Last month Rep. Comstock (R,VA) introduced HR 6229,
the National Institute of Standards and Technology (NIST) Reauthorization Act
of 2018. The bill would provide authorization for NIST for both FY 2018 and FY
2019. The bill was adopted by a voice vote in a mark-up hearing by the
Committee on Space, Science, and Technology on June 27th, 2018 with one
amendment. The bill contains a number of cybersecurity provisions.
Cybersecurity
Section 4 of the bill addresses the NIST cybersecurity
programs. Most of it deals with support for the cybersecurity operations of agencies
of the Federal government, but paragraph (c) addresses the cybersecurity research
activities of NIST. These include:
• The development of research and
engineering capabilities to provide practical solutions, including measurement
techniques and engineering toolkits, to solve cybersecurity challenges such as
human factors, identity management, network security, privacy, and software;
• Investment in tools to help
private and public-sector organizations measure their cybersecurity, manage
their risks and ensure workforce preparedness for new cybersecurity challenges;
and
• Investment in programs to prepare the United States
with strong cybersecurity and encryption technologies to apply to emerging technologies
such as artificial intelligence, the internet of things, and quantum computing.
Section 7 of the bill addresses NIST research activity
associated with the internet of things (IoT). It specifically addresses
cybersecurity in two subparagraphs:
• The development of new tools and
methodologies for cybersecurity of the internet of things; and
• The development and publication
of new cybersecurity tools, encryption methods, and best practices for internet
of things security.
None of the research requirements mentioned above include
specific authorization for funding, so NIST will have to fund this research out
of existing programs.
Committee Amendment
Rep. Comstock (R,VA) introduced the only
amendment to HR 6229 to be considered by the Committee. It increased the
authorized FY 2019 spending for NIST from $1.115 to $1.125 trillion dollars. It
allocated all of that the funding increase to spending for industrial
technology services; increased from $145 million to $155 million. It also
removed the sub-allocation amounts in that account for the Manufacturing
Extension Partnership and Manufacturing Innovation programs.
Moving Forward
This bill will move forward to the floor of the House. It
will probably be considered under the suspension of the rules provisions with
limited debate and no floor amendments. It will receive wide bipartisan
support.
Commentary
It was disappointing to me to see no specific mention of industrial
control system cybersecurity in the NIST research agenda while IoT received
equal billing with cybersecurity and quantum information science. This is not
implying that ICS cybersecurity research will not be conducted by NIST, just
that Congress still does not see ICS cybersecurity as a priority. I expected
better from the Science, Technology, and Space Committee.
On a nit-picking side note. There had been one other amendment
proposed to this bill, but it was withdrawn by its author, Rep. Tonko (D,NY),
presumably in favor of the Comstock amendment. Tonko’s version would have reduced
the overall R&D authorization by $10 million to $840 million while
increasing the industrial technology services account to the same $150 million
set in the Comstock amendment. Tonko, however, would have allocated all of that
increase to the Manufacturing Innovation Program.
The administrative problem with both of these amendments is
that neither says where the additional $10 million for industrial technology services
would come from. Comstock did not increase the R&D authorization and Tonko
actually would have reduced it. Thus, both amendments would require NIST to
reduce funding for other existing (but not specifically authorized) programs to
provide the additional funding required.
Posts
No comments:
Post a Comment