290 million
NIST is looking for a few good cryptographers
The National Institute of Standards and Technology wants to hire about 15 cryptographers over the next five years to deal with a growing portfolio in emerging areas such as quantum and lightweight cryptogra-
phy, said Matthew Scholl, chief of NIST’s Computer Security Division.
The government has long struggled to retain top IT security talent, partly because the private sector often pays much more. Scholl said that although there is stiff com- petition for new cryptogra- phers, NIST does not have a high turnover rate. “The joke at NIST is you work here three years or you work here [for] 30,” he said.
Such algorithms make it more difficult for attackers to decrypt messages.
The episode “called into question our trust,” Scholl told FCW. “We’re a non-regulatory agency, so the only cur-
rency we have is that people trust us and that the work we do is good.”
A panel of indepen- dent advisers convened by NIST’s Visiting Committee on Advanced Technology wrote in a July 2014 report that “NIST may seek the advice of the NSA on cryptograph- ic matters, but it must be in a position to assess it and reject it when warranted.”
NSA’s cryptographic expertise continues to be a resource for NIST, but it is one of many resources that include industry and gov- Scholl said. “We’re going to
passport-related records are in the State Department database that was found to be vulnerable to hacking
IN THE IT PIPELINE
WHAT: An invitation to col- laborate on the General Ser- vices Administration’s upcoming blanket purchase agreement for cloud services.
WHY: With the expiration of
the first governmentwide cloud computing contract (the infra- structure-as-a-service BPA) and a looming August expiration date for the email-as-a-service BPA, GSA is developing a new cloud acquisition vehicle for federal agencies, including the Defense Department.
GSA released a request for information for the Cloud Con- tract Fostering Innovation in Gov- ernment (Cloud ConFIG) in Febru- ary, and in late March, it issued a “scope statement” that says the multiple-award, indefinite-deliv- ery, indefinite-quantity contract would cover “all cloud computing services and cloud computing service-based solutions.”
“The contract encompasses all components necessary for implementing a complete cloud computing solution while allow- ing ancillary services for plan- ning, development, implemen- tation and support,” according
to the statement. “The contract shall support all cloud computing service models including infra- structure-, platform- and software as-a-service and all deployment models such as public, private, community and hybrid.”
GSA plans to release a draft request for proposals this year. In the meantime, it is inviting gov- ernment and industry stakehold- ers to provide input and feedback on the developing contract.
FULL ANNOUNCEMENT:
is.gd/FCW_Cloud
NIST’s reputation as an independent body took a
hit after documents leaked by former National Security Agency contractor Edward Snowden showed evidence that NSA had subverted a NIST-approved algorithm known as Dual_EC_DRBG.
ernment,
continue to work with NSA, which is different than saying we’re going to be dependent on them,” he added.
Matthew Scholl said NSA is only one of many resources for NIST, and the agency wants to expand
its in-house cryptographic expertise.
— Sean Lyngaas
Ashley Mahan
@fedrampashley
A-Team representing @FedRAMP at @FCWnow “Overcoming Barriers to the Cloud.” @USGSA
Reply Retweet Favorite
8:05 AM - 30 Mar 2016
Join the conversation
FCW usesTwitter to break news, field questions and ask our own.
Learn more atTwitter.com/FCWnow.
April 30, 2016
FCW.COM 9