NIST Restructuring Mulled by New Director

Credit EligibleAs a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

The new director of the National Institute of Standards and Technology has asked his top managers to reassess NIST's organizational structure - a move that could lead to its first reorganization in nearly two decades.

Patrick Gallagher, in an interview with GovInfoSecurity.com, cautioned that NIST could decide that the current structure should remain, but said all options would be considered, including the possibility of merging some of its 10 laboratories, the major units within NIST.

"The real objective is what's the organizational structure that makes NIST most effective in the face of some very real challenges and needs," said Gallagher, who was confirmed Nov. 5 by the Senate. "I think the country really needs NIST to be responsive, and to be capable and to work effectively with its stakeholder communities. There are a lot of ways doing that, and one of those tools is management structure."

Part of the Department of Commerce, NIST - created in 1901 as the National Bureau of Standards, a name that lasted till 1988 - is organized into 10 laboratories to fulfill its mission to promote American innovation and industrial competitiveness by advancing measurement science, standards and technology. Among its labs is the Information Technology Laboratory, known by the abbreviation ITL, which includes the Computer Security Division, the unit that publishes IT security guidance and standards for federal government agencies.

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

It was during a discussion of a proposed reorganization of ITL, to better coordinate NIST's cybersecurity responsibilities, that Gallagher raised the possibility of a NIST-wide restructuring.

In August, ITL Director Cita Furlani proposed a reorganization of the laboratory that would have had the head of the Computer Security Division become part of the lab director's office. Furlani said the reorganization plan would have encouraged more multidisciplinary collaboration with other NIST units in developing cybersecurity programs and guidance. But Furlani announced the withdrawal of the ITL reorganization at a Congressional hearing in October after it received mixed reviews from NIST stakeholders. At that hearing, critics of the reorganization plan contended that dividing different groups supporting the Computer Security Division's mission throughout the lab would be detrimental to its work and ultimately would weaken its impact on cybersecurity. And, some of the critics said they supported the idea of creating a separate Computer Security Laboratory because of the pressing need to safeguard government and critical private-sector IT systems and networks.

Gallagher lauded Furlani's efforts and pooh-poohed the idea of creating a separate Computer Security Laboratory.

"Every manager should be striving to make sure their organization is as effective as possible," Gallagher said in the interview. "What Cita was doing was looking at one of the major tools that a manager has, which is your organizational structure optimized for being as effective as possible. It was a very thoughtful proposal. The reality is that many of the cybersecurity activities already spread across various divisions within ITL, and this was the chance to try to create some synergies to make the organization more effective."

But Gallagher said the underwhelming backing of the reorganization plan gave NIST pause, and the proposal was pulled until the agency could evaluate the objections raised. "The goal remains to make ITL as effective as possible," he said. "In fact, that goals applies to all of NIST. Organizational structure, you don't do that lightly, it can be disruptive. You certainly want to have an organization that's structured to be as effective as possible."

Too Many Labs

Gallagher said he would be reluctant to make computer security a separate laboratory. "We have too many laboratories already," he said. "The reality is that anything you do rarely fits neatly within organizational boundary. A lot of what NIST does goes across multiple laboratories as it is. When you're managing that way, you spend a lot of time managing at these interfaces. Creating more interfaces may not be optimal solution."

Would merging one or more labs be considered to reduce the need to manage multiple interfaces? "All options should be on the table," Gallagher replied.