Ranking Member Beyer’s Opening Statement for NIST Physical Security Vulnerabilities Hearing
(Washington, DC) – Today, the House Committee on Science, Space, and Technology’s Subcommittees on Oversight and Research and Technology are holding a hearing titled, “NIST’s Physical Security Vulnerabilities: A GAO Undercover Review.”
Ranking Member of the Subcommittee on Oversight, Rep. Don Beyer’s (D-VA), opening statement for the record is below.
Thank you Chairs LaHood and Comstock for holding this hearing today.
The National Institute of Standards and Technology or NIST is a vital federal science agency that, for more than one hundred years, has helped push American innovation in areas as diverse as computer chips, nanoscale devices, the smart electric power grid and earthquake-resistant skyscrapers. The advanced technologies being developed and pioneering research being conducted at NIST makes security of its facilities and technologies critically important.
Unfortunately, security at NIST – on its Gaithersburg, Maryland and Boulder, Colorado campuses – has been a struggle. In July 2015, a NIST police officer attempting to brew methamphetamine in a little used laboratory on the Gaithersburg campus was injured in an explosion. He was subsequently arrested, fired, and is currently serving a 41 month prison sentence. In April 2016, a non-NIST employee gained access to a secure lab on NIST’s Boulder, Colorado campus. In May 2017, a paraglider landed on the grounds of the Colorado campus, and in June 2017 a member of NIST’s police force was arrested and charged with 1st and 2nd degree assault by the Frederick County Sheriff’s Department in Maryland.
Today, we will discuss the Government Accountability Office’s (GAO’s) recent security review of NIST at both campuses. The review showed significant issues with NIST’s security structure, operating procedures, and performance. Security awareness training for NIST employees should be increased, the Agency’s guard force must improve their attentiveness to potential threats, the effectiveness of NIST’s security procedures must be thoroughly assessed, and a comprehensive communication strategy that can help identify and resolve potential security threats should be implemented.
My biggest concern regarding security at NIST is the Agency’s security structure. It is fragmented, inefficient and in some cases inadequate. The Department of Commerce oversees the security personnel at NIST who implement physical security policies, for example, while NIST manages access control technologies and other physical security countermeasures. This security structure violates best practice for security, which calls for centrally managing physical security assets and operations. Without a cohesive organizational structure, it seems inevitable that gaps in security will continue to emerge, and the management of NIST’s security will be inefficient and potentially ineffective in confronting threats to the Agency and its employees.
GAO, in its review, pointed out further problems with NIST security management that we will hear more about today. It is worth noting that the GAO’s security review also found that NIST’s leadership has made a positive commitment to improving security and that 75 percent of NIST staff surveyed by GAO believed that NIST’s leadership places a “great” or “very great” importance on security issues. This commitment to security is encouraging, but there is much room for concrete improvements. I expect the leadership at the Department of Commerce and NIST to work together to fully and quickly address the issues outlined in the GAO report.
I believe NIST is a vital federal science agency, and that is why I am concerned about the physical security issues highlighted in the GAO report. The science and technology research and programs carried out at NIST helps U.S. businesses grow, it strengthens the U.S. economy, and it expands our scientific and technical knowledge. The public, and Congress, expect NIST to not only protect their vital resources, and in some cases hazardous materials, from potential threats, but also to protect NIST’s employees, visiting scientists and others from physical security risks. I would also point out that the Acting Director of NIST, Dr. Kent Rochford, only stepped into this role in January. I am glad you are here today Dr. Rochford to tell us how you plan to address these important issues moving forward.
Finally, I would like to note my disappointment with the Department of Commerce and NIST for their late submittal of their testimony for today’s hearing. They submitted their testimony less than 24 hours ago, well after the 48 hour deadline. Additionally, NIST and Commerce submitted joint written testimony that was unexpected and surprised the Science Committee Majority and Minority. Perhaps Dr. Rochford and Ms. Casias can explain this in their testimony.
Thank you Chairman LaHood for calling this hearing. Thank you to all of our witnesses, particularly to the GAO’s Seto Bagdoyan and his team, for its work on this issue. I look forward to hearing from each of our witnesses.
I yield back.