NIST IoT Drilldown: How the Organization is Advancing IoT
The Internet of Things World conference brings together leaders from across the IoT landscape to examine the key issues the industry is grappling with on the path to higher levels of adoption. This video is the first in a series from last year’s conference in Santa Clara, California. We’re re-releasing important keynotes from that event to whet your appetite for this year’s show on May 13-16.
In this keynote address, Walter Copan, Under Secretary of Commerce for Standards and Technology at the National Institute of Standards and Technology (NIST), explains how the U.S. government is looking to leverage IoT, the critical challenges NIST is addressing around cybersecurity and interoperability, the need for measurements and standards, the work the organization is doing around privacy, and the need for reliable connectivity. Watch the video above or read the transcript below.
Walter Copan: What an exciting time it is to be looking at all of the elements of the Internet of Things and to look at the future as we consider the IoT in action. We’re starting to see the benefits, but we’re at the very beginning of a trajectory, aren’t we? Looking at the opportunities, the business models, and it’s being driven by collaboration. It’s being driven by standards that are so necessary at this stage looking to engineer in security, for trust, interoperability and performance. So we’re here at the right time for this industry to shape it together into the trajectory of the future.
I’d like to share with you a little bit more about the context of NIST. It’s delightful to be in this room where we have worked with so many of the companies represented here in developing together the cybersecurity framework for the nation, which has also been deployed, not only across government, but increasingly internationally. The mission of NIST, as part of the U.S. Department of Commerce, is really to support U.S. innovation, to support U.S. industrial success with standards, with technology, with measurement science, that enable our industries to move forward. There are two major facilities for NIST, although we have a footprint around the nation. You can tell by my tie, I’m here from Washington D.C., probably the only long tie in the room. NIST is a science- and technology-based organization that’s actually written into Article 1 of the U.S. Constitution. As we know, it’s so important to have measures and standards to drive fair commerce and to ensure that industries can move forward effectively.
The ways in which NIST works is to engage with industry, not only in partnerships such as the cybersecurity framework, but also through our collaborative institutes that include the future of robotics and industrial automation, as well as the collaborations around cybersecurity and IoT interoperability. There are many, many benefits that the U.S. government is looking to from the development of the IoT frameworks, looking at facilitating exports, strengthening commerce. We’re also involved in addressing spectrum availability for a wide range of capabilities. Also, ensuring that we have the right kind of measurement science and solutions that will enable the kind of interoperability for the secure IoT of the future.
There are tremendous amount of opportunities. We know them, we’ve heard them from almost every speaker today. The opportunities and the business models that IoT promises to deliver are being expected by U.S. consumers. They’re ready and waiting for the autonomous vehicles, the truly smart homes and hospitals, the smart cities, improved grid performance, and any living environment where devices need to perform to communicate seamlessly and securely in ways that improve our quality of life. IoT is predicted to have a wide range of impacts depending on how you count it. It certainly seems to have a footprint in the several trillions of dollars over the next decade. It’s truly an exciting time, and it’s a chance for us to ensure that we efficiently and effectively deliver our goods from farm to table, that our cities and our mobility have the kind of efficiency and the kind of power that is necessary in our 21st century.
There are many challenges, however. We’ve talked about some of them, and cybersecurity as well as interoperability are included in the list. A few days ago, NIST, together with other parts of the Department of Commerce and Homeland Security, issued a Botnet report, and it’s really quite fascinating to look at the opportunities in the future around how we manage the threats in our connected lives. It’s a critical area for the public and the private sectors to work together to ensure we take advantage of the benefits of connectivity while we manage privacy.
Part of the focus around cybersecurity is also protecting our free and open Internet. It’s critically important to remove, also, unnecessary burdens on emerging technologies, and to promote the safe deployment of the technologies for the benefit of the American people, and for the strength of U.S. commerce. We have a firm commitment to defending and protecting American technologies and intellectual properties, both here and abroad, to ensure that value is not only created, but value is also properly retained. We can see that in all these elements that it’s essential for the growth and for the expansion of IoT technologies to provide the best possible competitive environment. These are definitely areas of interest to the U.S. government, and to NIST as part of the U.S. Department of Commerce.
So some of the elements that we deal with include, first and foremost, considering the U.S. government as a customer. We talked earlier in the conference about some of the challenges of engaging at the government interface, whether you’re a state government, a city, or the federal government. We have embarked on a new journey in the United States that we call Unleashing American Innovation, which is a fresh look at how federally funded research and development gets into the commercial marketplace, and reducing the barriers to those technology transfers. Our opportunity now is to identify and to comment on those barriers, those issues and opportunities. There is a public comment session, a first one in the series, that will be held on Thursday of this week in San Jose at the U.S. Patent and Trademark facilities. I invite you to join in that conversation as well. Looking to the future of U.S. innovation, how can we move the needle for this nation, our effectiveness and our efficiency?
Certainly, measurements and standards are needed at this time. It’s a bit of the wild west now, isn’t it, in the development of IoT. So the more quickly, the more effectively we can apply measurement science and standards and expertise, we can drive greater value more quickly into the marketplace. NIST is a non-regulatory function, so it’s a true partnership between the public and the private sectors that we seek to enable. The tools that we’ve been involved in developing so far are very familiar to us. The encryption algorithms that are used every day and every financial transaction is part of the NIST delivery for the country. Part of it’s also generating greater confidence in the accuracy of our laboratory tests and what we do in the field, the timing signals that we use to synchronize our clocks in our GPS systems, as well as the tools for forensics.
Within the federal government as part of the Department of Commerce, there are a series of agencies, some of which have already been named today, that are truly part of supporting U.S. commerce, and helping to drive the IoT forward. Some of the areas where we’re certainly involved, and I must tell all of you that IoT is a strategic priority area for NIST. Whether it’s materials, properties and sensors, the development of new standards, our National Cybersecurity Center of Excellence provides support around security and interoperability testing, and looking at data elements themselves. These are critical parts of the U.S. infrastructure and NIST working with you and industry.
Security and privacy is the heart of foundation of trust in IoT. It’s built on our retaining the privacy of the information that needs to be retained as private. We certainly recognize the importance of this element. There is a very strong private sector interest in developing this further between government and academia and the international community. We look forward within NIST to help form the consensus pathways to drive this conversation forward. The National Cybersecurity Center of Excellence is a very powerful tool for industry, and we’re seeking to continue to expand that to support the needs of the IoT sectors. It’s a collaborative hub where industry, organizations, government agencies, academic institutions can work together to address the most pressing cybersecurity issues.
There’s a current project underway at NIST at the Cybersecurity Center of Excellence called Mitigating IoT-based Distributed Denial of Service. It has the goal to identify the best current approaches and technologies to reduce the vulnerability of IoT devices to Botnets and to other automated threats, while also finding those practical ways to limit the ability of any compromised IoT devices to any malicious actors. We’re leading a range of activities that addresses other aspects of security and privacy as well. Part of this is under the auspice of the cybersecurity framework, which we are continuing to expand with industry partners, such as yourselves, and looking to expand the applications to the various use cases in IoT. The security work at NIST also helps to address issues for cyber physical systems, for healthcare and for the smart grid, as well as industrial control systems, and so on.
To address these many challenges around privacy, we currently have a privacy engineering program that’s facilitating the development of trustworthy information systems. Its mission is to support the development of trustworthy information systems by applying measurement science and new system, engineering principles and standards, so that we can ensure that these systems protect privacy and also our civil liberties.
Two current activities I wanted to bring to your attention, the first is a public workshop going on on Friday of this week in Gaithersburg, Maryland. It’s the workshop on assessing privacy controls, and it’s part of a series of public workshops to get industry, public and private sector, inputs into designing new standards and frameworks. The other activity is really asking you to comment on the updated risk management framework incorporating privacy considerations, and for that program we’re accepting comments to the 22nd of June.
We continue to carry out foundational work, some of it is based on grants as well, that NIST will administer, to identify and to develop new approaches, specifications, algorithms and architectures for the future of IoT cybersecurity needs. One of the key elements around IoT cybersecurity is to have an interoperability framework that basically has a common language, a common framework, a common reference set. So here, the standards activities between NIST that represents government interest, but it is a private sector-led process as ever in this nation. So we seek to continue to work with a broad community of stakeholders in these efforts to develop the right use cases, to identify the common IoT characteristics. And, to work rapidly toward a new framework around standards for the IoT sector that will genuinely be what industry needs, because industry and the private sector lead it.
We’ve invested substantially in the development of interoperability test beds that allow us to simulate, and to apply evaluations to real-world systems as we validate interoperability. As ever, our strong ties and partnerships with the private sector have helped us to make the important contributions to international organizations, such as the Industrial Internet Consortium and the International Standards Organization Committees. It’s critically important for the U.S. and our corporations to be engaged in those processes to ensure that we have a seat at the table and that the broad perspectives of the U.S. private sector are fully taken into account.
Our third priority is reliable connectivity. So here we’re exploring the many facets of that puzzle. For example, we’re improving measurement techniques. Those of you that know NIST know that we are always pushing the boundaries of measurement science because if you can measure it you can help control it, you can manufacture it, and you can help drive the greatest value. We are carrying out a large number of IoT device evaluations and assuring that they can perform reliability in increasingly congested, wireless spectrum bands. So looking at those waveform performance attributes is certainly a critical element of what we provide. For example, in the NIST Boulder, Colorado, facilities, which is the National Advanced Spectrum and Communications Test Network. You see a shot of a portion of that system here that really evaluates a wide range of systems that are performing in congested environments.
Now, we all know about standards, essential patents, and for the future of the Internet of Things, standards are indeed essential. This is an area for continued engagement between the public and the private sectors. We know that there are so many aspects of our work in the future of standards, both in the United States as well as internationally. The International Standards Organization, the IEEE, the ITU, and also working with the G20 on the international trade implications that relate to the future of the Internet of Things, and how it will be deployed and how it will be in the future regulated and controlled.
So I’d like to leave you with several challenges as you think about collaboration and working with NIST in the future. We genuinely are the national laboratory for industry in this country. We have a non-regulatory role, which allows us to run an open and transparent process, and we genuinely listen to the voice of stakeholders as we look to the future of the Internet of Things. We’re just starting to scratch the surface of what the IoT can do and will do for all of us. We’ve heard from some of our speakers, it’s really all about the people, isn’t it? Whether it’s the healthcare applications, whether it’s delivering food safely, providing much more efficient transportation options that provide safety and security. The IoT is radically changing lives and it’s at the early stages of that trajectory.
I ask you to engage in the standards development process. It’s critical for many of your companies. This is an area where standards have yet to be deployed, so NIST is looking for ways in which we can work most effectively across government and with industry to assure that we have the very best standards process for the benefit of this nation, and for fair and equitable international trade. There is much also to be done in the utilization of the cybersecurity framework, again, that represents a public/private partnership very successfully with cybersecurity framework 1.1 having just been issued over the past several weeks at the RSA conference in San Francisco. I encourage everyone to work with the framework, to utilize its guiding principles toward a safe and secure cyber experience in the Internet of Things.
We also know that many state and local governments are asking for IoT-related options. Make your voice heard at the community hearings on the deployment of smart cities technologies. Provide feedback to documents from federal agencies like NIST. We are very much in the journey together with the private sector to identify those elements of advantage for U.S. competitiveness. I mentioned the technology transfer enhancements. Share your recommendations there, use the open forums available to you. So I’d like to say thank you for you time, for your attention today. I’m excited about the progress that’s being made in the IoT; it’s changing lives already. We at NIST look forward to partnering with you, and industry and government, to ensure great success for everyone in this room.