Susannah Schiller: Driving innovation at NIST

2013_11_schiller_1 Susannah Schiller has been NIST’s deputy CIO for nearly a decade.

Twenty years of trends have seen the coming and going of many elusive forms of technology. As a matter of fact, the chief information officer role didn’t exist in government until 1996.

The National Institute for Standards and Technology, the agency tasked with establishing standards and technology to keep up with these changing times, has had a few consistencies, one of them includes Susannah Schiller. Schiller has been the deputy CIO for nearly a decade and worked in various roles at NIST for nearly 10 years prior to that.


To stay on top of the evolving challenges at NIST, Schiller is working to establish a new entity within the agency, focused on innovation.

“The division would both push it (innovation) forward, using more aggressive means as well as to coordinate the activities that are going on to give a place for people to come when they have innovative ideas that they want to make a reality,” Schiller said.

The division would be relatively small, but the hope is it would give more oomph to driving innovation more aggressively. The group that will focus on innovation has already been organized and formed, and getting it up and running will be determined by the division chief.

The idea of government agencies creating distinct roles for innovation is becoming more common, and several agencies have appointed chief innovation officers. For example, the Labor Department and the state of Maryland both already have chief innovation officers. The U.S. Postal Service would get one — if Congress passes the Postal Reform Act.

Migrating data to the cloud is another project Schiller has been excited to see progress, specifically in moving NIST’s data to a hybrid cloud. This cloud would house repositories for the data sets, but there would be a distinction between data sets hosted internally and those hosted outside the cloud. This cloud would allow for much more flexibility with security of data sets.


Schiller said NIST is figuring out how to best set up the hybrid cloud that would allow the agency to help scientists to determine where to host it and have the ability to move it.

“That’s an opportunity to leverage the cloud to help make this happen cost effectively, with the appropriate levels of security,” Schiller said.

The cloud will host the large amounts of data NIST has traditionally made available to the public. NIST’s mission, Schiller said, is to get its data out there so people can get their hands on it easily and do something with it.

“Our challenges are, how do we get this data that’s destined to be shared into an open format so that it can be shared more readily?” Schiller said. “At NIST, we’ve been thinking much more about that in the last year.”

Cybersecurity is an area Schiller has seen change dramatically during her time at NIST. For example, when the Federal Information Security Management Act was first implemented, Schiller said the process was extensive.


“It was largely a paper exercise, and there was a lot of effort involved in getting those incidences documented,” she said. “Now, we’ve gone to continuous monitoring where we have a much larger picture of what we have.”

Evolving cyber-threats have meant that NIST personnel who in the past typically maintained their own computers no longer can do so effectively.

“We have people who are really tech savvy who have fairly unique needs for their IT; it’s not just a desktop with word processor and an Internet browser like an administrative user, like I have,” Schiller said. “And that means that for a long time, they’ve been managing their own computers.”

NIST’s IT requirements differ from other agencies. Most agencies’ IT requirements stem from administrative needs. At NIST, there are administrative needs, but more than that are the IT needs of the scientists and researchers working in the labs.

Believe it or not, centrally managing a large number of computers at NIST has led to cost-savings. Schiller said it’s a significant cost to have a Ph.D scientist patch his or her own computer.


This transition in passing off responsibility of computer security began around the same time Schiller came into the deputy CIO role. With computer security, it boiled down to “deciding between offering high-quality service because we implemented ITIL best practices, and between the increasing threats and therefore increasing security requirements,” Schiller said.

Having spent nine years in the statistical engineering division at NIST, and another year in the director’s office of the advanced technology program working with high-risk research — a total of 26 years with NIST — Schiller is well-equipped with the experience and ability to take on the next era of cyber.

Latest Podcasts