NIST's budget woes

National Institute of Standards and Technology report

After a year-long study, members of a federal advisory board have concluded that funding for computer security activities at the National Institute of Standards and Technology is inadequate and is delaying progress toward solving urgent cybersecurity problems.

A report on the study conducted by the Information Security and Privacy Advisory Board states that insufficient funds have forced officials in NIST's Computer Security Division to reduce their involvement in a security product certification program for federal agencies.

The report, "The Case for Adequate Funding," also suggests that research on wireless, radio frequency identification, voice-over-IP and other new technologies is lagging because of the funding shortfall.

In addition, it cites delays in developing guidelines for retrofitting the control systems of critical infrastructures, such as oil pipelines, with cryptographic security modules.

The board's report suggests that funding for the NIST division "has not kept pace with the growing demand for cybersecurity guidelines and standards as a result of the government's and the nation's growing reliance on information technology."

The board, which derives its statutory authority from the Federal Information Security Management Act (FISMA) of 2002,

advises NIST officials, the Commerce Department secretary and the director of the Office of Management and Budget on information security and privacy issues pertaining to federal information systems.

The report states that federal civilian agencies spend about $2 billion annually on computer security. In fiscal 2004, NIST's Computer Security Division had a budget of $15.1 million and 53 full-time employees. Lawmakers have not yet passed an appropriations bill for NIST's fiscal 2005 budget.

Many government and private-sector security experts said they agree with the report's conclusion that new security requirements, especially those included in FISMA, have created a bigger demand for security guidelines and that funding for NIST's Computer Security Division is inadequate.

"The funding issue at NIST has been a continuing and chronic problem since the passage of the Computer Security Act [of 1987], which gave NIST a lot of authority and responsibility but never gave them the financial resources," said Lynn McNulty, director of government affairs for the International Information Systems Security Certification Consortium Inc. and associate director for computer security at NIST from 1988 to 1995.

Others familiar with the report agree that budget constraints are limiting the ability of NIST's computer security experts to provide practical guidelines in many new areas.

In some respects, however, NIST's cybersecurity experts may be their own worst enemy when it comes to getting a bigger piece of the budget pie. They have a reputation for efficiency and independence, two qualities that are lacking in other standards bodies, many of which are dominated by vendors with self-interested motives, said Paul Proctor, vice president for security and risk strategies at the Meta Group Inc.

"They're getting a lot done at NIST with relatively minimal funding," he said, in part because NIST's technical experts don't waste energy on political squabbles that hinder other standards groups. "They're able to be efficient because they don't have those types of concerns."


  • Congress
    U.S. Capitol (Photo by M DOGAN / Shutterstock)

    Funding bill clears Congress, heads for president's desk

    The $1.3 trillion spending package passed the House of Representatives on March 22 and the Senate in the early hours of March 23. President Trump is expected to sign the bill, securing government funding for the remainder of fiscal year 2018.

  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.