NIST Impacting Our Industry
What is the National Institute of Standards and Technology (NIST)? Why do they matter? As we start exploring more of our technological resources, let’s learn more about the NIST and why it might impact your company!
Founded in 1901, NIST is within the U.S. Department of Commerce with a purpose that promotes U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve quality of life. Through fostering industrial competitiveness and stimulating innovation, their vision is to be the world’s leader in creating critical measurement solutions and promoting equitable standards [1] . As science and technology continuously evolve, NIST sets standards to keep us safe.
Measurement science, also known as ‘metrology’, is defined as “the science of weights and measures or of measurement [2] ”. It’s how we quantify and compare physical quantities, ensuring the accuracy and reliability of measurements. NIST develops and maintains these standards ensuring that measurements are accurate, consistent, and traceable. Think of tools used in the field such as when validating equipment. If Company A wants to perform a temperature map of a refrigerator that will house solutions with specific tolerance levels, how do they know the thermocouple probe will provide accurate and consistent values? Using NIST traceable standards and tolerance levels defined with accurate precision will provide justification for the thermocouple provides accurate data that ultimately impacts Company A’s validation of their equipment.
NIST aims to enhance the nation’s economic security and improve the quality of life by supporting innovation and competitiveness. They advance measurement science, standards, and technology by conducting research and developing standards in various fields including major areas for information technology (IT), cybersecurity, and physical sciences. By promoting reliable and accurate measurement, standards, and technology, NIST enhances economic security by contributing to a stronger economy. Another major area of focus by NIST is cybersecurity. With artificial intelligence (AI) and technology providing more efficient ways of handling physical tasks and driving business growth, protecting data infrastructure has become a larger challenge for business success and continuity. By developing and promoting frameworks, guidelines, and best practices to help organizations manage and reduce cybersecurity risks, NIST plays a crucial role in this area.
The NIST Cybersecurity Framework (CSF) is a widely used framework that provides a structured approach to managing and reducing cybersecurity risks and protecting networks and data. It’s designed to be flexible and adaptable to various organizations and industries, especially within industries that have critical personal health information that must be safeguarded from malicious attacks. The framework includes five essential functions: Identify, Protect, Detect, Respond, and Recover [3] .
Identify: Companies identify all equipment, software, and data used for traceability and also to understand their risk, these will help them develop policies to identify roles and responsibilities for their staff, partnerships, and anyone who will have access to sensitive data, as well as how to handle breaches, protect against malicious activity to limit damage, and have a disaster recovery plan.
Protect: This area focuses on control of networks and accessibility to data, using appropriate security software and measures such as encryption to protect data. Regular backups should be done with updating software. Policies should be in place to safely disposition electronic files and old devices as well as proper training to ensure staff understand their personal risk and the importance of safeguarding information overall.
Detect: Computers and equipment should be monitored for unauthorized personnel access, devices (like USB drives) and unapproved software that could be malicious.
Respond: In the event there’s a breach or critical issue found, companies should notify customers, staff, and others whose data may be at risk. The operations should be kept up and running and report the attack to law enforcement and other authorities so that an investigation can be performed and containment of the attack. Updating cybersecurity policies and plan to stay ahead as even unexpected events such as inclement weather could put your data at risk. Also, companies should test their plans regularly to identify any potential issues or operational delays.
Recover: If there’s an attack and it has been contained and resolved, equipment may need to be repaired and restored for parts of the network or areas that were impacted. Communication is the key and keeping staff and customers informed of the response and recovery activities will keep everyone aware of resolution and timeframes for operational delays.
NIST also conducts research and development in various areas such as nanotechnology, material science, and information technology. Collaboration within the industry and the government help develop and promote standards that facilitate trade, innovation, and interoperability. As businesses continue growing, understanding how to use, the risks, and implementing different technologies and technology strategies will be important to sustainability for the technology driven future.
Check out some of the NIST blogs here: NIST Blogs [4]
Keep checking back as we start exploring more technological evolution and learning about cybersecurity, artificial intelligence, information technology infrastructure, and how it impacts our industry!
References and Links:
[1] https://www.nist.gov/about-nist
[2] https://www.merriam-webster.com/dictionary/metrology
[3] https://www.ftc.gov/business-guidance/small-businesses/cybersecurity/nist-framework