What's Wrong With This Picture?
You can add NIAP to your acronym collection, courtesy of the Commerce Department's arcane National Institute of Standards and Technology and the infamous National Security Agency.
Just last week, the two agencies signed "a letter of partnership" to set up a National Information Assurance Partnership designed to assist U.S. information security technology producers in achieving international competitiveness.
What's that? You missed it?
This initiative will "break new ground by providing both independent evaluators and product producers with objective measures" for evaluating the quality and security of these products, the agencies said. "In turn, this should result in increased consumer confidence in evaluated information security products," they said.
Goals of the partnership are:
Such a partnership is truly intriguing, even newsworthy. But the news release arrived by e-mail late on a Friday afternoon and government officials intimately familiar with the project could not be found to discuss the effort in any detail early this week.
- Promote demand and investment in security-enhanced products
- Move current evaluation and testing efforts from the federal government to accredited, private-sector laboratories, and
- Foster research and development in security tests, test methods and metrics.
In the release, the agencies promised more details at the NIAP grand opening in October during the National Information Systems Security Conference at the Baltimore Convention Center.
Seeking more immediate information about the effort, Washington Technology learned from a NIST Public Affairs contact that the person who is the NIAP program manager was on leave for the week.
Our resourceful news organization then turned to NSA Public Affairs, where an official informed us that the program manager for the project was on leave that day.
Granted it's August in Washington but something is wrong when the U.S. government announces plans to boost consumer and industry confidence in products and technologies people use to protect valuable information - in a virtual vacuum.
Government planners ought to take a page from their industry counterparts in the cutthroat computer business. These days, it's not uncommon for both in-house and outside public relations consultants at large and medium-sized companies to spend hours dotting the i's and crossing the t's for press announcements timed for release down to the last minute.
We're not advocating endless hours of deliberation but industry confidence in the government's ability to promote such efforts could be elevated with a little more forethought.
Certainly a delayed announcement might have afforded some industry leaders to get behind and possibly magnify this initiative. The White House's July e-commerce ceremony and subsequent sales campaign to persuade foreign governments to drop their barriers to cyberspace commerce springs to mind. The end result, after all, is to accelerate U.S. competition.
In the release, the agencies promise that the partnership will work closely with the NIST-administered National Voluntary Laboratory Accreditation Program to develop technical criteria that NVLAP or private-sector accreditors can use when they accredit testing labs. The partnership also will encourage the establishment of accredited, private-sector laboratories. The agencies said these labs will benefit from federal government technology transfer of security testing and evaluation capabilities. But how that will happen is not clear.
Other questions involve how the partnership will "employ the latest techniques" to develop product specification tools, testing methods and tests. Also fuzzy is how it will foster the creation of independent testing organizations and the certification processes they will use.
The answers to these and other questions must await the return of government officials doubtless in search of a late summer break.
©1997, TechNews. All rights reserved.