Hearing of the Senate Commerce, Science, and Transportation Committee - Partnership Between NIST and the Private Sector

Hearing

We are going to spend a lot of time today talking about a federal agency most Americans have never heard of, the National Institute of Standards and Technology -- or NIST. I can assure you that in this Committee, we have heard of NIST. And we understand and appreciate the important role NIST plays in our country's economic success. Just as importantly, there are scientists, engineers, and technical experts all over the world who have heard of NIST, and who view NIST's work as the gold standard.

Let me give you an example. A couple of weeks ago, this Committee was having a hearing on the very important issue of improving forensic science. One of our witnesses was the chief of the forensic science lab in the Netherlands, which is one of the top forensic science labs in the world. This Netherlands official proudly announced at the hearing that his agency had just signed a memorandum of agreement to work with NIST on improving the quality of forensic science standards. When Senator Thune asked him why his agency wanted to partner with NIST, he said it was because when it comes to standards, NIST is "absolutely the top-notch organization, the state of the art, worldwide."

If you look up NIST's authorizing law, you will read that NIST's core mission is to serve as a laboratory, a "science, engineering, technology, and measurement laboratory." I really want to stress this point for the members of this Committee and the business community who may not have worked closely with NIST before. NIST is not a regulatory agency. It's a scientific laboratory.

NIST's mission is to help American businesses solve tough technical problems. Whether it's emerging technologies like the Smart Grid or cloud computing, or consumer products like flame-retardant mattresses or television screens, NIST's job is to help American industry help itself. With its unrivaled technical expertise and its well-deserved reputation for objectivity, NIST has been working closely with the private sector for many years to help U.S. companies innovate and compete successfully with their foreign competitors.

I was very pleased -- but not really surprised -- when President Obama issued an Executive Order earlier this year instructing NIST to begin looking at how we can protect our critical assets from cyber attacks. I am looking forward to hearing from Dr. Gallagher and our other witnesses today about how their work on this so-called "Cybersecurity Framework" is progressing. Getting NIST involved in cybersecurity makes a lot of sense, because NIST already has decades of experience working with the private sector on computer security issues. NIST's computer security work goes as far back as 1972, when it started working on the Data Encryption Standard.

It also makes sense because we need our country's very best minds -- in both the public and the private sectors -- focused and working on this problem. Back in 2009, when Senator Snowe and I started working on cybersecurity legislation in the Commerce Committee, not everybody appreciated the seriousness of this threat. But today, four years later, I believe that we have reached a very broad consensus in this country that cyber attacks present one of the gravest threats to our national and economic security. Every new report about stolen intellectual property or a disruption-of-service attack against a large U.S. company drives this point home.

Making progress against our cyber adversaries is going to require a sustained, coordinated effort between the public and private sectors. And it is going to require the combined resources of many different government agencies and businesses. Acting alone, this Committee cannot make all of the changes needed to give our government and businesses the tools they need to make real progress on cybersecurity.

But there are some important steps we can and should take, such as promoting cybersecurity research and encouraging talented young people to work in cybersecurity. Probably the most important step we can take as a Committee is to make sure the technical experts at NIST stay engaged and working with the private sector to develop effective cybersecurity standards. If this process succeeds, our businesses and government agencies will have a powerful new tool to protect themselves against cyber attacks.

I would like to thank Senator Thune for working with me on this important issue. Since he became Ranking Member of this Committee at the beginning of this year, he has devoted a lot of time to learning about cybersecurity. Yesterday, we introduced legislation that we hope will serve as one of the cornerstones for our country's cybersecurity strategy. I look forward to having a good conversation today about our bill, and about other things we can and should be doing to help protect our country from this threat.

Source