Public-Private Defence for Satellite Cybersecurity: Addressing Challenges Through Collaboration

ABSTRACTThe National Institute of Standards and Technology (NIST) has developed a dynamic and on-going educational outreach program designed to support middle school science teachers and increase their understanding of the science they teach with applications to the real world and connections to the latest NIST research. In the NIST Summer Institute for Middle School Science Teachers, science topics are taken from NIST research pertinent to the middle school curriculum, and the research is translated for use in the classroom. During the two-week summer program teachers from around the country are given the opportunity to focus on NIST research as it relates to the middle school classroom by participating in a combination of hands-on activities, lectures, tours, and visits with scientists and engineers in their laboratories. The NIST Summer Institute is designed to increase teacher understanding of the subjects they teach, provide inquiry activities for the classroom, rekindle teachers’ enthusiasm for science, provide increased understanding of how scientific research is performed, create a learning community of teachers and scientists, and provide role models for the teachers. Teachers finish the NIST Summer Institute with a wealth of knowledge about core topics in introductory biology, chemistry, physics, and materials to integrate these topics into their existing curriculum.The NIST Summer Institute has spawned additional related outreach activities, including “Science Afternoons at NIST,” in which teachers are invited back to NIST during the school year for events in which the focus is on a single topic such as designing buildings to resist earthquakes, infrared energy, and nanomagnetism. Based on continued requests from participants in the NIST Summer Institute, an additional program, the NIST Research Experience for Teachers program, was begun in 2011 with teachers performing research at NIST under the guidance of NIST scientists and engineers, and designing ways to take their research experience back into the classroom to share with their students. This proceeding will give examples of topics covered and activities developed in past Summer Institutes, as well as ways similar Institutes are being implemented at other locations. While not a teaching institution but a research institute focused on meeting the measurement science needs of the nation, NIST has a wealth of resources for the education community. The NIST Summer Institute for Middle School Science Teachers is one way of sharing these resources and building partnerships between middle school science teachers and their students and NIST scientists and engineers.

Recent U.S. Food and Drug Administration (FDA) guidance recognizes that today’s medical devices face a host of cyberthreats. Medical device manufacturers, in turn, face the need to assess and mitigate cyber risks. By combining the cyber risk framework of the National Institute of Standards and Technology (NIST) with the existing International Organization for Standardization (ISO) 14971 Safety Risk Management (SRM) process, manufacturers can leverage proven best practices to make their devices safer and more effective. The cyberthreat to medical devices is based on two factors. First, increasingly faster and more efficient processors now enable full operating systems to run on small implant devices. Previously, only dedicated firmware could have been used. Second, modern hardware can readily connect to networks using wired and wireless protocols. Both factors offer markedly increased capability for patients, physicians, caregivers, and healthcare technology management (HTM) professionals, at the cost of opening unforeseen and unintended doorways into a device. Opening unintended doorways can compromise medical devices in three major areas of cybersecurity: confidentiality, integrity, and availability. Confidentiality refers to preserving authorized restrictions on information access and disclosure, including means for protecting patient privacy and corporate proprietary information. Integrity means guarding against improper information modification or destruction and includes ensuring information nonrepudiation and authenticity. Availability is ensuring timely and reliable access to and use of information. As embedded medical devices grow in complexity and ability, an end-to-end cybersecurity framework is needed to ensure that they achieve the confidentiality, integrity, and availability required for successful operation. Cybersecurity concerns have factored into medical device design for some time, but additional attention has been focused on the topic by recent FDA communications, including a recent guidance document and a safety communication. These documents, however, lack clear instructions on what needs to be considered and tested—a comprehensive standard could be years away. To ensure safety and effectiveness and reduce exposure to liability, device manufacturers need to be proactive in defining and applying cybersecurity controls for their medical devices. The problem facing medical device development teams is complex; it involves securing a device against an ever-growing number of cybersecurity threats while balancing usability, performance, and safety. A viable approach Applying Cyber Risk Management To Medical Device Design

The National Institute of Standards and Technology (NIST) is the National Measurement Institute (NMI) for the US. All dosimetric measurements made in American radiotherapy clinics should be traceable to the primary standards maintained by NIST. The accuracy of the NIST standards, and traceability to the Systeme Internationale (SI), is ensured through the Bureau International des Poids et Mesures (BIPM), the international laboratory that co‐ordinates comparisons between NIST and other NMIs around the world (such as the National Research Council Canada). A continuous calibration chain, therefore, links the measurement of dose in the clinic to the internationally agreed‐upon definition of the gray, an essential requirement in ensuring equivalence of clinical dose delivery irrespective of location. Within the US, traceability of radiationdose measurements to the SI is ensured through activities of the Radiation Interactions and Dosimetry (RID) Group at NIST, whose primary mission is to develop, maintain, and disseminate the national measurement standards for the dosimetry of x rays,gamma rays, electrons, and other charged particles. In the case of medical dosimetry, relevant standards are disseminated both directly to the customer and through the AAPM Accredited DosimetryCalibration Laboratory (ADCL) network by means of calibrations and proficiency testing services, provided to maintain measurement‐quality assurance and traceability. The evolving measurement needs of industry, medicine and government provide impetus for the improvement of existing standards and the development of new standards. Research activities in support of this part of the RID Group's mission address a variety of topics in fundamental and applied radiation physics. These efforts are driven partly by advancements in instrumentation technology and partly by the ever expanding domain of measurement standards made possible by such advancements. The widespread adoption of conformal beam therapies, for example, has driven the standards community to develop new approaches for standard reference dosimetry of “nonstandard” beams. At NIST, this has spurred a research program in water calorimetry that is looking into ultrasonic time‐of‐flight approaches to imagingdose in water. Ultimately, this or similar approaches might lead to new ways of imaging complicated dose distributions in tissue as well as give the standards community new tools for reference dosimetry of present and future beam technologies. In this session, attendees will learn how the accuracy of their clinical measurements is assured as a result of comparisons between NIST and other NMIs around the world as well as NIST proficiency tests and AAPM accreditation of the ADCLs. It will be shown how NIST staff members are active within critical AAPM scientific committees so that measurement needs in the clinic can be addressed by the standards laboratory, resulting in the development of new standards and/or methodologies. Learning Objectives: 1. Understand the impact of measurement standards in general, and in particular the work of primary standards laboratories such as NIST, on clinical radiationdosimetry. 2. Understand the calibration chain from primary standards laboratory to radiotherapy clinic. 3. Understand how NIST interacts with various AAPM committees to ensure that the measurement needs of the user community are met.

The National Aeronautics and Space Administration (NASA) Kennedy Space Center (KSC) requires accurate gas mixtures containing argon (Ar), helium (He), hydrogen (H(2)), and oxygen (O(2)) in a balance of nitrogen (N(2)) to calibrate mass spectrometer-based sensors used around their manned and unmanned space vehicles. This also includes space shuttle monitoring around the launch area and inside the shuttle cabin. NASA was in need of these gas mixtures to ensure the safety of the shuttle cabin and the launch system. In 1993, the National Institute of Standards and Technology (NIST) was contracted by NASA to develop a suite of primary standard mixtures (PSMs) containing helium, hydrogen, argon, and oxygen in a balance gas of nitrogen. NIST proceeded to develop a suite of 20 new gravimetric primary PSMs. At the same time NIST contracted Scott Specialty Gases (Plumsteadville, PA) to prepare 18 cylinder gas mixtures which were then sent to NIST. NIST used their newly prepared PSMs to assign concentration values ranging from 100 to 10,000 micromol/mol with relative expanded uncertainties (95% confidence interval) of 0.8-10% to the 18 Scott Specialty Gases prepared mixtures. A total of 12 of the mixtures were sent to NASA as NIST traceable standards for calibration of their mass spectrometers. The remaining 6 AIRGAS mixtures were retained at NIST. In 2006, these original 12 gas standards at NASA had become low in pressure and additionally NASA needed a lower concentration level; therefore, NIST was contracted to certify three new sets of gas standards. NIST prepared a new suite of 22 PSMs with weighing uncertainties of <0.1%. These 22 PSMs were compared to some of the original 20 PSMs developed in 1993 and with the NIST valued assigned Scott Specialty Gas mixtures that NIST had retained. Results between the two suites of primary standards and the 1993 NASA mixtures agreed, verifying their stability. At the same time, NASA contracted AIRGAS (Chicago, Illinois) to prepare 45 cylinder gas mixtures which were then sent to NIST. Each of the 3 sets of standards contained 15 cylinder gas mixtures: set no. 1, He at 12,000 micromol/mol, H(2) at 600 micromol/mol, Ar at 100 micromol/mol, and O(2) at 600 micromol/mol; set no. 2, He at 15 000 micromol/mol, H(2) at 5000 micromol/mol, Ar at 1000 micromol/mol, O(2) at 5000 micromol/mol; and set no. 3, He at 50 micromol/mol, H(2), Ar, and O(2) each at 25 micromol/mol with a balance gas of N(2). NIST used their newly prepared primary standards to assign concentration values to each component in these three new mixture sets to relative expanded uncertainties of 0.5-2.2%. The NIST certified AIRGAS prepared mixtures were then sent to NASA to use as "working standards" to calibrate their mass spectrometers (MSs).

In recent years, cybersecurity management has gained considerable attention due to a rising number and also increasing severity of cyberattacks in particular targeted at critical infrastructures of countries. Especially rapid digitization holds many vulnerabilities that can be easily exploited if not managed appropriately. Consequently, the European Union (EU) has enacted its first directive on cybersecurity. It is based on the Cybersecurity Framework by the US National Institute of Standards and Technology (NIST) and requires critical infrastructure organizations to regularly monitor and report their cybersecurity efforts. We investigated whether the academic body of knowledge in the area of cybersecurity metrics and controls has covered the constituent NIST functions, and also whether NIST shows any noticeable gaps in relation to literature. Our analysis revealed interesting results in both directions, pointing to imbalances in the academic discourse and underrepresented areas in the NIST framework. In terms of the former, we argue that future research should engage more into detecting, responding and recovering from incidents. Regarding the latter, NIST could also benefit from extending into a number of identified topic areas, for example, natural disasters, monetary aspects, and organizational climate.

Identification and application of security measures for petrochemical industrial control systems

The increased reliance on commercial satellites for military operations has made it essential for the Department of Defense (DoD) to adopt a supply chain framework to address cybersecurity threats in space. This paper presents a satellite supply chain framework, the Cybersecurity Supply Chain (CSSC) Framework, for the DoD in the evaluation and selection of commercial satellite contracts. The proposed strategy is informed by research on cybersecurity threats to commercial satellites, national security concerns, current DoD policy, and previous cybersecurity frameworks. This paper aims to provide a comprehensive approach for safeguarding commercial satellites used by the DoD and ensuring the security of their supporting components. Inspired by the National Institute of Standards and Technology (NIST) 800-171 requirements and the DoD’s future Cybersecurity Maturity Model Certification (CMMC) process, the two-part framework significantly streamlines the NIST requirements to accommodate small businesses. It also extends key NIST requirements to commercial-off-the-shelf (COTS) suppliers. The CSSC Framework complements the CMMC certification process by addressing the need for cybersecurity requirements for all subcontractors supporting a commercial space asset. The framework incorporates a scoring process similar to CMMC scoring, granting points to a subcontractor for meeting the cybersecurity requirements outlined by the framework. In addition, the framework creates a space architecture overview that details the overall bid score and establishes a matrix based on individual requirements. This model and matrix allow DoD acquisition personnel to closely analyze each contract bid, comparing the subcontractor's strengths and weaknesses to other bidders. The CSSC Framework will allow the DoD to apply NIST standards to subcontractors who do not meet the requirements for CMMC certification.

Detecting tattoo images stored in information technology (IT) devices of suspects is an important but challenging task for law enforcement agencies. Recently, the U.S. National Institute of Standards and Technology (NIST) held a challenge and released a tattoo database for the commercial and academic community in advancing research and development into automated image-based tattoo recognition technology. The best tattoo detection result in the NIST challenge was achieved by MorphoTrak with accuracy of 96.3%. This paper aims to answer three questions. 1) Is the NIST database suitable for training algorithms to detect tattoo images stored in IT devices of suspects? 2) Can convolutional neural networks (CNNs) outperform the MorphoTrak's algorithm? 3) How do training databases impact on tattoo detection performance? The NIST tattoo detection database containing 2,349 images and a database containing 10,000 collected from Flickr are utilized to answer these questions. The Flickr images taken in diverse environments and poses are used to simulate images stored in the IT devices. A CNN is trained on the NIST and Flickr images for this study. The experimental results demonstrate that the CNN outperforms the MorphoTrak's algorithm by 2.5%, achieving accuracy of 98.8% on the NIST database. When the CNN is trained on the NIST database to detect Flickr images, the accuracy drops to 65.8%. It implies that the NIST database is not an ideal database for training algorithms to detect tattoo images in IT devices of suspects. However, when the training database size increases, the detection performance improves.

The Clean Air Mercury Rule (CAMR) which was published in the Federal Register on May 18, 2005, requires that calibration of mercury continuous emissions monitors (CEMs) be performed with NIST-traceable standards. Western Research Institute (WRI) is working closely with the Electric Power Research Institute (EPRI), the National Institute of Standards and Technology (NIST), and the Environmental Protection Agency (EPA) to facilitate the development of the experimental criteria for a NIST traceability protocol for dynamic elemental mercury vapor generators. The traceability protocol will be written by EPA. Traceability will be based on the actual analysis of the output of each calibration unit at several concentration levels ranging from about 2-40 ug/m{sup 3}, and this analysis will be directly traceable to analyses by NIST using isotope dilution inductively coupled plasma/mass spectrometry (ID ICP/MS) through a chain of analyses linking the calibration unit in the power plant to the NIST ID ICP/MS. Prior to this project, NIST did not provide a recommended mercury vapor pressure equation or list mercury vapor pressure in its vapor pressure database. The NIST Physical and Chemical Properties Division in Boulder, Colorado was subcontracted under this project to study the issue in detail and to recommend a mercury vapormore » pressure equation that the vendors of mercury vapor pressure calibration units can use to calculate the elemental mercury vapor concentration in an equilibrium chamber at a particular temperature. As part of this study, a preliminary evaluation of calibration units from five vendors was made. The work was performed by NIST in Gaithersburg, MD and Joe Rovani from WRI who traveled to NIST as a Visiting Scientist.« less

Harnessing Data Science Through Healthcare IT Interoperability

Upholstery fabrics for residential use were obtained from various fabric shops and manufacturers' catalogs. Screening was conducted with four experimental cigarettes of varying design. By the National Institute of Stan dards and Technology (NIST) cotton duck mockup method, two of the cigarettes display "low" ignition propensity and two show "high" ignition propensity. Of the fabrics obtained for this study, 316 smoldered when in contact with at least one of the experimental cigarettes. Further examination within this set of upholstery fabrics showed once again that cigarette ignition propensity rank ing are dependent on fabric characteristics. The number of fabrics that showed ignition propensity rankings opposite to the NIST test "ranking" was similar to the number that agreed with it. That is, on the fabrics with rankings opposite to the NIST ranking, cigarettes of "low" ignition propensity by the NIST test showed more ignitions than cigarettes of "high" ignition propensity by the NIST test. These results are consistent with those of a previously published study with a smaller set of ignitable fabrics. Fabric weight was a key factor in determining fabric ignition behavior; two of the cigarettes showed increasing ignition propensity and two showed decreasing ignition propensity with fabric weight. For the majority of fabrics, however, cigarette design was unimportant in determining ignition behavior; that is, no differences in ignition behavior were observed with the different cigarette designs. The physical and chemical properties of the cotton duck fabrics of the NIST test are such that they repre sent only a fraction of the ignition behaviors observed with "real-world" upholstery fabrics. The NIST test, therefore, provides an incomplete picture and can be misleading in defining "low" ignition propensity.

In the fall of 2019, the National Institute of Standards and Technology (NIST) funded threes studies to better understand equity and inclusivity. The present study represents phase three of a sequential, exploratory mixed methods study designed to provide an in- depth look at the population of NIST federal employees to identify factors, attitudes, and processes that might result in gender- specific barriers at NIST. From phase 1 and the phase 2 in-depth interview qualitative results an on-line survey was designed to quantify the differences, if any, in the ways in which men and women experience work at NIST. The target population was all NIST federal employees, approximately 3,300. The sample size was 1,350, approximately 30 % of the sampling frame. The survey consisted of six sections and was disseminated by email to the sampling frame. Participation was completely voluntary. The survey was open for three weeks. 1,529 employees responded to the survey for an overall response rate of 33.2 % and 1,108 completed the survey (resulting in an overall completion rate of 72.5 %). Survey participants demographics were representative of the overall distribution of staff across Directorates, Operating Units, age, years of service, career paths, pay bands, and educational levels. The chi-square test for independence was used to test for statistically significant differences between the NIST population and the survey respondents as a whole, as well as between men and women. Statistically significant differences ( &lt; 0.001) were found for men and women with respect to the organization's commitment to diversity and inclusivity (men are more positive than women) , on meritocracy (more women believe opportunities are based on who you know rather than most deserving employees) , and gendered experiences of being interrupted in meeting, questioning competence, and not receiving credit for ideas. More women believe they have to work harder, wait longer for promotion and opportunities for leadership. More women reported considering leaving NIST than their male counterparts. Both women and men agree they have equal opportunity to be hired, their need for work life balance is supported, that teamwork is valued, and NIST believes it is more objective than subjective and that projects are not more important than staff. Overall, the survey results align with the qualitative results and provide quantitative data on the differences in which men and women experience the culture, diversity and inclusivity of NIST.

A Look at its Past Decade and a Gaze towards its Future. As the National Metrology Institute (NMI) for the United States, the National Institute of Standards and Technology (NIST), formerly the National Bureau of Standards, has provided measurement services, both calibrations and reference materials, for more than 100 years. Through these services, our customers have benefitted from our measurement capabilities and expertise in many areas, including amount of substance; dimensional metrology; electricity and magnetism; ionizing radiation; mass and related quantities; photometry and radiometry; thermodynamics; and time and frequency. NIST’s customers have also had access to some of the lowest measurement uncertainties available and a dependable way to establish traceability to the International System of Units (SI) [http://www.nist.gov/pml/wmd/metric/si-units.cfm].In response to the signing of the International Committee for Weights and Measures (CIPM) Mutual Recognition Arrangement (MRA), NIST first established an institution-wide quality system for the measurement services 10 years ago [http://www.bipm.org/en/cipm-mra/objectives.html]. NIST’s Quality System for Measurement Services has advanced the quality of service and measurements we provide our customers by fostering an environment in which NIST management and staff work towards continual improvement in the development and delivery of NIST measurement services. This paper describes NIST’s Quality System for the Measurement Services and its relevance to international standards of quality, such as the International Organization for Standardization and the International Electrotechnical Commission (ISO/IEC) 17025 standard and ISO Guide 34 [http://www.nist.gov/nistqs/]. It also provides a history of this quality system and a glimpse of future goals for improving its implementation.

The National Institute of Standards and Technology (NIST) recently began to develop standard mixtures of greenhouse gases as part of a broad program mandated by the 2009 United States Congress to support research in climate change. To this end, NIST developed suites of gravimetrically assigned primary standard mixtures (PSMs) comprising carbon dioxide (CO2), methane (CH4), and nitrous oxide (N2O) in a dry-natural air balance at ambient mole fraction levels. In parallel, the National Oceanic and Atmospheric Administration (NOAA) in Boulder, Colorado, charged 30 aluminum gas cylinders with northern hemisphere air at Niwot Ridge, Colorado. These mixtures, which constitute NIST Standard Reference Material (SRM) 1720 Northern Continental Air, were certified by NIST for ambient mole fractions of CO2, CH4, and N2O relative to NIST PSMs. NOAA-assigned values are also provided as information in support of the World Meteorological Organization (WMO) Global Atmosphere Watch (GAW) Program for CO2, CH4, and N2O, since NOAA serves as the WMO Central Calibration Laboratory (CCL) for CO2, CH4, and N2O. Relative expanded uncertainties at the 95% confidence interval are <±0.06% of the certified values for CO2 and N2O and <0.2% for CH4, which represents the smallest relative uncertainties specified to date for a gaseous SRM produced by NIST. Agreement between the NOAA (WMO/GAW) and NIST values based on their respective calibration standards suites is within 0.05%, 0.13%, and 0.06% for CO2, CH4, and N2O, respectively. This collaborative development effort also represents the first of its kind for a gaseous SRM developed by NIST.

&gt;For more than three decades, the National Institute of Standards and Technology (NIST) has offered and provided remote frequency and time calibration services that continuously measure and calibrate a customer’s primary frequency and/or time standard. These services differ from the typical calibration model in at least two important respects. The first is that the device under test remains at the customer’s facility. NIST provides equipment to the customer that calibrates the device, records the measurements, and returns the results to NIST via a network connection. The second is that the measurements are continuous, with new results recorded 24 hours per day, 7 days a week. This allows customer to continuously establish traceability to the International System (SI) through UTC(NIST), the national standard for frequency and time, without ever disturbing or transporting their standard. In addition, the reported measurement uncertainties offered by these services are small enough to meet the requirements of nearly any potential customer. The NIST services not only help support calibration and metrology laboratories, but also benefit a wide variety of organizations in both the public and private sectors; including the U.S. military, U.S. government agencies and research laboratories, defense contractors, the aerospace industry, the energy industry, telecommunications providers, electronics and instrument manufacturers, and financial markets and stock exchanges. This paper describes the reach and impact of the NIST remote frequency and time calibration services. It does so by looking at the history of the services, how they work, their calibration and measurement capabilities, their quality management system, and the metrological requirements of the customers that they serve.