NIST 2012 budget spotlights cybersecurity
The fiscal 2012 budget for the National Institute of Standards and Technology in the appropriations bill signed into law in November is up just slightly from fiscal 2011, but it shifts a sizable amount of money to in-house research and engineering, including two cybersecurity programs.
A National Cybersecurity Center of Excellence to be housed at NIST is funded to the tune of $10 million for the year, and $16.5 million is appropriated to support the administration’s National Strategy for Trusted Identities in Cyberspace, which is managed by NIST.
The Consolidated and Continuing Appropriations Act of 2012 provides $750.8 million for NIST overall, up from $750.1 million for last year. The lion’s share of the budget, $567 million, goes to Scientific and Technical Research Services, an increase of almost $70 million in the current year, according to NIST. Of the remainder, $128.4 million goes to the Hollings Manufacturing Extension Partnership, a public-private green manufacturing initiative managed by NIST to work with small and midsize U.S. manufacturers. Another $55.4 million is slated for construction and maintenance of research facilities, down $14.5 million from fiscal 2011.
Trusted Identities plan a 'major step' toward securing online transactions
Cut from this year’s budget were the Technology Innovation Program and the Baldridge Performance Excellence Program.
Development of cybersecurity standards and guidelines has become a major effort at NIST, particularly since the passage of the Federal Information Security Management Act in 2002, which made the agency responsible for technical specifications for FISMA compliance. Its publications have helped to establish a baseline for information security requirements, along with formal descriptions and definitions for foundational concepts such as risk-based management.
This effort would be extended in the National Cybersecurity Center for Excellence. The center is intended to support cybersecurity activities in state and local governments, academia, and the private sector as well as the federal government. It will provide a hub for developing, evaluating and transferring technology to the sectors. Its activities would include researching cybersecurity threats and training workers.
NIST was chosen to house the center because although a number of agencies have a role in government’s information assurance, NIST is the only federal lab whose mission is to collaborate with the private sector on standards.
The National Strategy for Trusted Identities in Cyberspace, released in April, is a conceptual framework for a system of voluntary, interoperable credentials that could be widely accepted for online transactions. The goal is to create an identity ecosystem that would help enable the estimated $10 trillion worth of online business being conducted globally each year. The program does not envision a single, government-mandated ID or credential. The private sector would be responsible for developing and fielding the technologies for the ID ecosystem, with the government playing only a supporting role. NIST manages the NSTIC program office and coordinates interagency activities in this area.
NSTIC’s roots go back to the president’s Cyberspace Policy Review, which recommended the creation of an identity ecosystem that would allow the use of strong, interoperable credentials.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.