Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
3 Assessment of the Laboratory Divisions MATHEMATICAL AND COMPUTATIONAL SCIENCES DIVISION The panel holds essentially the same view expressed in the 2007 ITL assessment 1 report: âThe Mathematical and Computational Sciences Division (MCSD) has a well- formulated view of the way it contributes to national priorities by advancing science and industrial innovation, and individual contributors understand how their work fits with the goals of NIST. In particular, the teams understand the importance of simulation-based engineering and how to deliver their technology to scientists and practitioners, inside and outside NIST, who are the ultimate users.â During the 2007 review, staff and management expressed a desire for more postdoctoral positions and had plans to actively recruit applicants in order to increase the likelihood of attracting excellent postdoctoral candidates. This tactic appears to have paid off, as the MCSD is now in line for four postdoc positions. Also, in 2007 the division chief was worried about developing an eventual successor and about finding program managers within the group. This concern appears to have been sufficiently addressed through the new program-management structure. Two technical people have stepped up to the program-management tasks. They have developed into highly capable program managers who are running excellent programs and learning the ins and outs of management and program management. Another change is that in 2007 the project to create the Digital Handbook of Mathematical Functions seemed to be having trouble bringing the publication of the handbook to a conclusion. Now the technical content of the handbook is complete, and a publisher for the accompanying book has been selected. Publication of the handbook is expected soon. Particular Programs and Projects That Deserve Mention Two ITL programs, Enabling Scientific Discovery (ESD) and Virtual Measurement Systems (VMS), are managed by MCSD leaders but draw on cross- disciplinary teams. They are vehicles for strong, multidisciplinary science and mathematics and are supportive of the simulation-based engineering important to national goals. Both programs have track records of delivering technology to users: scientists and practitioners inside and outside NIST. The ESD program has a goal of improving the accuracy, precision, efficiency, and complexity in metrology, improvements needed as simulation-based engineering continues to grow in importance. An example project is Modeling Grain Boundary 1 National Research Council, An Assessment of the National Institute of Standards and Technology Information Technology Laboratory: Fiscal Year 2007. Washington, D.C.: The National Academies Press, 2007, p. 11. 12
Premelting in Binary Alloys. This theoretical study will shed light on the material properties of binary alloys. Projects within the ESD program typically use state-of-the- art tools that result in simulations with more accurate physics. The VMS program recognizes that failures of some of our major simulation tools have been implicated in major engineering failures. For example, a NASTRAN (NAsa STRuctural ANalysis) simulation underestimated stress by 47 percent, resulting, at least in part, in the collapse of an oil platform in 1991. The VMS program is concerned with the validation and verification of such simulations. It is attempting to define a metrology infrastructure for virtual measurements that will provide a platform for understanding uncertainty in modeled effects, trueness relative to benchmarks, and traceability leading to trust. For example, the micromagnetic modeling project is developing an open-source simulation tool that will become a measurement standard for validating micromagnetics simulations. The MCSD is also performing the first-of-its-kind investigation of rendering uncertainties. (Rendering is the generation of an image [a rectangular array of pixels] based on a virtual three-dimensional scene, and a virtual scene is a set of geometric objects parameterized in three-dimensional coordinates.) Since this investigation is new, it is hard to predict the outcome. However, rendering does play an important role in virtual measurement, so understanding uncertainties in visualization will certainly be important. The project on Quantum Information is an example of the MCSDâs looking (far) into the future, in this case the future of quantum computing, and beginning to build a measurement science framework for this new technology. The Ion Trap Computing Benchmarks project is investigating benchmarks that will be needed to measure the performance of quantum computing. Issues for the Future Management of the MCSD is aware of two potential management problems arising in the near term. One is finding and recruiting high-quality personnel in traditional areas of applied mathematics and physics for new positions resulting from the stimulus package (the American Recovery and Reinvestment Act of 2009) and from retiring staff. The second is acquiring needed space commensurate with the current facilities and staff expectations for new hires. STATISTICAL ENGINEERING DIVISION The Statistical Engineering Division has a consistent, long-standing mission to advance metrology through the appropriate use of statistical methods in the activities of producing measurements and expressing their uncertainty; this mission is of central importance at NIST. This mission is accomplished through many deep scientific collaborations that cut across NIST and other governmental agencies in the characterization of materials and processes, for example, with standard reference materials (SRMs); through methodological research; and through training and educational activities. For another example, the SEDâs statistical metrology effort is a unique national and international capability and resource. 13
Technical Merit of Programs The overall caliber of the statistical metrology effort remains very strong. The SEDâs portfolio of projects includes broad, long-standing collaborations with individual scientists and groups that lead to jointly authored publications in the substantive fields. Areas of important current work range from metrology for bulletproof vests and infrared vision devices used by police and fire officers to neutron physics spectroscopy. Important work supported by other government agencies includes projects such as one with the Department of Homeland Security for radiation-detection monitors deployed at border crossings. The SED is involved with several of the recently created ITL programs, including Complex Systems, Virtual Measurement Systems, and Enabling Scientific Discovery. These are appropriate ITL areas and show good promise for important SED contributions. At the same time there are other ITL programs, such as that in multifactor experimentation, where the science could benefit from increased substantive contributions of SED expertise, but such opportunities to contribute to ITL programs are at present not being fully met owing to a lack of resources. Overall, the statistical metrology research program is state of the art. Researchers publish regularly in international metrology journals and are among the leaders in international metrology efforts. However, the group has drastically reduced its participation in national and international meetings owing to budget choices that are not consistent with the long-term SED mission. Human Resources and Facilities The panelâs 2007 ITL assessment report concluded that, among the ITL activities, the SED was most in need of immediate enhancement of its capabilities. This situation has not been successfully addressed. The staff is the same as it was 2 years ago. Apart from the current chief, recent permanent hires were made 7 and 8 years ago. The dynamic chief, who was hired around 2.5 years ago, has developed good support and rapport with his staff and ITL management. The number of ITL and NIST activities is even greater now than in 2007, and the need for staff expansion and rejuvenation is greater. The ITL should address this issue creatively and energetically now. Further, the SED budget has apparently permitted very little external professional activity in the past year. This is a serious problem that must be addressed. The SED facilities and equipment are adequate. Achieving Objectives and Desired Impact The existing SED programs are having their desired impact and helping NIST to achieve its overall mission and objectives. As national priorities and needs evolve, so must the metrology infrastructure and methodology addressing such needs. One important emerging area involves measurement for greenhouse gas management programs (such as would be needed for cap-and-trade programs currently under consideration by Congress). This area requires new statistical research appropriate for 14
the measurement technology, along with the associated modeling and uncertainty analyses. Another important emerging area involves spatial measurements for climate change and standards for reporting error bars for long-term model forecasts. Research in such areas is desirable and shows promise but is currently limited owing to the staffing issues raised above. The SEDâs impact could be increased through raising its external profile within the statistical community. Both the SED and this community would benefit from greater awareness of the important, challenging problems arising and being successfully addressed at NIST. Creative approaches for regularly communicating activities and opportunities could also help increase the pool of desirable candidates for short-term, visiting and regular positions. The SED should compete for invited paper sessions at international meetings. The division should take advantage of its presence in Boulder, Colorado, to make strategic alliances with the National Center for Atmospheric Research, also located there, if the SED chooses to focus new resources in that arena. SOFTWARE AND SYSTEMS DIVISION Overview The Software and Systems Division comprises three research groups, Software Components, Information Systems, and Interoperability. Efforts addressing several of the crosscutting, key ITL programs, most notably the Voting and the Healthcare Information Technology programs, are included within the R&D portfolio of the division. The division currently has an acting chief, who also has significant responsibilities in the Office of the ITL Director. The lack of strong scientific and administrative leadership within the SSD and also, in some cases, at the programmatic level is cause for concern. This is particularly salient given the impending large influx of American Recovery and Reinvestment Act dollars for some of the SSD activities. No clear vision or plan was articulated for how these dollars would be most effectively spent. Research staff appear to be comfortable with their research projects, although at times this comfort level may in fact be at odds with innovation and redirection in keeping with developments in the broader research and scientific community. Several research staff are involved in projects of great national import, yet they do not seem to be exercising the leadership in those national settings that is required for having maximum impact. Selected Projects and Programs Voting Systems The SSD efforts in voting and related technologies respond to congressional initiatives such as the Help America Vote Act of 2002 (or HAVA; Public Law 107-252). HAVA directs NIST to assist the Election Assistance Commission in the development of voluntary voting system guidelines, and HAVA directs NIST to chair the Technical Guidelines Development Committee. NIST activities in the area are executed by the SSD 15
and include a study of the computer security of voting systems and methods to prevent fraud and privacy violations. The SSD works to develop voluntary standards but does not certify voting machines for use in elections. The SSD efforts provide a baseline assessment capability but do not go far enough. Voting is the very core of the nationâs democracy, and vulnerabilities in its voting systems pose a direct threat to the basis of its government. The SSD should increase the stringency of its voluntary standards, perform and coordinate more active evaluations of voting machines and systems, and work with election commissions to improve assurance of all voting systems immediately. Software Assurance Metrics and Tool Evaluation The SSD Software Assurance Metrics and Tool Evaluation (SAMATE) program focuses on the planned and systematic set of activities which ensure that software processes and products conform to requirements, standards, and procedures. The SSDâs energy is focused on two specific challenges: achieving trustworthiness (ensuring that no exploitable vulnerabilities exist, of either malicious or unintentional origin) and achieving predictable execution (providing justifiable confidence that software, when executed, functions as intended). The SSD efforts in this area in the past have concerned source- code security analysis. More recently, the SSD has developed support for analysis of Web application vulnerabilities and binary-code security analysis. In general, the SSDâs efforts have yielded good results, better industry and academic measurement, and net improvement in static analyzers. The divisionâs solid technical contributions are made within a principled framework by a skilled and dedicated team. The engagement of the SSD with the static analysis community has yielded improvements and, it is hoped, will continue to yield improvements in the quality of static analysis tools and overall assurance available for large software systems developed using those commercial tools. As software services are increasingly delivered through the Internet, Web- application vulnerability is a problem of increasing importance. It is good that the SSD has developed tools and metrics for Web-application vulnerability scanning. The SSD should redouble efforts in this area. Further, it should expand features of the Web- application scanning benchmarks to include cross-site scripting and other modern attack types. Also, binary-code analysis is an important area, and the SSD should continue to grow its practice in this area. Computer Forensics The SSDâs participation in this activity is focused on computer forensics investigations with an emphasis on providing the discipline and rigor essential to support the needs of law enforcement. A number of studies have verified the increasing importance of computer forensics as everyday reliance on computing devices and their 16
infiltration for unlawful purposes increase exponentially. In addition, the current administration has chosen to make heavy initial investments to strengthen national information technology assets vital to the public interest. The SSD has made modest but impactful, insightful, and highly leveraged investments in this area. Unfortunately, the pace of change in computing devices and associated infrastructure, combined with the need for computer forensics support for law enforcement in the face of the increasing threat, is entirely unmatched from an SSD investment perspective. Increased investment is required simply to match the demands of the environment. The following immediate areas of investment concern should be addressed: 1. The explosion in the use of mobile devices, combined with the rate of innovation and product release, cannot be addressed with current resource assignments. 2. The National Software Reference Library must expand its scope to encompass virtual distribution mechanisms and the nearly constant stream of product and service upgrades that are common service elements in all information technology offerings. Grid Computing Systems There are various definitions for âapplied distributed computing,â including distributed high-performance computing resources (traditional âgridsâ), horizontally scaled transaction systems, clouds supporting distributed storage services, and high-end, near-real-time business analytics. The SSD has defined its grid scope as large-scale organizations of distributed computing resources providing on-demand services to computing and/or data-intensive applications. The technical work being performed is sound and based on a robust analytical framework largely ignored by current U.S. commercial grid implementations. This reveals inherent weakness in the SSDâs engagement strategy with U.S. business activities and the resulting lack of application and adoption of the SSDâs work. Engagement with U.S. business and government entities currently employing, on a global scale, grids and clouds, is essential. Engagement with such formulative organizations as the Open Cloud Consortium might be useful. Computational Biology The Computational Biology project is a component of a broader, key SSD program (Information Discovery, Use, and Sharing). The initial goals of the project are modest and narrow in scopeâcomputational biology is a very large field. The project has so far focused on cellular and subcellular image processing and analysis. (The cellular/subcellular and the organism/population/community levels are a focus given in the FY 2009 Administration Research and Development Budget Priorities 17
Memorandum.2) The SSD research staff collaborates with other SSD divisions and, appropriately, with the NIST Chemical Science and Technology Laboratory. The staff also has collaborations with university and other research groups outside NIST. Next steps for the project were not explicitly addressed, and it is not clear how or whether the project intends to grow beyond its current focus. Health Information Technology The Health Information Technology effort is both a set of projects and a key program within the SSD. The goal of the program is extremely ambitious: to ensure that the technical infrastructure of the U.S. health information technology network is correct, complete, and testable. The projects presented to the panel (Medical Devices, Clinical Document Validation, Semantic Interoperability, and Testing Infrastructure) were uneven in their approach and potential impact. Overall, there does not seem to be a clear and cohesive roadmap for the activities subsumed under this effort. In 2007 the panel recommended recruiting strong health informatics leadership that would be commensurate with the broad and complex agenda of this program. It is even more pressing that such leadership be put in place now, given the current emphasis on health information technology at the presidential level. Billions of dollars have been set aside for health information technology, with explicit expectations for results. (NIST will receive $20 million for health information technology.) If the panelâs recommendation was not implemented because the SSD was not able to attract a scientific leader of the highest caliber to take on the leadership of this very important activity, the SSD should consider a variety of other hiring mechanisms. For example, using an Intergovernmental Personnel Act or Special Expert mechanism would allow the SSD to hire someone at a competitive salary for a short period of time (1 to 3 years). Such an individual would, working with the SSD leadership, be able to provide a much- needed strategic vision and implementation plan for the program. COMPUTER SECURITY DIVISION Progress at the Computer Security Division since the panelâs 2007 review has been impressive. The CSD now exhibits a stronger research program, a stronger and better-established division management team, and more focus on programs of national importance. The group is conducting state-of-the-art research and technology development in an area that is of growing importance to U.S. leadership in commerce. The CSD is required by Congress or the Executive Branch to respond to a number of program requirements. These include the 60-day study of Cyber Security, the Federal 2 âMemorandum for the Heads of Executive Departments and Agencies,â from John H. Marburger III, Director, Office of Science and Technology Policy, and Stephen S. McMillin, Acting Director, Office of Management and Budget: Subject: FY 2009 Administration Research and Development Budget Priorities, p. 6, August 14, 2007. Available at http://www.ostp.gov/galleries/Budget09/FY2009FINALOMB-OSTPRDPriorityMemo.pdf. Accessed August 24, 2009. 18
Information Security Management Act of 2002 (FISMA; Public Law 107-347), security for electronic voting, and the federal identification card initiative (Homeland Security Presidential Directive 12, or HSPD-12). In too many cases, these programs come to NIST as unfunded mandates that can distract staff and management from planned research. The CSD is also required to sustain established standards and guidelines. Both of these factors make it important that the divisionâs full-time staffing continue to grow, so that it will be possible for research to continue at an appropriate level. That said, the divisionâs research program is stronger than it was 2 years agoâa result attributable to increased funding and stronger leadership. The CSD has initiated a research project aimed at measuring security. This is a very difficult research challenge but one that is worth tackling, and the project leader is bringing new ideas to the task. Several staff members have been hired in the area of cryptography research, and the CSD plans to add more staff. Cryptography is an extremely important area for the division, and it is vital that there be a critical mass of expert cryptographers. Building the skills of newly hired staff takes a significant amount of time, so hiring now is a worthwhile investment for the future. The division could gain a great deal of leverage through academic partnerships; the current small core of cryptographers needs augmentation in order to create enough of a gravitational field to attract visiting scholars and more postdoctoral fellows. The CSD is attending to the task of making the guidance for federal agencies more actionable and effective. The initiation of FISMA Quick Start Guides and the intent to collaborate or integrate efforts with the national security community and the Consensus Audit Guidelines are impressive efforts. The division is also taking a fresh look at the effectiveness of its cryptography module accreditation program and of FISMA; NIST needs this kind of leadership to balance its scientific perspective with federal requirements. The CSD should increase its efforts in the following areas and should describe its progress in these areas during the next panel review (in 2011): Within the new ITL program structure, some activities that are very relevant to security are not conducted in the CSD or in the security program. For example, software assurance and software tool evaluationâcritical to building software that is resistant to attackâare encompassed in the Trustworthy Information Systems Program, and the presentation of CSD activities to the panel did not cover these important topics. Although the separation of work in secure network protocols from the CSD is an artifact of the history of the ITL, the program structure does not seem to be leading to the expected collaboration between network and security experts. More cross-divisional interaction would strengthen the admirable work of both divisions. Because there is no closed-form nontrivial solution to the problem of building a secure system, effective security depends at a fundamental level on the ability to bring the perspective of an attacker to bear. The need for an attacker perspective is important in several areas, including the definition of security configuration standards such as the Federal Desktop Core Configurations and 19
the development of management guidance such as SP800-53 (the FISMA security controls guideline). The division is beginning to reflect more of an attacker perspective in its work, but it should enhance its focus and investment in this area. âCloud computingâ is one of the possible futures of commercial computer services, and the division is taking an early look at the security issues of this developing technology. In the area of electronic medical records, the CSD could play an important role in developing a framework for security and privacy. This is a complicated and crucial issue facing health care providers, and current initiatives need to face it squarely as they assess technologies and develop standards. ADVANCED NETWORK TECHNOLOGIES DIVISION The Advanced Network Technologies Division is generally healthy and stable, and the staff is involved and enthusiastic about its work. The division activities are generally aligned with the mission of the laboratory. The division members participate broadly in the crosscutting programs, which speaks to the desirability of their skills and their willingness to collaborate outside their immediate circles. Also noteworthy is the Guest Researchers program. The number of guest researchers, the diversity of their home organizations, and their contributions to the divisionâs work programs are impressive. As discussed in this section, there are substantial variations in the projects presented to the panel in detail. The projects on Secure Naming (Domain Name Systems Security), Secure Routing (Border Gateway Protocol), and Internet Protocol Version 6 (IPv6) Security and Deployment, all having a common focus on Internet infrastructure protection, successfully blend several desirable characteristics. There is understanding of the problems at a fundamental level; tools, tests, and testbeds are adequately covered; there is engagement at the policy level, with the group responding to requests from government and industry for its expertise and also proactively advancing its agenda in various forums; and there is engagement in deployments at the national level. The picture that emerges is of research projects in areas of national importance that are having significant impact. The project on Measurement Science for Complex Information Systems leverages methods from the mathematical sciences, especially statistics, to achieve state-space reduction by several orders of magnitude. Quite rightly these methods have been designed to tackle a specific, yet fairly general, application space, which is Transmission Control Protocol (TCP)-based congestion control in the Internet. The work is deep and broad. Important challenges lie ahead. First, as the title of the project implies, the goal is to apply the methodology to complex systems generally, and before that can happen there needs to be a distillation of the existing methods. The group should justify the original goal by applying the methodology to at least one other major complex system. The project output should be offered for peer review at top conferences and journals to a greater extent. This is worth doing for several reasons, including raising the groupâs visibility. 20
The Seamless Mobility project focuses on handover modeling and performance analysis and is closely coupled to standards activities. More specifically, this work is for WiMax (âWireless Worldwide Interoperability for Microwave Access,â IEEE 802.16 standard) and related standards on predicting the âlink going downâ condition and minimizing service outage. Although the effort shows skill, the focus on mathematical models without the benefit of feedback of measurements from experiments and testbeds makes the project rather narrow and promises to yield incremental gains. The extent to which elements of the project have been done before remains unclear. The Body Area Networks (BAN) project focuses on the emerging area of radio- frequency (RF) propagation from medical implants. The project has contributed a virtual reality model for RF propagation in the body and surroundings. The work is fresh, focused, and well connected to leading players in the world, including standards bodies and vendors. The promise of value from this early effort is large. It is a matter of some regret that the participants in the BAN channel model effort, apart from the work at NIST, have been from outside the United States. The ITL group should work to correct that situation. The Public Safety Communications project, while having several drivers, is focused on video quality and specifically on error concealment. The work is of high quality, but its narrow focus is likely to lead to only incremental gains. Also, there are exciting research developments in the area of compressive sampling that have much to offer here. The group should broaden the focus and increase the emphasis on new research methods. The area of Internet measurements and data analysis appears to offer great potential for the special and extraordinary skills that exist in the ANTD. While the Cooperative Association for Internet Data Analysis is already an important presence, there are large, rapidly evolving spaces that are uncharted. The ANTD will benefit from exposure here, and the Internet will likewise benefit from the ANTDâs contributions and insights. INFORMATION ACCESS DIVISION If a single theme can be said to characterize the work of the Information Access Division, it is that of developing standards, metrics, and evaluations for automated understanding of digital media, such as text retrieval, automated recognition of humans from images and voice, language recognition, and human activity classification from video. Organizationally, the IAD is divided into five groups with significant overlap of activities: Multimodal Information; Retrieval; Image; Visualization and Usability; and Digital Media. A methodology common to the majority of these groups is that of the âchallenge problems,â most of which are externally funded. The IAD is the second largest division within the ITL, with a total staff of 72. But of all ITL divisions, the IAD has the most externally funded work, with 58 percent of its total budget ($11.4 million of $19.5 millionâestimates as of August 13, 2009) in FY 2009 coming from outside-agency sources. This is a significantly greater percentage of OA work than the FY 2009 ITL average across divisionsâ28 percent ($25 million of $89 million)âand represents nearly half of all OA funds received by the ITL. 21
Technical Merit of the Programs The IAD programs, research, and standards development are generally excellent. Specifically, the impressive challenge-problem concept is an excellent way for the government to leverage academic and industrial development of solutions to problems of long-standing government interest, such as text retrieval, human recognition, and language identification from both text and speech. These programs are generally funded by other government agencies, with the IAD serving as the scientific and organizational resource and the honest broker assuring the participants of the neutrality and integrity of the tests. Under the challenge-problem concept, the IAD, with collaboration from the funding organizations, establishes a technology challenge through a series of workshops, free to all comers. Examples of such challenge problems include the Text Retrieval Conference and the Speaker and Language Recognition Evaluations. Although details of the protocols vary by sponsor, the tests center on problems of interest to the government, as precisely defined through the development of a task and test data set. The IAD establishes the data requirements to meet the sponsorsâ technology development needs, then either gathers the data itself or works with a third party (such as the Linguistics Data Consortium of the University of Pennsylvania in the case of speaker and language identification), to create a data set characterizing the problem of interest. The data are partitioned, with one set sent to volunteering participants for development and the other set retained for the test. It is common, when possible, to release all of the data to the research community after the test. The challenge-problem concept has several appealing aspects: academics and industry are encouraged to work on problems tailored directly to government needs; government can motivate technology improvements without directly funding research; government can use the outcomes of the evaluations to establish the feasibility of deployments and to direct future research funding; academic and industrial groups can assess their own performance against the state of the art on common data sets, using the resulting information to commercial advantage; and developmental data sets are made available to the community for future research. The standards organized and fostered by the IAD, such as the American National Standards Institute (ANSI)/NIST-ITL-1/2007 (âData Format for the Interchange of Fingerprint, Facial, and Other Biometric Informationâ), serve as the de facto standard for biometric data interchange both within the U.S. government (such as between local law enforcement and the Federal Bureau of Investigation) and within international organizations (such as between European governments and the International Criminal Police Organization, Interpol). The international acceptance of this standard is an indication of the worldâs positive opinion of the technical merit of the IAD work. Contributions to the development of the ANSI/NIST and other standards (such as the International Organization for Standardization/International Electrotechnical Commission Joint Technical Committee Subcommittee 37: Biometrics, ISO/IEC JTC1 SC37 biometric series) and performance of the research necessary to support implementation of the standards have made an invaluable contribution to national and international law enforcement and security activities. 22
Human Resources and Facilities The IADâs human resources and facilities are adequate, but there is need for a usability laboratory to support the increasing data collection requirements of the Visualization and Usability group, particularly in the area of voting machine assessment and biometrics. It is encouraging that since the panelâs previous visit in 2007, the IAD has acquired social scientists in linguistics, psychology, and human factors as direct employees or subcontractors to assist with the usability work. The ITL-recognized job categories must keep pace with both technology and tasking changes within the IAD, and the ITL must institutionally recognize the continued need for social and health scientists to support, for example, the visualization and usability and the speech efforts. The heavy reliance on OA funding has created pressures within the IAD; it has allowed growth and new opportunities for the division, but it has predictably forced program managers into marketeering to support continued funding. Although NIST internal funding through the congressional budgeting process is not completely stable, there are problems brought on within the IAD by even less stable external funding. The perceived instability in the external funding has created reservations within the IAD management with respect to acquiring the human resources necessary to take on additional, high-value projects, such as usability in medical informatics and computer/data security. The IAD program managers expressed uncertainty over what processes would be followed by ITL management in the event of a retraction in OA support. ITL leadership must make clear to the IAD what safety-net processes would be in place in the event of an unexpected decline in OA funding. ITL management should also make available stable and dependable internal bid and proposal monies from the scientific and technical research services (STRS) category of the budget in order to support the IAD marketing burden implicit in the acceptance (in FY 2009) of $11.4 million in OA funding. Achieving Objectives and Desired Impact The existing IAD programs have a strong international impact and are contributing to the ITL mission and objectives. The IAD has a strong culture of both publication and participation in academic and industrial conferences, workshops, and forums. This increases the impact of the divisionâs work through the process of dissemination of results to stakeholders. However, when normalized by the number of PhD researchers on the IAD staff, the number of conference and journal papers falls short of what would be expected at a major university. Consequently, the IAD should place additional emphasis on promoting first-rate publications. There is a gap in the program of work that spreads from the IAD to other divisions across several programsâthat gap being a systematic and research-grounded analysis of privacy. The National Research Council has in several past studies noted the importance of the consideration of privacy as a fundamental design factor in information technology development. Privacy cannot be forced on technologies purely at the level of 23
applications. The IAD work, particularly that of human recognition and personal information retrieval and the supporting data collection efforts, carries significant potential privacy impact that needs to be methodologically considered. The IAD must develop expertise in privacy theory and practice. 24
