Last week Rep. Moolenaar (R,MI) introduced HR 5639, the National
Institute of Standards and Technology Improvement Act of 2016. The bill updates
the National Institute of Standards and Technology Act (15
USC 272). There is only one minor cybersecurity provision in the bill.
Cybersecurity Provision
Section 11 of the bill makes one small change to 15
USC 278g–3, the computer standards program. It removes the words ‘National
Security Agency’ from paragraph (c)(1). That paragraph lists the agencies that
NIST must consult with in establishing standards for information systems and cybersecurity
standards for federal information systems.
Moving Forward
Moolenaar is a member of the House Science, Space and Technology
Committee, the committee to which the bill was assigned for consideration. More
importantly many of the ten
cosponsors are influential members of the Committee and the Congressional
leadership. This is clearly reflected by the fact that the bill will be
considered this week under suspension of the rules. The bill will almost
certainly pass with substantial bipartisan support.
Commentary
This change was almost certainly included in response to
news that the NSA influenced NIST to include backdoors into encryption
standards. The change does not prevent NIST from consulting with NSA, or limit
what influence NSA has on NIST operations. The change is simply a face saving
move by Congress so that it appears that Congress has limited the influence of
NSA.
Posts
No comments:
Post a Comment