our shared interests in international standards development, with a particular focus on critical and emerging technologies.
We are looking to extend these relationships with other countries, many of whom are represented here in the audience today.
As I mentioned, NIST is doing groundbreaking work to support the adoption of critical and emerging technologies, including the responsible development and use of artificial intelligence, or AI.
AI has been around for decades, but recent years have brought major advances.
And as researchers have found ways to use AI to solve complex problems, many have come to understand that we need to be mindful as we expand its capabilities.
The potential for negative impacts, whether through accidental or malicious misuse of AI, is something that must be considered.
By understanding and managing the risks associated with AI, we can cultivate trust, help preserve civil liberties and civil rights, and enhance safety — all while creating new opportunities for innovation.
The responsible design and use of AI systems is critical to AI trustworthiness.
NIST is developing a voluntary AI Risk Management Framework, or “AI RMF,” through an open, transparent, and collaborative process.
The AI RMF will help organizations understand how the AI systems they build and deploy may affect individuals, groups and communities.
We are grateful for the participation and engagement of governments, industries, civil societies and academic experts from around the world that are informing this framework.
We plan to publish version 1.0 in January 2023.
I invite you all to continue to engage with NIST as we develop additional resources for trustworthy AI.
Blockchain also represents a new paradigm for digital interactions and serves as the underlying technology for most cryptocurrencies.
At NIST, our researchers are investigating blockchain technologies at multiple levels.
We created a Blockchain for Industrial Applications Community of Interest — with members from government, industry and academia.
In addition, NIST has designed and implemented a new form of distributed ledger technology, known as a data block matrix, which provides the integrity assurance of blockchain but allows for controlled revision or deletion of data.
Cybersecurity of course is foundational for all of these technologies, including those that support our critical infrastructure. That encompasses not only physical systems like highways and pipelines, but also our IT infrastructure, which is increasingly integrated into these systems.
NIST created the Cybersecurity Framework, or CSF, through close collaboration between industry and government. The framework, which is voluntary, consists of standards, guidelines and practices to promote the protection of critical infrastructure.
It helps owners and operators of this critical infrastructure to manage cybersecurity-related risk.
It has been widely adopted, not only across the U.S. but internationally. And it has been adapted and incorporated into guidance used in many countries and regions worldwide.
Our website features links to nine translations of the framework, the most recent being a Ukrainian translation.
Because the cybersecurity landscape is constantly changing, the framework is a living document, and we are adapting it for the evolving cybersecurity environment.
I was pleased to help kick off our inaugural workshop on the Cybersecurity Framework 2.0 in August, which brought together almost 4,000 participants from 100 countries. The involvement of many stakeholders will be crucial as we adapt the framework for the future.
The digitalization of our society is powered by vast quantities of data about individual people that flow through complex systems around the world.
Those individuals may not understand the potential consequences for their privacy as they interact with numerous systems, products and services.
There is a lot of overlap between privacy protection and cybersecurity, but there are issues unique to privacy. NIST is aware of these issues and since the early 2000s has done a great deal to address them.
The NIST Privacy Framework, released in January 2020, is the result of a collaborative effort between NIST and organizational and individual stakeholders in the public and private sectors.
Since the Privacy Framework’s release, NIST has actively engaged with domestic and international stakeholders to promote its use and the sharing of best practices. NIST has released a Quick Start Guide for small and medium businesses, educational videos, mappings and translations in four languages.
And our work on privacy is not done. In response to stakeholders who told us that the privacy workforce is a priority, NIST has also launched a Privacy Workforce Public Working Group, with more than 600 members.
Additionally, NIST is supporting a U.S. collaboration with the U.K. on prize challenges to accelerate the adoption and development of privacy enhancing technologies.
Personal privacy — and much more — will also be impacted by the advent of quantum computing, which threatens to render obsolete many of the encryption algorithms we rely on to protect our personal information and to do business securely.
Post-quantum cryptography, or PQC, is part of a large research portfolio at our agency designed to build trust in quantum information science and engineering.
In 2016, NIST initiated a process to develop and standardize one or more additional public-key quantum-resistant cryptographic algorithms.
The four selected encryption algorithms, announced this past July, will become part of NIST’s post-quantum cryptographic standard, expected to be finalized in about two years.
NIST is also involved in foundational research, quantum engineering, and the dissemination of a quantum SI measurement system.
As with everything I have discussed today, our work in this area relies on significant contributions from, and engagement with, experts in industry, academia, and other government agencies – both domestically and internationally.
And finally, I would like to close on recent good news that will have a big impact on NIST and the nation over the next few years: the CHIPS and Science Act.
This act, signed into law in August 2022, is going to revitalize the semiconductor industry through a combination of financial incentives, robust support for new R&D and new tools for developing a 21st century STEM-focused workforce.
NIST is working very hard to carry out these programs, and we there will be much more to announce in the coming months.
This is an exciting time for NIST, and I am so glad to be here as we continue to make advances in measurement science that will help us all meet future challenges, while ensuring greater prosperity for all.
Thank you, and I look forward to talking with you more about NIST and how this amazing agency is helping to bring about a better tomorrow.