Key Lawmaker Backs Idea of NIST Cybersecurity Lab

Rep. Wu's Endorsement is at Odds with NIST's Top Leaders
Key Lawmaker Backs Idea of NIST Cybersecurity Lab
The chairman of the House panel with oversight over the National Institute of Standards and Technology is at odds with NIST leaders on making its Computer Security Division a laboratory, the agency's highest administrative unit. The Computer Security Division, or CSD, is part of NIST's Information Technology Laboratory.

"I do think we need elevating the Computer Security Division to laboratory status at NIST," Rep. David Wu, the Oregon Democrat who chairs the House Science and Technology's Subcommittee on Technology and Innovation, said in an interview Wednesday with "It's a very important field that deserves a profile and the increase in access of both to senior management and to resources."

But the new NIST director, Patrick Gallagher, expressed reluctance in making CSD - the unit responsible for developing standards and technology and providing guidance to secure digital assets - NIST's 11th laboratory. "One of the concerns I have right now is we have a lot of laboratories already," Gallagher said in a late November interview with "Anything you do rarely fits neatly within an organizational boundary and a lot of what NIST does goes across multiple laboratories as it is. When you are managing that way, you are spending a lot of time sort of managing at these interfaces, so creating more interfaces may not be an optimal solution."

The idea of elevating CSD to a lab was raised at a subcommittee hearing in October, when NIST IT Lab Director Cita Furlani announced that she was indefinitely withdrawing her reorganization plan to elevate the head of CSD to the IT Lab director's office, a move she said that would have encouraged more multidisciplinary collaboration among NIST units on cybersecurity programs and guidance. Wu endorsed the suspension of the IT Lab reorganization plan. "I support that indefinite hold indefinitely," he said Wednesday.

At the October hearing, Sun Microsystems Distinguished Engineer Susan Landau and Cornell University Computer Science Professor Fred Schneider suggested that CSD become a laboratory, placing it higher in the NIST organizational chart. NIST operates 10 laboratories that are responsible for conducting research and developing measurements and standards in a wide variety of disciplines, including IT, building and fire research, nanoscale science, physics and manufacturing engineering.

"A NIST laboratory-level computer security organization would provide the correct level of independence for such an organization," Landau said at the hearing. "The director would be in a better position to provide the policy guidance needed in discussions related to computer security and privacy. ... In elevating CSD to a laboratory within NIST, CSD's branding is retained. This is important to the effective filling of the CSD mission."

Furlani, at the time, expressed surprise that supporters of making CSD a lab didn't see the synergy between cybersecurity and IT. "The idea of separating cybersecurity (from) information technology is hard for me to understand because of the intertwined nature of the two," Furlani said.

Wu said Wednesday the subcommittee will hold hearings in 2010 on the idea of creating a cybersecurity lab within NIST. "We can mandate it, but I think its better to have the agency come to a more subtle rearrangement of pieces," Wu said. "We'll see what they do."

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.