In This Issue...
NIST Study Suggests Light May Be Skewing Lab Tests on Nanoparticles' Health Effects
Truth shines a light into dark places. But sometimes to find that truth in the first place, it’s better to stay in the dark. That’s what recent findings* at the National Institute of Standards and Technology (NIST) show about methods for testing the safety of nanoparticles. It turns out that previous tests indicating that some nanoparticles can damage our DNA may have been skewed by inadvertent light exposure in the lab.
Nanoparticles made of titanium dioxide are a common ingredient in paint, and they also are considered safe for use both on the body (in sunscreen, where they help block ultraviolet light) and even within it (in foodstuffs such as salad dressings to make them appear whiter). It is well known that in the presence of light and water, these particles can form dangerous, highly reactive chemicals called free radicals that can damage DNA. Because light does not reach the human body’s interior, scientists have long accepted that these nanoparticles would not damage cells by forming free radicals from light activation.
However, some recent studies using cells suggest that titanium dioxide can damage DNA even in darkness—a disturbing possibility. Because such findings could have major health implications, the NIST team set out to determine whether light was indeed required for the nanoparticles to cause DNA damage.
“We didn’t set out to test the safety of the particles themselves—that’s for someone else to determine,” says NIST’s Elijah Petersen. “Our main concern is to ensure that scientists have enough knowledge to make accurate measurements. That way, tests will give accurate representations of reality.”
The NIST team exposed samples of DNA to titanium dioxide nanoparticles under three different conditions: Some samples were exposed in the presence of visible or ultraviolet light while others were kept carefully and intentionally in complete darkness from the moment of exposure to the time the DNA damage was measured. The team found that only when exposed to laboratory or ultraviolet light did the DNA form base lesions, a form of DNA damage associated with attack by radicals. Their conclusion? The culprit in earlier studies may be ambient light from the laboratory that inadvertently caused DNA damage.
“The results suggest that titanium dioxide nanoparticles do not damage DNA when kept in the dark,” Petersen says. “These findings show that experimental conditions, such as lighting, must be carefully controlled before drawing conclusions about nanoparticle effects on DNA.”
*E.J. Petersen, V. Reipa, S.S. Watson, D.L. Stanley, S.A Rabb and B.C. Nelson. The DNA damaging potential of photoactivated P25 titanium dioxide nanoparticles. Chemical Research in Toxicology, October 2014 issue, DOI: 10.1021/tx500340v.
Media Contact: Chad Boutin, email@example.com, 301-975-4261
Filling the Gap: NIST Document to Protect Federal Information in Nonfederal Information Systems
The National Institute of Standards and Technology (NIST) has published for public review draft recommendations to ensure the confidentiality of sensitive federal information residing on the computers of contractors and other nonfederal organizations working for the government.
Developed in collaboration with the National Archives and Records Administration (NARA), the guidance is intended for federal agencies, as called for in a 2010 Executive Order on the treatment of “Controlled Unclassified Information,” or CUI. The deadline for submitting comments on the draft document, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations (Draft Special Publication 800-171),* is Jan. 16, 2015.
Executive Order 13556 assigned NARA the task of standardizing the way that the federal executive branch protects CUI. The order also required CUI to be protected consistent with “applicable Government-wide standards and guidelines issued by the National Institute of Standards and Technology, and applicable policies” of the Office of Management and Budget (OMB).
“Currently, different agencies address federal information on the systems of the contractors and other organizations engaged in federal activities, including colleges, universities and state, local and tribal governments in many different ways,” says Ron Ross, NIST Fellow and lead author of new guide.
As these organizations perform scientific research, conduct background investigations for security clearances, provide financial services, develop technology in support of federal agency missions, or engage in other work on behalf of the federal government, they may handle personally identifiable information, financial data, medical records and other sensitive data.
Because no consistent guidance exists for securing this “sensitive but unclassified” information on nonfederal information systems, “nonfederal organizations receive conflicting guidance from federal agencies on how to handle the same information, giving rise to confusion and inefficiencies,” says John Fitzpatrick, NARA’s director of Information Security Oversight Office.
NARA identified a three-step process to meet the Executive Order.
“First we defined categories of CUI that need to be protected with standardized procedures government-wide and have a proposed federal CUI rule now under OMB review,” says Fitzpatrick.
Now NARA is working with NIST on SP 800-171 to develop clear, consistent and substantive security requirements for CUI, based on the Federal Information Security Management Act. SP 800-171 includes security requirements and controls—primarily from NIST Federal Information Processing Standard 200 as well as SP 800-53—that have been tailored for nonfederal entities.
“This publication and NARA’s plan to have a single government-wide CUI directive, as well as our third step of developing a uniform Federal Acquisition Regulation clause to apply them, will bring clarity and consistency to the handling of CUI,” says Fitzpatrick.
The draft of Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations is available at http://csrc.nist.gov/publications/PubsDrafts.html#800-171. Comments may be submitted to firstname.lastname@example.org.
*R. Ross, P. Viscuso, G. Guissanie, K. Dempsey and M. Riddle. Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations. (NIST Draft Special Publication 800-171), November 2014.
Media Contact: Evelyn Brown, email@example.com, 301-975-5661
Underperforming? Energy Efficiency of HVAC Equipment Suffers Due to Poor Installation
The push for more efficient air conditioners and heat pumps aims to trim the 30 percent share of residential electrical energy use devoted to cooling and heating. But the benefits of improved energy efficiency ratings can go for naught if the equipment is not installed properly, as verified in a recent study from the National Institute of Standards and Technology (NIST).
The NIST research report* is the first to quantify efficiency losses due to common installation errors documented in field surveys.
“Our measurements indicate that improper installation could increase household energy use for space heating and cooling on the order of 30 percent over what it should be,” says Piotr Domanski, who leads NIST research on the performance of HVAC (heating, ventilation, and air conditioning) and refrigeration equipment.
Domanski, Hugh Henderson of CDH Energy Corp., and NIST mechanical engineer Vance Payne undertook their three-year measurement and modeling study in response to surveys and other field evidence indicating that, as “typically installed,” HVAC equipment may waste considerable energy. Commonly reported installation errors—or faults—include leaky ducts, improper refrigerant charge, oversizing of systems, and restricted air flow.
In surveys reviewed by the team, the majority of air-conditioning equipment evaluated in the field performed below rated energy-efficiency levels due to one or more installation faults. “Degraded equipment performance was commonly found in air conditioners, heat pumps, and related equipment,” Domanski explains. “But most studies did not measure the increase in energy consumption due to a particular fault or combination of faults, which can be difficult to do in the field.”
Under controlled environmental conditions, the team characterized the performance of a heat pump while operating with any one of seven commonly encountered faults. After determining how much each fault affected energy consumption in the laboratory, the researchers investigated how these same errors might impact energy use in two types of houses—one with a basement, the other built on a concrete slab—and in five different climate zones. This part of the analysis was conducted with a simulation tool developed by CDH Energy Corp.
Leaky air ducts emerged as the “dominant fault.” Refrigerant undercharge and incorrect indoor airflow due to improperly sized ductwork followed as the most significant cause of increased energy use. Other findings include:
The bottom line: Sizing, selecting, and installing HVAC equipment according to industry-recognized procedures is critical to ensuring energy efficiency.
*P.A. Domanski, H.I. Henderson and W. Payne. Sensitivity Analysis of Installation Faults on Heat Pump Performance, NIST Technical Note 1848, October 2014. http://dx.doi.org/10.6028/NIST.TN.1848
Media Contact: Mark Bello, firstname.lastname@example.org, 301-975-3776
Cyber Security: Your Mother Was Right, Sharing is Good, And NIST Has Some Help on How
Time is not your friend when your information systems are under cyber attack, but sharing threat information before, during, and after an attack with a trusted group of peers can help. Not only does it alert the other members of your community to a potential attack, it can provide critical actionable information to speed and bolster your own defenses. Participating in a formal information sharing group can greatly enhance an organization’s cybersecurity capabilities.
But for all the potential benefits, sharing operational information outside an organization presents a unique set of challenges. To help, the National Institute of Standards and Technology (NIST) has prepared a Guide to Cyber Threat Information Sharing* that provides organizations with the key practices they need to consider when planning, implementing and maintaining information sharing relationships. NIST is requesting comments on the draft document by November 28, 2014.
An organization that has faced an attack has valuable information to share with others. “By sharing cyber threat information, organizations can gain valuable insights about their adversaries,” says lead author Christopher Johnson. “They can learn the types of systems and information being targeted, the techniques used to gain access and indicators of compromise. Organizations can use this information to prioritize defensive strategies including patching vulnerabilities, implementing configuration changes and enhancing monitoring capabilities.”
Information sharing within business sectors is particularly advantageous because the organizations often face similar threats.
The NIST publication presents a deeper treatment of the information-sharing concepts presented in Section 4 of the Computer Security Incident Handling Guide, Revision 2**. The guidance also references the Framework for Improving Critical Infrastructure Cybersecurity’s*** Framework Core, which is a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors.
The guide examines the benefits and challenges of coordinating and sharing, presents the strengths and weaknesses of a variety of information sharing models, explores the importance of trust, and addresses specific data handling considerations.
Appendix A provides a collection of scenarios that demonstrate the value of information sharing by describing real-world applications of threat intelligence sharing and coordinated incident response. These include an email phishing attack on people who attended a conference and how an investigation by credit card companies revealed that a retailer was unknowingly under attack.
The Guide to Cyber Threat Information Sharing is available at http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-150. Comments should be sent by November 28, 2014 to email@example.com using the Comment Template Form for Draft SP 800-150.
*C. Johnson, L. Badger and D. Waltermire. Guide to Cyber Threat Information Sharing (NIST Draft Special Publication 800-150), October, 2014.
**P. Chichonski, T. Millar, T. Grance and K. Scarfone. Computer Security Incident Handling Guide (NIST Special Publication 800-61, Revision 2), August, 2012.
***National Institute of Standards and Technology, Framework for Improving Critical Infrastructure Cybersecurity Version 1.0, February 12, 2014.
Media Contact: Evelyn Brown, firstname.lastname@example.org, 301-975-5661
Harary Appointed Director of NIST Engineering Lab
Howard Harary has been appointed director of the National Institute of Standards and Technology’s (NIST) Engineering Laboratory, which develops the measurement tools and standards needed to support technology-intensive manufacturing, construction and cyber-physical systems. The laboratory also conducts research to reduce the risks of fire, earthquakes and other hazards.
“Howard brings enthusiasm and a wealth of experience to his position,” said NIST Acting Director and Acting Under Secretary of Commerce for Standards and Technology Willie May. “He fully understands the two-way connection between science and engineering. And he knows firsthand that the stronger and healthier the connection, the more society and the economy will benefit tangibly from the nation’s investments in science and technology.”
The Department of Commerce approved Harary’s appointment, effective November 3, 2014.
A physicist turned measurement scientist, Harary began at NIST in 1985 as a bench scientist, focusing on challenges in measuring features on gears and other parts with complex shapes. He steadily rose through the NIST ranks, from project leader to group leader, to deputy director of the NIST Manufacturing Engineering Laboratory in 2004. Harary became the Engineering Laboratory’s acting director in 2013.
“The work of the Engineering Lab delivers incredibly useful results for many parts of the economy and society,” Harary said. “Sometimes these results can have lifesaving implications. My goal is to help the laboratory make an even bigger difference in the United States and the world.”
The Engineering Laboratory has a staff of nearly 400 people, including 132 guest researchers, who are distributed among five major research divisions. The laboratory’s annual budget is nearly $100 million.
A New York native, Harary received his bachelor’s degree in physics from the State University of New York at Stony Brook in 1974, and biophysics doctorate from Harvard University in 1983. He was a postdoctoral research fellow at Yale University from 1983 to 1985.
Harary currently serves on the visiting panel for the University of Maryland’s Mechanical Engineering Department, is a member of the American Society of Mechanical Engineers (ASME) Council on Standards and Certification, a member of the ASME Board on Standardization and Testing, and is the government representative to the board of PDES Inc., an industrial consortium working in the area of the digital exchange of manufacturing information. He also chairs an International Organization for Standardization (ISO) working group on general requirements for dimensional measuring equipment.
Media Contact: Mark Bello, email@example.com, 301-975-3776