NIST to delay IT lab reorganization

The National Institute of Standards and Technology is delaying the proposed reorganization of its Information Technology Laboratory office.

In a short comment on its Web site, NIST says it will reassess comments from stakeholders.

"We are seriously considering this input and plan to re-evaluate how to ensure that our structure is as flexible and efficient as possible in meeting the many challenges and opportunities ahead," the statement on the Web site states. "ITL welcomes input and looks forward to continued conversations on this matter."

NIST first announced its desire to reorganize the laboratory, which includes the cybersecurity division and other technical work, in August.

The plan immediately drew concerns from the cybersecurity community about how it would impact the division responsible for setting standards and recommending ways to protect federal networks.

The House Science and Technology subcommittee on Technology and Innovation is holding a hearing today on the reorganization plans as well as NIST's potential role in help secure federal computers under the administration's cybersecurity review.

The committee says the reorganization "would, as part of its actions, split the CSD and combine its programs with others to form two new divisions. Cybersecurity experts are concerned that the split of CSD will take focus away from cybersecurity and are not clear on how the reorganization will improve the function and future capabilities of ITL."

ITL director Cita Furlani is expected to testify.

The Information Security and Privacy Advisory Board (ISPAB) wrote a letter Oct. 20 to Furlani offering some ideas about the reorganization. The ISPAB includes government and industry cybersecurity and privacy experts who provide recommendations and input to NIST.

"Any potential reorganization should seek to retain strengths, close gaps and -perhaps most importantly-be flexible enough to adapt and support evolving future needs for cybersecurity in government and industry," states the letter from ISPAB chairman Dan Chenok, a senior vice president at Pragmatics and a former long-time Office of Management and Budget official.

The ISPAB offers Furlani several recommendations to consider:

• Any reorganization should strengthen its ability to set standards, guidance and lead agencies. NIST could do this by promoting cybersecurity as part of the ITL's name, or creating a cybersecurity specific lab.

• Create an associate director for cybersecurity as a direct report to the ITL director. This person should have the authority to influence the agency's priorities.

• Maintain all cyber-related resources in a single organization. And should NIST decide to spread these responsibilities across many divisions, the associate director for cybersecurity should coordinate all the activities among those offices.

• Any reorganization should address the increasing importance of privacy as another element of cyber protection.

"NIST may wish to discuss any substantive reorganization of its federal agency computer security program with the White House Cyber Coordinator once that person is in place, so that the coordinator may review NIST's role and responsibilities within the overall federal security program-including how the current and proposed NIST/CSD organization aligns with recommendations in the President's 60-day cybersecurity review," the letter states.

-----

On the Web:

NIST- IT Laboratory home page

NIST-ISPAB Web sites

NIST-ISPAB letter about ITL reorganization

FederalNewsRadio-NIST releases final cybersecurity recommendations

(Copyright 2009 by FederalNewsRadio.com. All Rights Reserved.)