Interview with Peter Mell, Cloud Computing Project Lead, Senior Computer Scientist, National Institute of Standards and Technology

This interview was taken at the December 2009 Government Technology Research Alliance (GTRA) Council Meeting.

Mr. Mell is the cloud computing and security project lead at the National Institute of Standards and Technology (NIST) and is vice chair of the interagency Cloud Computing Advisory Council. He is the creator of the United States National Vulnerability Database and lead author of the Common Vulnerability Scoring System (CVSS) version 2 vulnerability metric used to secure credit card systems worldwide. His research experience includes the areas of cloud computing, security metrics, security automation, vulnerability databases, and intrusion detection systems (IDSs). (Source: FOSE 2010)


Federal IT Group: Could you briefly describe some of the key challenges that your office is facing these days?

Peter Mell: Although I don’t have any program office formally assigned to me, I am involved in all cloud-related groups within the federal government. I have been leading the Cloud Security Working Group for the past 3 months. One of the critical challenges is government-wide assessment and authorization for cloud-based systems. What is particularly difficult in this regard is getting the pertinent requirements vetted throughout the government – this largely involves selling the agencies on the idea that they can truly use this government-wide cloud authorization.

Another major challenge is to figure out how Trusted Internet Connection (TIC) would work with the cloud. On the surface, they seem to impede each other, and the issue then becomes how to find a solution for securing the federal perimeter and allowing the cloud to function.

Federal IT Group: Imagine an Office of the Chief Information Officer of some cabinet-level agency. In your view, what traditional roles within that office will undergo the greatest degree of transformation (perhaps even to the point of completely disappearing) with the advent of cloud computing?

Peter Mell: For one, agency data centers will evolve into private clouds. As the latter offer homogenous interfaces, the nature of system administrators’ work will change considerably. Also, transition of multiple IT-related functions to public clouds will increasingly free federal CIOs from the mundane task of running “commodity” IT applications, such as office and e-mail, thus allowing to channel this valuable resource (which the federal CIOs represent) towards mission-enhancing programs and capabilities.

Federal IT Group: We noticed that you are an active LinkedIn user. What, if anything, do you find particularly useful about LinkedIn and other social networking tools in your line of work?

Peter Mell: LinkedIn is very handy for keeping track of contacts – it is, in a sense, an automatically updating rolodex. I also find web collaboration and presentation tools to be useful – the feature allowing to exchange instant messages with meeting participants is particularly interesting (although it may seem a bit impolite to chat while someone else is presenting). I am not as active social media user as many people are these days: it is not, however, because I don’t like them – it is just that I tend to shut my computer off when leave the office.

Federal IT Group: What is your vision for social networks? Do you seem evolving into real pools of expertise that federal technology leaders can tap into as part of their day-to-day activities?

Peter Mell: I think it is inevitable. The real issue, however, is finding a secure cloud model that can support that. One can think of social media as software-as-a-service (SaaS). This, in turn, causes a problem when it comes to TIC, and we may need a physically and logically separated SaaS implementation for federal use. We have already seen the vendor community discussing that idea.