Opportunities for Coordination and Clarity to Advance the National Health Information Agenda: A Brief Assessment of the Office of the National Coordinator for Health Information Technology-A Letter Report (IOM, CSTB)

Released 10.15.07

In 2004, the Department of Health and Human Services created the Office of the National Coordinator for Health Information Technology (ONC) to help move toward the goal of a national health information infrastructure.  In 2007, ONC asked the Institute of Medicine to comment on the effectiveness of the ONC standards processes in advancing to that goal.  Specifically, ONC wanted an examination of the processes it uses, how effectively they are working to advance the national health IT agenda, and recommendations for improvement.  This letter report presents a background discussion, an assessment of the pace of ONC's activities, an analysis of the need for and content of a strategic plan, and a review of the cohesiveness and coordination of ONC's standards processes.  

Strategic Management of Information and Communications Technology: The United States Air Force Experience with Y2K (PGA, CSTB)

Released 08.27.07

The Y2K situation presented an opportunity to learn how various factors affect risk that can threatens critical information infrastructure.  Events since then have demonstrated how an incomplete plan for strategic management of information and communications technology (ICT) could have severe consequences for delivery of emergency services.  This report provides lessons from how the US Air Force prepared for and responded to the Y2K threat.  It presents them under three headings: lessons for managing ICT complexity, lessons for aligning organizational and ICT strategies, and lessons for minimizing ICT risk.  The report also offers recommendations for improving Air Force management of information and supporting infrastructure and their implications for other organizations.  This report represents only the views of the principal investigator and not necessarily those of the NRC.

Fusion of Security System Data to Improve Airport Security (NMAB)

Released 10.30.07

The security of the U.S. commercial aviation system has been a growing concern since the 1970's when the hijacking of aircraft became a serious problem.  Over that period, federal aviation officials have been searching for more effective ways for non-invasive screening of passengers, luggage, and cargo to detect concealed explosives and weapons.  To assist in this effort, the Transportation Security Administration (TSA) asked the NRC for a study of emerging screening technologies.  This report-the fourth of four-focuses on data fusion as a means to significantly improve the ability of the existing suite of airport detection systems and access control systems to detect and prevent attacks.  The report presents a discussion of the data fusion, an analysis of current data fusion efforts, and an assessment of data fusion opportunities for various airport security activities. 

Released 09.06.07

The growing scale and complexity of software-intensive systems are introducing fundamental new challenges of uncertainty and scale that are particularly demanding for defense systems.  To assist in meeting these challenges, the Department of Defense asked the NRC to assess the nature of U.S. national investment in software research.  As part of this study, a workshop was held to examine uncertainty at scale in current and future software-intensive systems. This report presents a summary of the workshop discussions that centered on process, architecture, and the grand scale; DoD software challenges for future systems; agility at scale; quality and assurance with scale and uncertainty; and enterprise scale and beyond.  The report also offers a summary of key themes emerging from the workshop: architectural challenges in large-scale systems; the need for software engineering capability; and open questions and research opportunities. 

Released 08.06.07

The use of the Internet by individuals to conduct business with a broad array of private and public organizations is now very common. One of the largest of these, the Social Security Administration (SSA), has been developing online services for more than a decade. As it continues to develop e-government services, the SSA asked the NRC to examine its proposed e-government strategy including comparisons with those of comparable public- and private-sector institutions. This report provides an overview of broad organizational, technological, and societal context in which these services are being developed; a review of lessons from electronic services in global financial institutions; an assessment of existing and expected technology; and an analysis of the organizational transformation needed for effective application of e-government services.

Released 06.26.07

The nation's critical infrastructure depends extensively on information technology (IT). The United States, however, faces real risks that adversaries will exploit vulnerabilities in the nation's critical information systems. In addition, there is inadequate understanding of what makes IT systems vulnerable, how best to reduce these vulnerabilities, and how to transfer cybersecurity knowledge to practice. In response to these concerns and at the request of Congress, the NRC undertook a study to develop a strategy for cybersecurity research that could address this vulnerability issue. This report presents an assessment of the nature of the cybersecurity threat; explores why previous research efforts have been less effective than desired; gives an analysis of human resource needs to advance cybersecurity research; provides a collection of illustrative research areas; and offers a set of priorities for action.

Released 05.09.07

Certification of a critical system means assurance that it is safe, secure, and will perform as intended. Usually, a software system is certified as dependable by assessing the process used to develop it. While direct observation of the system would provide a better means of assessing dependability, such observations are very difficult because of the complexity of software systems and discontinuous way they are used. To help understand the issues about determining software system dependability, the NRC, at the request of the NSF, the National Security Agency, the Office of Naval Research, and the FAA, carried out a study to asses the current state of certification in dependable systems. This study approached this task by addressing the question of how software might be made more dependable in a cost-effective manner, rather than the narrower question of software certification per se. The report presents a current view of software systems and dependability; an analysis of several key issues including transparency, evidence and openness, security concerns, education, and research; and findings and recommendations about software dependability and certification.

Released 05.04.07

The rapid expansion of information technology in recent years has dramatically increased attention on privacy. While there has been much written about privacy recently, most articles have presented the issue from a single point of view that did not consider the important interactions of technology, law, economics, business, social sciences, and ethics. In order to provide a broad-based look at privacy in the information age, the NRC-supported by the W.K. Kellogg, Alfred P. Sloan, and AT&T Foundations, and the Carnegie Corporation-carried out a study focusing on the fundamental concepts of privacy; the laws surrounding privacy; the tradeoffs among important areas of society; and the impact of technology on privacy conceptions. The report presents a review of thinking about privacy; an analysis of the intellectual, technological, legal, and political aspects of privacy; detailed examinations of privacy in the context of various data-intensive organizations, health care, libraries, law enforcement, and national security; and findings and recommendations about key, information technology-related privacy issues.

Improving Disaster Management: the Role of IT in Mitigation, Preparedness, Response, and Recovery (CSTB)

Released 01/29/2007

Information technology (IT) has the potential to play a critical role in managing natural and human made disasters. Damage to communications infrastructure, along with other communications problems exacerbated the difficulties in carrying out response and recovery efforts following Hurricane Katrina. To assist government planning in this area, the Congress, in the E-government Act of 2002, directed the Federal Emergency Management Agency (FEMA) to request the NRC to conduct a study on the application of IT to disaster management. This report characterizes disaster management providing a framework for considering the range and nature of information and communication needs; presents a vision of the potential for IT to improve disaster management; provides an analysis of structural, organizational, and other non-technical barriers to the acquisition, adoption, and effective use of IT in disaster; and offers an outline of a research program aimed at strengthening IT-enabled capabilities for disaster management.