In This Issue...
NCCoE Seeks Vendors to Develop Model IT Asset Management System for Financial Services Companies
The National Cybersecurity Center of Excellence (NCCoE) is seeking collaborators to provide products and technical expertise to create a model, standards-based system that companies in the financial services sector could use to integrate their existing asset management, hardware and software support and information technology security into a single comprehensive system.
The NCCoE is a partnership of the National Institute of Standards and Technology (NIST), the State of Maryland and Maryland's Montgomery County. The center is dedicated to furthering rapid adoption of practical, standards-based cybersecurity solutions for business and public organizations using commercially available technologies.
As in many organizations, IT assets in the financial services industry can range from company smart phones and laptops up through major database and network servers and office systems. Managing them is a complex task that goes far beyond simply keeping track of where they are. Software—both operating systems and programs—must be kept current with periodic upgrades and "patches," and the organization must be able to rapidly and seamlessly respond to new threats from malware or cyber attacks. That's the job of an IT asset management (ITAM) system.
The NCCoE is looking for technology vendors interested in working on a standards-based model solution—a "reference design"—to demonstrate how companies can tie their existing data systems for physical assets and security, and IT security and support, into a comprehensive ITAM. The details of the challenge are laid out in a recently released IT Asset Management "use case"—a tool software engineers use to define specific function requirements of a system. The center invited public comment on a draft version of the use case in 2013, and used that input to develop the final version.
Technology vendors who participate provide commercially available products that will serve as modules in an end-to-end sample solution. NIST will not endorse particular products, but will use them as references that provide certain capabilities and conform to existing standards. To adopt this ITAM system, financial services companies can use similar products with the same capabilities. The goal is to help companies answer questions about their IT assets' operation and vulnerabilities. Companies can employ this ITAM system, or one like it, to apply business and security rules dynamically to make better use of information assets and protect enterprise systems and data.
The project also will result in a freely available NIST practice guide that includes a materials list and instructions for implementing the reference design. The NCCoE will seek the public's feedback on reference designs, improving them accordingly.
Companies interested in participating in the reference design project must submit a letter of interest in which they outline their proposed contribution. Full details of this process are published in a Federal Register notice (docket number140321260-4260-01) at https://federalregister.gov/a/2014-10349. Those selected to participate will enter into a cooperative research and development agreement with NIST.
To learn more about the NCCoE and how to collaborate on its projects, visit http://nccoe.nist.gov.
Media Contact: Jennifer Huergo, email@example.com, 301-975-6343
Nanotube-Infused Clothing May Protect Against Chemical Weapons
Nerve agents are among the world's most feared chemical weapons, but scientists at the National Institute of Standards and Technology (NIST) have demonstrated a way to engineer carbon nanotubes to dismantle the molecules of a major class of these chemicals.* In principle, they say, the nanotubes could be woven into clothing that destroys the nerve agents on contact before they reach the skin.
The team's experiments show that nanotubes—special molecules that resemble cylinders formed of chicken wire—can be combined with a copper-based catalyst able to break apart a key chemical bond in the class of nerve agents that includes Sarin. A small amount of catalyst can break this bond in a large number of molecules, potentially rendering a nerve agent far less harmful. Because nanotubes further enhance the breakdown capability of the catalyst and can be woven into fabric easily, the NIST team members say the findings could help protect military personnel involved in cleanup operations.
Sarin—used in a 1995 Tokyo subway attack—is one of several deadly nerve agents of a group called organophosphates. Many are classified as weapons of mass destruction. While organophosphates are harmful if inhaled, they also are dangerous if absorbed through the skin, and can be even be re-released from clothing if not thoroughly decontaminated.
To protect themselves during research, the team did not work with actual nerve agents, but instead used a "mimic molecule" that contains a chemical bond identical to the one found in organophosphates. Breaking this bond splits the molecule into pieces that are far less dangerous.
The team developed a way to attach the catalyst molecule to the nanotubes and then tested the effectiveness of the tube-catalyst complex to break the bonds. To perform the test, the complex was deposited onto a small sheet of paper and put into a solution containing the mimic molecule. For comparison, the catalyst without nanotubes was tested simultaneously in a different solution. Then it was a simple matter of stirring and watching chemistry in action.
"The solution was initially transparent, almost like water," says the team's John Heddleston, "but as soon as we added the paper, the solution started to turn yellow as the breakdown product accumulated. Measuring this color change over time told us the amount and rate of catalysis. We began to see a noticeable difference within an hour, and the longer we left it, the more yellow it became." The catalyst-nanotube complex far outperformed the catalyst alone.
Principal investigator Angela Hight Walker says that several questions will need to be addressed before catalytic nanotubes start showing up in clothing, such as whether it is better to add the catalyst to the nanotubes before or after they are woven into the fabric.
"We'd also like to find ways to make the catalytic reaction go faster, which is always better," Hight Walker says. "But our research group has been focusing on the fundamental science of nanoparticles for years, so we are in a good position to answer these questions."
*M.M. Bailey, J.M. Heddleston, J. Davis, J.L. Staymates and A.R. Hight Walker. Functionalized, carbon nanotube material for the catalytic degradation of organophosphate nerve agents. Nano Research, DOI:10.1007/s12274-014-0405-3, Nano Research 2014, 7(3): 390–398.
Media Contact: Chad Boutin, firstname.lastname@example.org, 301-975-4261
This FIB Doesn’t Lie: New NIST Microscope Sees What Others Can’t
Microscopes don't exactly lie, but their limitations affect the truths they can tell. For example, when operated in their most typical high-energy modes, scanning electron microscopes (SEMs) can have difficulty seeing materials that don't conduct electricity, and can actually damage some types of samples.
In an effort to extract a little more truth from the world of nanomaterials and nanostructures, researchers at the National Institute of Standards and Technology (NIST) have built the first low-energy focused ion beam (FIB) microscope that uses a lithium ion source.*
The team's new approach opens up the possibility of creating a whole category of FIBs using any one of up to 20 different elements, greatly increasing the options for imaging, sculpting, or characterizing materials.
Although the new microscope's resolution isn't yet as good as a SEM or a helium ion microscope (HIM), it can image nonconductive materials and can more clearly visualize the chemical composition on the surface of a sample than the higher-energy SEMs and FIBs. And, by analyzing the energy with which the ions scatter, the researchers have shown that the microscope should be able to not only see that adjacent materials are chemically different, but also identify the elements that make them up.
Jabez McClelland and his colleagues at NIST applied Nobel Prize-winning laser cooling techniques to make the first low-energy FIB using lithium ions in 2011. Since then, they have been working to refine the technique to increase the beam's brightness and collimation, i.e., getting all the ions to move in the same direction to make it more useful for imaging applications.
The new instrument first cools a gas of neutral lithium atoms to a temperature of about 600 microkelvins, just a few millionths of a degree above absolute zero, using lasers and a magneto-optical trap (MOT) to hold the atoms. Another laser ionizes the atoms and then electric fields accelerate them, straightening out their flight and focusing the beam on a target.
The NIST FIB can produce lithium ion beams with energies in the range of 500 electron volts to 5,000 electron volts (compared to about30,000 electron volts for HIMs.) The NIST team can reduce the beam's energy even further, but repulsive interaction effects at the source limit how small they can focus the beam when the accelerating field is weaker.
As detailed in their paper, the team demonstrated how their microscope could help to solve a common problem in nanoimprint lithography, a process for stenciling patterns on silicon chips. This technique requires etching into the silicon through the spaces in the lithography stencil to transfer the pattern.
"Before manufacturers can etch the silicon, they have to make sure the spaces are free of chemical residue," says McClelland. "Commonly, they use a process called plasma etching to clean that residue off, but they have to be careful not to overdo it or they can damage the substrate and ruin the chip. Our FIB scope could check to see if the plasma has done its work without damaging the chip. A scanning electron microscope couldn't do this because it's difficult to see the thin residue, and the high-energy beam is likely to charge up and/or melt the stencil and make the problem worse."
The group has big plans for the microscope. One future project they're planning to do is trying to unravel exactly how lithium batteries work by injecting lithium ions into the materials and watching how they affect the behavior of the batteries. This and other applications will add to the capabilities of NIST's nanotechnology user facility, the Center for Nanoscale Science and Technology, where the work is being carried out.
A few former members of the group have started their own company to develop a low-energy cesium FIB for milling and sculpting features on the order of single nanometers, a huge leap in nanofabrication if successful.
"This new form of microscopy we've developed promises to provide a new tool for nanotechnology with good surface sensitivity, elemental contrast and high resolution," says McClelland. "The applications range from nanofabrication process control to nanomaterial development and imaging of biomaterials."
*K.A. Twedt, L. Chen and J.J. McClelland. Scanning ion microscopy with low energy lithium ions. Ultramicroscopy. Volume 142, July 2014, Pages 24–31.
Edited on May 20, 2014, to improve the clarity of the first paragraph.
Media Contact: Mark Esser, email@example.com, 301-975-8735
NIST Revises Guide to Use of Transport Layer Security (TLS) in Networks
The National Institute of Standards and Technology (NIST) has released an update to a document that helps computer administrators maintain the security of information traveling across their networks.
The document, NIST Special Publication 800-52 Revision 1: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations, updates the original SP 800-52, released in 2005.
Sensitive data—from credit card numbers to patient health information to social networking details—need protection when transmitted across an insecure network, so administrators employ protocols that reduce the risk of that data being intercepted and used maliciously. TLS, a standard specified by the Internet Engineering Task Force, defines the method by which client and server computers establish a secure connection with one another to protect data that is passed back and forth. TLS is used by a wide variety of everyday applications, including email, secure web browsing, instant messaging and voice-over-IP (VOIP).
The Internet Engineering Task Force found vulnerabilities in TLS 1.0, one of the most widely used protocols, and updated it to TLS 1.1 and then TLS 1.2 to resolve many of these security issues. SP 800-52 Rev. 1 offers guidance to administrators on how to use the new versions of TLS in their networks.
"TLS 1.1 and 1.2 offer administrators a great number of options," says NIST computer security expert Andrew Regenscheid. "We make recommendations in SP 800-52 Rev. 1 on how to configure those options, including which algorithms to use and the length of cryptographic keys."
NIST published the original version of SP 800-52 in 2005, but withdrew it in March 2013 because the guideline had not yet been updated based on the new versions of TLS and known vulnerabilities. This new publication is the final version of SP 800-52 Rev. 1, which incorporates public comments to the draft version made in the fall of 2013.
Chief among the changes in SP 800-52 are the recommendations that government servers and clients move to TLS 1.1 and 1.2. It also recommends that they adopt cipher suites with NIST-approved algorithms to support 112-bit security strength and higher.
The updated version can be downloaded at www.nist.gov/manuscript-publication-search.cfm?pub_id=915295.
Media Contact: Chad Boutin, firstname.lastname@example.org, 301-975-4261
NIST Releases 2013 Department of Commerce Technology Transfer Report
The National Institute of Standards and Technology (NIST) has released the Department of Commerce's (DOC) 2013 Technology Transfer Report. The annual report summarizes the technology transfer activities of its three federal laboratories: NIST, the National Oceanic and Atmospheric Administration (NOAA), and the Institute for Telecommunication Sciences (ITS) of the National Telecommunications and Information Administration (NTIA).
In response to a Presidential Memorandum on accelerating technology transfer, this report also summarizes the actions DOC is taking to establish goals and measure performance, streamline administrative processes, and facilitate local and regional partnerships to accelerate technology transfer and support private-sector commercialization.
The many innovations emerging from DOC labs in 2013 include NIST fire researchers' development and deployment of a new NIST test for firefighter breathing equipment. Under high heat conditions, facepiece lenses have been found to bubble, deform, and develop holes or crazes, exposing a firefighter to toxic gases, potentially resulting in burns to the respiratory tract and asphyxiation. As of Sept. 1, 2013,standard firefighter breathing equipment cannot be certified to National Fire Protection Association (NFPA) standards unless the facepiece lenses pass a new rigorous test, developed by NIST, designed to reduce the degradation and possible failure of the facepiece lens under high-heat firefighting conditions.
The National Oceanographic and Atmospheric Administration (NOAA) reports on how their operations in the areas of weather and climate analysis and forecasts form the backbone of a thriving Weather and Climate Enterprise. This $5 billion industry serves to protect and serve the $3 trillion portion of the U.S. economy that is weather sensitive, including industries related to agriculture, energy, construction, health, travel and transportation.
In FY 2013, the Institute for Telecommunication Sciences (ITS), the research arm of the National Telecommunications and Information Administration, participated—as it has for a number of years—in CRADAs in the areas of high-resolution laser radar (LADAR), autonomous networks for unmanned aerial vehicles (UAVs), and broadband air-interface and core network capabilities for Long-Term Evolution (LTE) mobile communications, which have allowed ITS to contribute to the development of new products and services.
Media Contact: Jennifer Huergo, email@example.com, 301-975-6343