Skip to main content
Policy and funding

Policy and funding

Concerns raised over NIST security breaches

20 Oct 2017
Image of NIST's Boulder campus
Access all areas

Security at America’s standards lab has been found to be woefully inadequate, according to a report by the US Government Accountability Office (GAO). Over the past two years, GAO agents used “very basic espionage techniques” to carry out 15 attempted break-ins at secure parts of campuses of the National Institute of Standards and Technology (NIST) in both Gaithersburg, Maryland and Boulder, Colorado. They were successful at each attempt.

The security breaches have raised significant questions about NIST’s lack of effective safeguards against unauthorized entry to the campuses, parts of which house dangerous chemicals and a nuclear research reactor. The concerns came despite NIST and the Department of Commerce, of which it is a part, having apparently tightened security recently in response to two illicit entries in 2015. At the Colorado campus, an unauthorized individual had found his way into a secure building while in Maryland a government police officer had caused an explosion while making methamphetamine in a partly empty laboratory.

Taking action

GAO representatives showed videos of the latest breaches last week at a closed portion of a hearing by a subcommittee of the House of Representatives Committee on Science, Space and Technology. “The evidence produced in these videos shines a light on the porous nature of NIST’s physical security, and are particularly concerning to the committee, especially in light of the fact that the July 2015 meth-lab explosion served to put NIST on notice that its physical security programme was flawed,” noted subcommittee member Darin LaHood, a Republican from Illinois.

The GAO says that the lack of communication between NIST and the Department of Commerce is a probable cause of the breaches. “Management of NIST’s physical security programme is fragmented between the Department of Commerce and NIST,” the report states. “This is inconsistent with the federal Interagency Security Committee’s physical security best practices, which encourage agencies to centrally manage physical security.” The report recommends that the Department of Commerce and NIST now develop better security co-ordination and risk-management policies.

“NIST takes its responsibility to ensure the physical security of NIST’s two campuses very seriously,” the agency’s acting director Ken Rochford, told the House subcommittee. “NIST is working with the Office of Security to strengthen the security culture at NIST, which the GAO notes has already had some success, though there is still some work to be done.”

That job will now be down to Walter Copan, who was approved as NIST director by the US Senate a few days after the House hearing. Copan has a PhD in chemistry and has worked at Brookhaven National Laboratory and the Department of Energy as well as in the private sector.

Related events

Copyright © 2024 by IOP Publishing Ltd and individual contributors