Monday, October 24, 2011

Greenhouse Gas Standards

Greenhouse gases (GHG) are a group of gases that, when in the atmosphere, reflect sunlight back towards the planet, heating it up as a result. Carbon dioxide, water vapor, methane, nitrous oxide, and ozone are the primary gases that carry this property, varying drastically from gas to gas with respect to the magnitude of their contribution and its duration. Cumulatively, this process, known as the greenhouse effect, plays a major role in determining the surface temperature of Earth.

As a result of concerns raised over the magnitude and significance of the human role in atmospheric GHG levels, GHG reduction efforts have blossomed, ranging in scale from personal initiatives to international laws and agreements that operate on a truly global level. In the past, GHG levels were restrained to some degree by laws aimed at increasing air quality by reducing pollution. Today, initiatives take aim at the reduction of GHG emissions specifically. These initiatives, alongside standards published through a consensus process, laws and agreements enacted at all levels of authority, and the creation of organizations and processes designed to hold others accountable, together function to address concerns over atmospheric GHG levels.

Standards, designed by open consensus-based processes, are voluntary guidelines and procedures that represent industry-wide views on the proper way to go about a specific activity, promoting fair competition, interoperability, reliability, and consistency. Regarding GHG, standards exist to guide basic assessment and measurement of GHG, quantification, monitoring, and reporting of GHG reductions or removals at a project or organizational level, as well as more specific standards, such as one detailing a specific test method for measurement of particulate emissions and heating efficiency of outdoor solid fuel-fired hydronic heating appliances.

Laws and agreements that affect GHG emissions take many forms. Chief among these are enforced mandatory caps or carbon taxes. Additionally, others voluntarily promise to reduce their GHG emissions. In either case, those involved in GHG reduction make assertions about their efforts. In those cases where the amount of GHG emitted is tied to a financial or legal system of incentives and/or repercussions, assertions of GHG emission quantities must be validated/verified by an impartial third-party. GHG emitters must, for example, make assertions based upon GHG emission measurement methods that have been shown to be both accurate and precise, as well as comply with many other prerequisites for trustable and actionable GHG assertions.

The impartial third-parties that validate/verify GHG assertions are known as GHG Validation/Verification Bodies (V/VB). The American National Standards Institute (ANSI), the national standards organization of the United States of America and its representative internationally, offers accreditation services for V/VBs through the ANSI Accreditation Program for Greenhouse Gas Validation/Verification Bodies. The program essentially does for V/VBs what V/VBs do for those making GHG assertions; it looks for consistency and reliability in the operating procedures of V/VBs, inspiring confidence in the claims they make.

Cap and Trade Programs

Cap and Trade programs, one of the more popular approaches to GHG reduction, seek to reduce GHG emissions by utilizing the free market instead of working against it, consisting of two predictably named parts, an initial cap and subsequent trading. The cap is a mandatory reduction in the total amount of emissions. Trading then serves to incentivize the reduction of GHG emissions by offering a competitive financial motive.

Essentially, everyone involved receives a certain number of allowances (either for free or by auction), translating to an absolute volume of GHG they can each legally emit. If an entity does not utilize all of their allowances, the remainder can be either kept for use at a later date or auctioned off. Conversely, an entity emitting more GHG than they have in allowances would purchase additional allowances at auction. In this manner, the auction price is dictated by supply and demand. As a whole, Cap and Trade programs are cost-effective with respect to their goal of reducing GHG emissions.

The effectiveness of Cap and Trade programs hinges directly upon the accuracy of GHG emissions and reductions data, coupled with rigorous enforcement for instances of fraud or noncompliance. This accuracy is necessary for both the accomplishment of the program’s environmental goals, as well as promoting trust among the companies involved and therefore the market as a whole. ANSI-accredited V/VBs fill this niche, serving as an impartial check upon GHG emitters and assuring that programs like Cap and Trade are achieving their desired goals.

Carbon Tax

A tax on GHG emissions is another method of financially incentivizing GHG reduction efforts. Simple in its workings, a carbon tax appends a cost to every unit of emitted GHG. Lower emissions translate directly to less carbon taxes being paid. However, while carbon taxes do encourage reductions in GHG emissions, they do not put a mandatory limit on GHG emissions, allowing for some to simply pay the tax if doing so is more profitable than reducing emissions or, alternatively, passing the cost directly to the consumer or end-user. Comparing carbon taxes to Cap and Trade programs, both options have their relative advantages and disadvantages and care must be taken to select the appropriate GHG reduction strategy.

Here, as in Cap and Trade programs, accurate GHG assertions are vitally important, creating the same need for V/VBs and the ANSI accreditation process behind them. 

Validation/Verification and Accreditation

Validation/Verification, as explained earlier, is crucial to any GHG reduction program. However, while V/VBs look at GHG assertions, V/VBs must themselves be tested for competency, impartiality, and consistency. Filling this role, the ANSI Accreditation Program for Greenhouse Gas Validation/Verification Bodies accredits GHG V/VBs based upon their adherence to the requirements set out in ISO 14065:2013, including, for example, the requirement “that validation bodies and verification bodies establish and maintain a procedure to manage the competence of its personnel,” among others. Another relevant standard is ISO 14064-3:2006, offering “guidance for the validation and verification of greenhouse gas assertions.” Additionally, a relatively recently published standard, ISO 14066:2011, will be introduced into the process in the near future as well.

In this way, ANSI accreditation serves to assure other entities of a V/VB’s competency and adherence to international and widely agreed upon standards. The ANSI GHG V/VB accreditation procedure is itself thorough, lending additional credibility to those organizations that successfully complete the process, earn accreditation, and go on to retain it after ongoing ANSI surveillance and reassessment.

The Entire Process

The entire process, with GHG assertions validated/verified by V/VBs and ANSI accrediting those V/VBs, is an integral part of the foundation of any GHG reduction program. Essentially, the influence of ANSI-accredited V/VBs is always preferable. For some emission reduction programs, such as The Climate Registry, a collaboration spanning across Canada, The United States, and Mexico, validation/verification by an ANSI-accredited V/VB is not only preferable but a prerequisite for participation. As today’s world is increasingly concerned with the level of GHG in the atmosphere and the processes that affect it, this system of validation/verification and accreditation is a critically important fixture.

For further information, consult, alongside others, the following sources:
What are Greenhouse Gases? From the U.S. Energy Information Administration (EIA), a statistical agency of the U.S. Department of Energy (DOE).
Greenhouse Gas Emissions and Cap and Trade. Both are from the U.S. Environmental Protection Agency (EPA).
The Frequently Asked Questions section of the ANSI Accreditation Program for Greenhouse Gas Validation/Verification Bodies website.

Saturday, October 22, 2011

Walking Aids and Assistive Products

In May 2011 the US Census Bureau reported there are 19.4 million people in the US that have difficulty walking or climbing stairs. Many standards help manufacturers of walking aids and assistive products address safety, ergonomics and performance, marking, labelling and information pertaining to walking aids and other assistive products such as wheelchairs, software and other devices. A keyword search of standards for walking aids returned many international standards for requirements, test methods and terminology. A similar search of standards for assistive products gave results for assistive products for walking and for the visually impaired and hearing impaired. For example ISO 23600:2007 specifies requirements for acoustic and tactile signals for pedestrian traffic lights to assist in safe and independent mobility.

A three part article by Marion A. Hersh Dept. of Electronics and Electrical Engineering, University of Glasgow covers the design, evaluation and outcomes of assistive products. In The Design and Evaluation of Assistive Technology Products and Devices Part 1, Hersh notes that assistive products should follow good design practices similar to many consumer products such as, "Compliance with any relevant national and international standards or other regulation. Good design practice generally goes beyond minimal compliance and can lead to commercial advantage if the standards or regulations become stricter due to the greater ease and reduced costs of proactive rather than reactive compliance." In the same article, Hersh cites several resources for further information. The EASTIN database, the European Assistive Technologies Information Network lists information on existing Assistive Technology (AT) products, their availability in the European market, and guidance for their appropriate choice and application.

The University of Pittsburgh Human Engineering Research Laboratories conducts research and development in assistive technology. According to HERL, their testing facility for wheelchairs "is able to conduct a majority of the ISO or ANSI/RESNA testing which is required for FDA approval. Both manual and powered wheelchairs can be tested. All manner of destructive and non-destructive testing is available." [This is not an endorsement by ANSI, just a reference for your information.We'd like to hear more about work in assistive technologies and would welcome your comments to this post.]

Read more:

Friday, October 14, 2011

IT Security Standards

IT security standards are guidelines and specifications for various practices within the IT security industry, arrived at through a process culminating in consensus. The use of IT security standards has arisen in response to how reliant the modern world has become on digital information, making it crucial to properly safeguard that information. Additionally, privacy and security concerns necessitate effective security measures. IT security standards accomplish this duty by, for example, promoting widely and thoroughly tested methods for encryption and key management or by setting out basic requirements for new entity authentication systems. IT security standards are also vital for interoperability.

IT security, at its core, is concerned with balancing the necessary tasks of keeping information secure, reliable, and accessible. To illustrate this, take the extreme and diametrically opposed examples of two security systems, one set to irreversibly destroy its data at the first sign of any attempts at unauthorized access and the other left totally accessible to any anonymous user. While both have their niche, neither of the two is widely applicable, with most situations requiring more balanced implementations.

These core requirements of security, reliability, and accessibility expand and interact with each other, meeting at a different optimal balance for every distinct industry and application. Some of the more frequent and well studied roles of IT security are to

  • Identify authorized users, verify their identity, and
  • Restrict access to only those authorized users;
  • Track authorized changes, and
  • Prevent unauthorized changes, identifying them if they do occur;
  • Keep from unnecessarily burdening authorized users and
  • Maximize system uptime.

To achieve this, the IT security industry employs a number of different techniques, ranging from broadly applied digital cryptography to physical biometrics. Since poorly implemented security measures are potentially dangerous and the nature of information technology puts a premium on interoperability, various voluntary consensus standards have emerged in the IT security industry, some trickling down from mandatory IT security standards utilized by the military and various government agencies while others embrace massive volunteer efforts.

Within the scope of IT security, two industries, those of health care and financial services, distinguish themselves by how incredibly sensitive the information they need to function is, prompting the formation of industry specific IT security standards in response. In the medical field, health care providers need information about their patients that in any other situation would be incredibly invasive of the patient’s privacy. For the financial services industry, the ever-present threat of identity theft adequately encapsulates how sensitive the financial industry’s information is. While it becomes clear that medical and financial information must be kept secured, that same information is also legitimately used in different places, requiring ease of access to be carefully balanced against properly restricting access. With that said, progress made in IT security standards for specific industries is frequently applicable in other fields.

IT security standards are in large part responsible for the ongoing stability of our modern world, doing their part to keep our information safe and our privacy secured.

Some packages of IT Security Standards, as well as individual and industry specific ones:

Entity Authentication

Entity authentication in today’s IT security industry is used as one part of a security system to verify that an entity actually is who or what they claim to be prior to allowing them access to secured information or into a secured area. The simplest example of this is when somebody fills out a username and password to log into their account on a website. Their username is a claim to an identity and their password, presumably known only to them, serves to verify their claim. While this appears simple to the user, there is quite a lot going on behind the scenes.

One approach to entity authentication, drawing from the field of cryptography, utilizes complicated algorithms and secret keys (passwords). As the need for entity authentication is present in a wide range of situations, cryptographic solutions exist with differing sets of features, varying, for example, in ease of use and security. Accommodating this variety within the IT security industry, different IT security standards have been published to address different implementations of cryptographic entity authentication.

A second approach, biometric entity authentication, relies on relatively unique physical traits such as a person’s iris or their fingerprints to ascertain their identity. The most widely known example of this is the fingerprinting process. When used as part of a more modern system, IT security standards and protocols, such as the Biometric Application Programming Interface (BioAPI), are utilized extensively for their positive effect on interoperability in addition to serving as guidelines for the design and implementation of new systems.

One major difference between cryptographic and biometric entity authentication is that while cryptographic methods rely on keys provided by individuals, biometric systems rely on information about individuals themselves, raising concerns about privacy and legality. Additionally, as some biometric systems require physical interaction, health, safety, and cultural concerns arise as well. These concerns, among others, must be addressed during the development and deployment of any entity authentication system including biometric components and thus are guided by their own IT security standards.

Entity authentication, whether cryptographic, biometric or otherwise, is a major part of today’s IT security industry. As a result, there is much development in the field, leading simultaneously to both rapid advances and a pronounced need for IT security standards focusing on interoperability and the latest secure mechanisms.

Some packages of IT security standards regarding Entity Authentication, as well as individual ones:

Cryptography and Key Management

Cryptography in today’s IT security industry is, at its core, the field of inquiry surrounding the encryption and decryption of information. Cryptographic algorithms are developed, tested and then applied, ideally securing information so that only authorized users have access to it. IT security standards find their place in promoting mechanisms that are reliable and increasing their interoperability, as well as helping to prevent the inadvertent introduction of security weaknesses.

Since the advent of the computer, the complexity of both cryptographic algorithms and cryptanalysis (systematic encryption breaking), as well as sheer processing power have all been steadily increasing, making it so that most encryption methods used today are not perfectly secure but rather so difficult to break as to be practically and realistically unbreakable at the time of their implementation. However, as progress is made in the field of cryptography, earlier algorithms become vulnerable and insecure. Here, IT security standards advocate the use of mechanisms (specific algorithms and their implementations) that are determined to be secure for a given task.

Key management is the direct application of cryptography in the IT security field. Essentially, key management is situated between cryptography and cryptographic entity authentication. As the security of encrypted information depends on the security of the key that decrypts it, IT security standards also address the various environments within which cryptographic keys are established and distributed. In doing so, IT security standards assure that any subsequent information encrypted with keys established and distributed securely will also be secure, increasing the security of the system as a whole.

Today’s cryptographic key management is largely based around symmetric and asymmetric encryption algorithms. Symmetric algorithms use a single private key for both encryption and decryption of data. Asymmetric algorithms differ in that they encrypt data with a public key and then decrypt it with a private key. The advantage of asymmetric encryption is rooted in the publically known encryption key, allowing anybody to encrypt information in such a way that only the entity holding the private key can decrypt it. In exchange for this advantage, asymmetric key algorithms are significantly more resource intensive and rely upon complicated theorems in mathematics, themselves creating a demand for progress in the field of mathematics.

One underlying aspect of the field of cryptography is the widespread acceptance of Shannon’s Maxim, “The enemy knows the system,” a design philosophy that requires methods of encryption to remain secure even if a malevolent entity knows everything there is to know about the system with the exception of the private key. This allows for cryptographic algorithms and key management mechanisms to be released for wide review prior to widespread use. Combining this with a development process focusing heavily on consensus, IT security standards reflect what the IT industry as a whole considers secure.

Some packages of IT security standards regarding Cryptography and Key Management, as well as individual ones: