NIST puts reorganization of IT Lab on hold
Connecting state and local government leaders
The proposed restructuring of the IT Lab — which includes the Computer Security Division that has produced hundreds of standards, specifications and guidelines for IT security requirements — proved more controversial than expected.
The National Institute of Standards and Technology is delaying for the next couple of months a plan to reorganize its Information Technology Laboratory.
“Based on the feedback we continue to receive, ITL has decided to put our proposed reorganization on hold,” NIST said in a statement released Thursday.
The original goal had been to complete the reorganization by the end of fiscal 2009, which closed Sept. 30. But the proposal proved more controversial than expected and ITL director Cita Furlani said the agency is giving itself “the luxury of time to think through the comments we’ve gotten.”
There is no formal timeline for the process, but Furlani said she hoped any changes could be made well before the next fiscal break.
“We have received expressions of both support and concern from various stakeholders,” the NIST statement said. “We are seriously considering this input and plan to re-evaluate how to ensure that our structure is as flexible and efficient as possible in meeting the many challenges and opportunities ahead. ITL welcomes input (itl_inquiries@nist.gov) and looks forward to continued conversations on this matter.”
Despite concerns that have been expressed, Furlani said that the reason for a reorganization still hold true.
“The lab has been in the same structure for a number of years,” she said. “The world of IT has changed drastically in that time. There may be better ways for us to be structured.”
The IT Lab does research on metrics and standards in a wide range of areas in information technology. Its roots date back 40 years, to the creation of the Center for Computer Science and Technology in what was then the National Bureau of Standards in 1969. The Computer Security Act of 1987 gave NBS responsibility for security unclassified computer systems, and the IT Lab was created by NIST in 1996. Its budget for fiscal 2008 was $97.9 million. The Computer Security Division within the lab has produced standard encryption algorithms, guidance for complying with computer security requirements and established standards for government use of information technology.
“The proposed reorganization would not include any reduction in force, or major changes in the lab’s core competencies,” NIST said in a statement in August. “An additional key goal is to strengthen NIST’s cybersecurity efforts.”
A key element in the proposed reorganization would have been relocating the chief cybersecurity advisor (Curt Barker, also currently head of the Computer Security Division) from the division to the IT Lab central office to provide wider authority to coordinate cybersecurity projects throughout the lab. The proposed changes would not have changed Computer Security Division’s technical program.
But a group of former NIST officials, worried that the move would disrupt an organization that has worked well, went public with their concerns before NIST had finalized its plans.
“In our opinion, this proposed reorganization breaks up an organizational component that has effectively provided computer security leadership to the government and the private sector for over thirty years,” they said in an Aug. 10 letter to acting NIST Director Patrick Gallagher. “We believe it is a major mistake to diminish NIST’s computer security program at a time when external support for the program is at an all-time high and when cyber security is of vital importance to the economic well-being and security of our nation.”
The letter was signed by Dr. Dennis Branstad, Dr. Stuart Katzke, F. Lynn McNulty and Miles E Smid, who characterized themselves as founders and past leaders of the division.
Given the amount of feedback being received and the fact that the initial deadline could not be met, NIST is taking the time it needs to consider comments and continue gathering information from its staff, Furlani said. The Sept. 30 deadline was just a convenient marker, she said.
“We didn’t make the fiscal year break, we can now take another two or three months and think it through,” she said. “We have time now, so slow down.”