Connect with us

Broadband's Impact

Ex-Cybersecurity Czar, Subcommittee Chair Say NTIA-funded Networks Could Have Security Built In

WASHINGTON, March 10, 2009 – Rod Beckstrom, who resigned on March 6 after less than a year as director of the National Cybersecurity Center said Tuesday that the NTIA could use its rulemaking authority to mandate a baseline of open security standards in stimulus-funded network infrastructure.

Published

on

WASHINGTON, March 10, 2009 – Rod Beckstrom, who resigned on March 6 after less than a year as director of the National Cybersecurity Center, said Tuesday that the NTIA could use its rulemaking authority to mandate a baseline of open security standards in stimulus-funded network infrastructure.

Beckstrom spoke with BroadbandCensus.com after he attended, but did not testify at, a hearing before the House Homeland Security subcommittee on Emerging Threats, Cybersecurity, Science and Technology.

He reportedly resigned after equipment orders and leases of office space for his agency were canceled, and his boss, Homeland Security Secretary Janet Napolitano had not had a single meeting with him since she took office in January.

“It’s always easier to bake in security than it is to layer it on afterwards,” Beckstom said when asked if NTIA should include security as a criteria in awarding stimulus grants. The stimulus program is “an opportunity” to try and get things right the first time, he suggested. “When we move into new technologies, we often don’t look at security first.”

While Beckstrom wasn’t familar with the specifics of the NTIA grant process, he said he would support including security in grant criteria: “Obviously there is a benefit if we can get that incorporated into the process.”

Cybersecurity is increasingly important given the nation’s increasing reliance on networks in “every aspect of our lives,” said subcommittee chairwoman Yvette Clarke, D-N.Y. “It is easy to understand why this issue dominates our agenda…too many vulnerabilities exist on two many critical networks,” she said.

And the Bush strategy that “lacked teeth” needs to be replaced with one that places the White House at the top of the chain of command, while using “all of the tools of U.S. power in a coordinated fashion” while holding agencies accountable, she said. Clarke plans to hold two more hearings on cybersecurity topics this month.

The subcommittee hearing was “particularly timely,” given Beckstrom’s resignation, said Rep. Bennie Thompson, D-Miss., who chairs the full committee. While Thompson said he had been optimistic at Beckstom’s appointment, the Bush administration put him in a position without clear lines of authority or a budget, a “no-win situation.” Beckstrom “did not have experience working miracles,” he said – namely overcoming the domination of the National Security Agency in cybersecurity policy formation.

In his letter of resignation, Beckstrom cited the NSA’s incrasing role in protecting both military and government networks as a reason he was returning to Silicon Valley after being hand-picked to head the Bush administration’s “comprehensive national cybersecurity initiative.” The program is meant to protect all government networks against attacks.

In his opening statement, Thompson said there should be a “credible civilian cybersecurity capability” in the government. But it should interface with the NSA rather than being controlled by it, he said. Echoing Beckstrom’s assesment, he said: “I don’t think the answer to our problems in cyberspace comes from giving control of the entire Federal cybersecurity mission to the NSA.”

“Cyberspace should be declared a vital national asset,” said ranking member Daniel Lungren, R-Calif. These critical networks should be protected with a “well-crafted strategy,” he said,  utilizing public-private partnerships “based on trust and cooperation.”

But to date, efforts to protect those assets have not been successful, said Dave Powner, director of information technology management issues at the Government Accountability Office. While then-President Bush initiated several cybersecurity programs, Powner admitted that GAO has “yet to fully satisfy its cybersecurity responsibilities” as prescribed by the Bush strategies. And though GAO is developing new cybersecurity capabilities, Powner said “furher action needs to be taken to address these areas.”

The White House should be at the top of an “accountable, operational  cybersecurity organization,” specifically a new governance structure, Powner said.  Putting the White House will raise the profile of cybersecurity issues and make both public and private sector leaders more aware of emerging threats and problems, he said. And law enforcement capabilities – both national and international – should be improved by increasing cooperation among agencies and other nations, Powner suggested.

“Clearly, NTIA could have a role in [a cybersecurity strategy],” Powner said in an interview. “I think the important thing going forward is with the broadband deployment as it is today, we need to make sure that rollout is secure.” But NTIA’s position with regard to securing networks has been a subject of debate, the agency could certainly help with improving security, he said.

Protecting privacy and providing oversight should be priorities in any cybersecurity strategy, said Microsoft vice president Scott Charney. Before joining Microsoft in 1999, Charney was chief of the computer crime and intellectual property division of the Department of Justice.

“The information age has arrived, but the [U.S.] has not yet built a comprehensive national cyberspace security strategy,” Charney said.  Cybersecurity issues pose unique challenges that “transcend agency boundaries,” he said.

To meet those challenges, a strategy should be coordinated by one organization “responsible for ensuring that the government acts as one government,” Charney said. “If the government wants to use all the instruments of its power…the center of gravity must be in the White House.”

The role of the Homeland Security department should be to set standards – but not mandate specific technologies, he added. Specifying security requirements is “the appropriate role of DHS.”

Further hindrances to a cohesive cybersecurity strategy iinclude law enforcement emphasis on identifying attacks rather than preventing them, and tthe intelligence community’s obsession with classification, secrecy and hiding vulnerabilities rather than defeating them, said NetWitness Corporation CEO Amit Yoran, who helped start the U.S. Computer Emergency Response Team.

Even members of Congress have not been provided with cybersecurity plans developed by the Office of the Director of National Intelligence, “for ill-defined reasons,” he said. “[S]uch a broad overclassification is counterproductive to supporting an effective cyber defense.” And the lack of information sharing among agencies only provides advantages to adversaries, Yoran added.

The U.S. needs to rebuild its cybersecurity procurement systems and technical know-how, beginning at the lowest levels, said Oracle chief security officer Mary Ann Davidson. First, military and intelligence agencies should purchase software that is purpose built, rather than try to adapt and secure ill-designed products.

Congress should enact policy explicitly declaring a “21st century Monroe Doctrine,” Davidson said. Such a policy would encourage development of detection and response mechanisms, and provide a deterrent against all types of attacks against increasingly critical infrastructure, including “smart grid” components, she said.

And as critical infrastructure is built, Davidson said the builders should be trained to “think like a hacker” and assume systems will be attacked. But universities have not been responsive to teaching secure coding practices, she noted.

The lack of built-in security in NTIA-funded broadband networks thatt could become part of the grid is a matter of concern that will warrant additional hearings, Clarke said in an interview after the hearing. “I have been concerned…about our ability to embed some security measures [in broadband],” she said. “Things happen, security can be breached, and we’re at the point where we can understand how to ger that done.”

Andrew Feinberg was the White House Correspondent and Managing Editor for Breakfast Media. He rejoined BroadbandBreakfast.com in late 2016 after working as a staff writer at The Hill and as a freelance writer. He worked at BroadbandBreakfast.com from its founding in 2008 to 2010, first as a Reporter and then as Deputy Editor. He also covered the White House for Russia's Sputnik News from the beginning of the Trump Administration until he was let go for refusing to use White House press briefings to promote conspiracy theories, and later documented the experience in a story which set off a chain of events leading to Sputnik being forced to register under the Foreign Agents Registration Act. Andrew's work has appeared in such publications as The Hill, Politico, Communications Daily, Washington Internet Daily, Washington Business Journal, The Sentinel Newspapers, FastCompany.TV, Mashable, and Silicon Angle.

Health

FCC Proposes Notification Rules for 988 Suicide Hotline Lifeline Outages

The proposal would ensure providers give ‘timely and actionable information’ on 988 outages.

Published

on

Photo via Health and Human Services

WASHINGTON, January 26, 2023 – The Federal Communications Commission unanimously adopted a proposal to require operators of the 988 mental health crisis line to report outages, which would “hasten service restoration and enable officials to inform the public of alternate ways to contact the 988 Lifeline.”

The proposal would ensure providers give “timely and actionable information” on 988 outages that last at least 30 minutes to the Health and Human Services’s Substance Abuse and Mental Health Service Administration, the Department of Veteran Affairs, the 988 Lifeline administrator, and the FCC.

The commission is also asking for comment on whether cable, satellite, wireless, wireline and interconnected voice-over-internet protocol providers should also be subject to reporting and notification obligations for 988 outages.

Other questions from the commission include costs and benefits of the proposal and timelines for compliance, it said.

The proposal would align with similar outage protocols that potentially affect 911, the commission said.

The notice comes after a nationwide outage last month affected the three-digit line for hours. The line received over two million calls, texts, and chat messages since it was instituted six months ago, the FCC said.

The new line was established as part of the National Suicide Hotline Designation Act, signed into law in 2020.

Continue Reading

Health

FCC Eliminates Use of Urban-Rural Database for Healthcare Telecom Subsidies

The commission said the database that determined healthcare subsidies had cost ‘anomalies.’

Published

on

WASHINGTON, January 26, 2023 – The Federal Communications Commission adopted a measure Thursday to eliminate the use of a database that determined the differences in telecommunications service rates in urban and rural areas that was used to provide funding to health care facilities for connectivity.

The idea behind the database, which was adopted by the commission in 2019, was to figure out the cost difference between similar broadband services in urban and rural areas in a given state so the commission’s Telecom Program can subsidize the difference to ensure connectivity in those areas, especially as the need for telehealth technology grows.

But the commission has had to temporarily provide waivers to the rules due to inconsistencies with how the database calculated cost differences. The database included rural tiers that the commission said were “too broad and did not accurately represent the cost of serving dissimilar communities.”

FCC Chairwoman Jessica Rosenworcel gave an example at Thursday’s open meeting of the database calculating certain rural services being cheaper than in urban areas, when the denser latter areas are generally less expensive.

As such, the commission Thursday decided to revert the methods used to determine Telecom Program support to before the 2019 database order until it can determine a more sustainable method. The database rescission also applies to urban cost determinations.

“Because the Rates Database was deficient in its ability to set adequate rates, we find that restoration of the previous rural rate determination rules, which health care providers have continued to use to determine rural rates in recent funding years under the applicable Rates Database waivers, is the best available option pending further examination in the Second Further Notice, to ensure that healthcare providers have adequate, predictable support,” the commission said in the decision.

Healthcare providers are now permitted to reuse one of three rural rates calculations before the 2019 order: averaging the rates that the carrier charges to other non-health care provider commercial customers for the same or similar services in rural areas; average rates of another service provider for similar services over the same distance in the health care provider’s area; or a cost-based rate approved by the commission.

These calculations are effective for the funding year 2024, the commission said. “Reinstating these rules promotes administrative efficiency and protects the Fund while we consider long-term solutions,” the commission said.

The new rules are in response to petitions from a number of organizations, including Alaska Communications; the North Carolina Telehealth Network Association and Southern Ohio Health Care Network; trade association USTelecom; and the Schools, Health and Libraries Broadband Coalition.

“The FCC listened to many of our suggestions, and we are especially pleased that the Commission extended the use of existing rates for an additional year to provide applicants more certainty,” John Windhausen Jr., executive director of the SHLB Coalition, said in a statement.

Comment on automating rate calculation

The commission is launching a comment period to develop an automated process to calculate those rural rates by having the website of the Universal Service Administrative Company – which manages programs of the FCC – “auto-generate the rural rate after the health care and/or service provider selects sites that are in the same rural area” as the health care provider.

The commission is asking questions including whether this new system would alleviate administrative burdens, whether there are disadvantages to automating the rate, and whether there should be a challenge process outside of the normal appeals process.

The Telecom Program is part of the FCC’s Rural Health Care program that is intended to reduce the cost of telehealth broadband and telecom services to eligible healthcare providers.

Support for satellite services

The commission is also proposing that a cap on Telecom Program funding for satellite services be reinstated. In the 2019 order, a spending cap on satellite services was lifted because the commission determined that costs for satellite services were decreasing as there were on-the-ground services to be determined by the database.

But the FCC said costs for satellite services to health care service providers has progressively increased from 2020 to last year.

“This steady growth in demand for satellite services appears to demonstrate the need to reinstitute the satellite funding cap,” the commission said. “Without the constraints on support for satellite services imposed by the Rates Database, it appears that commitments for satellite services could increase to an unsustainable level.”

Soon-to-be health care providers funding eligibility

The FCC also responded to a SHLB request that future health care provider be eligible for Rural Health Care subsidies even though they aren’t established yet.

The commission is asking for comment on a proposal to amend the RHC program to conditionally approve “entities that are not yet but will become eligible health care providers in the near future to begin receiving” such program funding “shortly after they become eligible.”

Comments on the proposals are due 30 days after it is put in the Federal Register.

Continue Reading

Digital Inclusion

Broadband Breakfast Interview With Michael Baker’s Teraira Snerling and Samantha Garfinkel

Digital Equity provisions are central to state broadband offices’ plans to implement the bipartisan infrastructure law.

Published

on

Digital Equity provisions are central to state broadband offices’ plans to implement the Broadband Equity, Access and Deployment grant program under the bipartisan infrastructure law.

In this interview with Broadband Breakfast Editor and Publisher Drew Clark, Michael Baker International Broadband Planning Consultants Teraira Snerling and Samantha Garfinkel go into detail about the role of Digital Equity Act plans in state broadband programs.

Michael Baker International, a leading provider of engineering and consulting services, including geospatial, design, planning, architectural, environmental, construction and program management, has been solving the world’s most complex challenges for over 80 years.

Its legacy of expertise, experience, innovation and integrity is proving essential in helping numerous federal, state and local navigate their broadband programs with the goal of solving the Digital Divide.

The broadband team at Michael Baker is filling a need that has existed since the internet became publicly available. Essentially, Internet Service Providers have historically made expansions to new areas based on profitability, not actual need. And pricing has been determined by market competition without real concern for those who cannot afford service.

In the video interview, Snerling and Garfinkel discuss how, with Michael Baker’s help, the federal government is encourage more equitable internet expansion through specific programs under the Infrastructure Investment and Jobs Act.

The company guides clients to incorporate all considerations, not just profitability, into the project: Compliance with new policies, societal impact metrics and sustainability plans are baked into the Michael Baker consultant solution so that, over time, these projects will have a tremendous positive impact.

Continue Reading

Signup for Broadband Breakfast

Twice-weekly Breakfast Media news alerts
* = required field

Broadband Breakfast Research Partner

Trending