The Commerce Department’s budget request for fiscal 2016 includes 7 percent increase in cybersecurity funding at NIST to support research and standards development to protect the nation’s IT systems and critical infrastructure. The additional $7 million would help fund 10 new full time positions to expand the institute’s work in cryptography and privacy.
The National Institute of Standards and Technology is asking for a modest 7 percent increase in cybersecurity spending in the coming fiscal year to support research and standards to protect government IT systems and the nation’s critical infrastructure. The additional $7 million, included in the Commerce Department’s fiscal 2016 budget request, would boost the institute’s cybersecurity research budget to $109 million and would add 10 full-time employees to support work in cryptography and privacy protection.
Research supported by the proposed budget would help protect not only government systems but also help secure the nation’s $262 billion in annual electronic commerce and combat the $445 billion estimated global losses suffered each year from cybercrime.
Overall, NIST is seeking $1.1 billion for the coming year, which is $255.8 million above current appropriations. The lion’s share of that increase is $150 million requested to support a National Network for Manufacturing Innovation.
NIST is neither a regulatory agency nor a service provider—the Homeland Security Department is tasked with overseeing cybersecurity requirements and providing help to agencies and the private sector—but it plays an important role in the nation’s cybersecurity through its research and development of standards and specifications. Much of this work provides guidance for implementing the Federal Information Security Management Act, the primary cybersecurity regulation for federal agencies and departments. NIST has produced a library of guidelines and standards in its 800 series of Special Publications.
Although this guidance applies directly only to government IT systems, it is generally applicable in the private sector and is a valuable resource for cybersecurity. In addition to supporting FISMA, NIST also spearheads administration initiatives including improving critical infrastructure cybersecurity and the National Strategy for Trusted Identities in Cyberspace.
The growth of the Internet and of the online digital economy “place the nation’s security, economy, and public safety and health at risk and create the need for cybersecurity standards, technologies, and best practices that address interoperability, usability, and privacy,” NIST said in supporting its budget request.
In recent activity, NIST has launched the National Cybersecurity Center of Excellence, to help provide business with cybersecurity solutions based on commercially available technologies, and developed a Framework for Improving Critical Infrastructure Cybersecurity. It also in the last year has published more than 40 standards and guidelines on IT security. But NIST must keep pace with a rapidly evolving IT landscape—both government and private—and the accompanying threats from individuals, criminal organizations and nation states.
The NIST budget proposal for fiscal 2016 includes $4.4 million for the National Initiative for Cybersecurity Education, $15 million for the National Cybersecurity Center of Excellence, $16.5 million for the National Strategy for Trusted Identities in Cyberspace, and $72.7 million for cybersecurity research and development. Priorities for fiscal 2016 include developing the tools and standards to assess and manage privacy risks and ensuring the continued delivery of robust and independent cryptography capabilities, including:
- Expanding NIST’s cryptographic team;
- Expanding collaborations with academia and industry;
- Research and development programs to incorporate new cryptographic capabilities in areas such as cryptography for constrained environments, quantum-resistant cryptography, and cryptography in support of privacy; and
- Developing and promulgating standards, guidelines, tests, and measurements to support a post-quantum computing market.