WASHINGTON, Friday, February 17th, 2012 – The internet policy news and events service BroadbandBreakfast.com will hold its February 2012 Broadband Breakfast Club event.
“Cybersecurity Legislation in Congress: Where Does it Stand?” on Tuesday, February 21st, 2012 at Clyde’s of Gallery Place, 707 7th St. NW, Washington, DC 20001 from 8 am – 10 am.
American and Continental breakfasts are included. The program begins shortly after 8:30 a.m. Tickets to the event are $45.00 plus a small online fee.
Registration is available at http://broadbandbreakfast.eventbrite.com
The Broadband Breakfast Club is sponsored by Comcast, Google, ICF International (ICFI), The National Cable & Telecommunications Association (NCTA) the Telecommunications Industry Association (TIA) and US Telecom.
The Broadband Breakfast Club series meets on the third Tuesday of each month (except for August and December).
The Broadband Breakfast Club schedule can be viewed at http://broadbandbreakfastseries.eventbrite.com
Read our website for broadband news and event write-ups http://www.broadbandbreakfast.com
Videos of our previous events are available at: https://broadbandbreakfast.com/category/broadband-tv/
‘Cyber Security Legislation in Congress: Where Does it Stand?’ Event Description
The effort to move major cybersecurity legislation into the senate is longstanding. For at least three years there have been numerous hearings and dozens of legislative drafts – and yet, there are calls for more discussion and vetting.
February is turning out to be Cybersecurity Month in Washington, as multiple major cybersecurity legislative endeavors, with broad and deep implications for shoring up the US infrastructure, make their way through the house and senate. The question is, are all involved participants ready to actually move forward on this? And if so, will Congress be able to achieve sweeping cybersecurity legislation before the presidential election?
Examples of such bills include:
- The House Homeland Security Committee marking up the “Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act (PRECISE), which addresses multiple cybersecurity issues and creates a new information sharing organization, NISO.
- Energy and Commerce hearings in anticipation of the “Cyber Intelligence Sharing and Protection Act of 2011” which addresses information sharing.
- The “Cybersecurity Enhancement Act of 2011”, which addresses cybersecurity R&D, and passed through the Science and Technology Committee last year.
- The Cybersecurity Act of 2012 (S. 2105), which would direct the Department of Homeland Security to assess and determine what industries to classify as “critical infrastructure.”
- A comprehensive bill taking on FISMA reform, governmental authorities, critical infrastructure protection, R&D information sharing, data breaches and miscellaneous provisions.
Senior Policy Advisor to the Secretary
Internet Policy Task Force
United States Department of Commerce
Ari Schwartz serves as a Senior Policy Advisor to Commerce Secretary John Bryson. Schwartz helps to run the Department of Commerce’s Internet Policy Task Force, providing input on areas such as cybersecurity, privacy, and identity management and represents the Department on a range of policy-related interagency working groups. He came to the Department of Commerce through the National Institute of Standards and Technology where he served as Senior Internet Policy Advisor for the NIST Information Technology Laboratory. Prior to his work in Government, Schwartz served over 12 years as Vice President and Chief Operating Officer of the Center for Democracy and Technology. While at CDT Schwartz led the Anti-Spyware Coalition (ASC), anti-spyware software companies, academics, and public interest groups dedicated to defeating spyware. He won both the 2006 RSA and the 2010 Online Trust Alliance awards for Excellence in Public Policy. He was also named one of the Top 5 influential IT security thinkers of 2007 by Secure Computing and an emerging leader by both Government Executive and Politico
Internet Security Alliance (ISA)
Larry Clinton is the President of the Internet Security Alliance (ISA), a multi-sector trade association with membership from virtually every one of the designated critical industry sectors. The mission of the ISA is to combine advanced technology with economics and public policy to create a sustainable system of cyber security. Mr. Clinton is known for his ability to take the complicated issues in this space and explain them clearly to a wide range of audiences—professional, policy makers and the general public. He has been featured in mass media such as USA Today, the PBS News Hour, the Morning Show on CBS, Fox News, CNN’s Situation Room, C-SPAN, and CNBC. He has also authored numerous professional journal articles on cyber security. This year he has published articles in the Cutter IT Journal, the Journal of Strategic Security and the Journal of Software Technology. Mr. Clinton is regularly called upon to testify before both the U.S. House and Senate. In 2008, ISA published its Cyber Security Social Contract, which is both the first and last source cited in the Executive Summary of President Obama’s Cyber Space Policy Review and which also cites more than a dozen ISA white papers – far more than any other source. The ISA’s pro-market, anti-regulatory approach to cyber security is outlined in its numerous publications, including the “ISA Cyber Security Social Contract,” “The Social Contract 2.0: A 21st Century Program for Effective Cyber Security,” “The Financial Management of Cyber Risk: An Implementation Framework for CFOs,” and “The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask,” all of which were written by the ISA Board of Directors and edited by Mr. Clinton.
Senior Intelligence and Defense Advisor
Senator Harry Reid
Tommy Ross is Senior Intelligence and Defense Advisor to Senate Majority Leader Harry Reid of Nevada. In this capacity, he advises Senator Reid on national security matters, serves as an ex officio staff member to the Senate Select Committee on Intelligence, and is responsible for all compartmented “Gang of 8” intelligence matters for the Majority Leader. Prior to his service with Senator Reid, he served as Legislative Director for Rep. David Price of North Carolina’s Fourth District, and advised Rep. Price on issues relating to foreign affairs, defense, intelligence, veterans, and justice. He also provided program support for Rep. Price’s work as Chairman of the House Democracy Partnership, a congressional commission working to strengthen basic capabilities of legislatures in developing democracies. In addition, Tommy has worked as a national security policy analyst for the Senate Democratic Policy Committee, an arm of the Democratic Leader’s office, and as a research assistant for Senate Democratic Leader Tom Daschle. He is a graduate of Davidson College in North Carolina and earned an M.A. in Theology and Ethics from Union Theological Seminary in New York. He has also completed a certificate program through the U.S. Air Force’s Air Command and Staff College, and is a term member of the Council on Foreign Relations.
Minority Staff Director
Senate Homeland Security and Governmental Affairs Committee
Senior Policy Advisor to the Secretary
Internet Policy Task Force
United States Department of Commerce
Author, Speaker and Investigative Reporter
Technology Project Reporter, Reuters
Specializing in technology issues for Reuters, Joe previously worked for the Financial Times and the Los Angeles Times. He is the author of the 2010 influential bestseller “Fatal System Error: The Hunt for the New Crime Lords who are Bringing Down the Internet,” a real-life thriller that brought bring the modern face of cybercrime to a mainstream audience. “Fatal System Error” revealed new evidence of collaboration between major governments and organized cybercriminals and has been placed on the official reading list of the U.S. Strategic Command. It was named one of the ten best nonfiction works of the year by Hudson Booksellers and one of the top five business books by 1-800-CEO-READ. Compared by the New Yorker to the novels of Stieg Larsson, “Fatal System Error” has been translated into Japanese, Chinese and Korean.
Menn also wrote “All the Rave: The Rise and Fall of Shawn Fanning’s Napster,” which was named one of the three best books of 2003 by Investigative Reporters and Editors Inc. He has won two “Best in Business” awards from the Society of American Business Editors and Writers and has been a two-time finalist for the Loeb Awards for business reporting. Menn has spoken at top security industry conferences RSA, DefCon and Black Hat DC, industry gatherings in England, Canada, Australia and Spain, and training sessions convened by US bank regulators and federal law enforcement. He is a graduate of Harvard College and lives in San Francisco.
Background on BroadbandBreakfast.com
BroadbandBreakfast.com is in its fourth year of hosting monthly breakfast forums in Washington on internet policy issues. These events are on the record, open to the public and consider a wide range of viewpoints. Our Broadband Breakfast Club meets on the third tuesday of every month (except for August and December).
Our elected official keynotes have included Representatives Zoe Lofgren (D-CA), John Conyers (D-MI), Diane Watson (D-CA), Joe Barton (R-TX) and Rick Boucher (D-VA).
Our agency and commission official keynotes have included Deputy Undersecretary for Agriculture Dallas Tonsager, Julius Genachowski, Chairman FCC; Jonathan Adelstein, RUS Administrator; Anna Gomez, Deputy Assistant Secretary NTIA.
Our moderated discussion panels are comprised of leaders from a wide variety of organizations including government, industry, law firms, academia, nonprofit, journalism and many others.
Our audiences are equally diverse.
The keynote speech is followed by a moderated panel discussion in which audience participation is encouraged.
For More Information Contact:
Director of Marketing and Events
Despite Increasing Risk, Companies Are Still Not Prioritizing Cybersecurity
March 10, 2021 – Experts said Tuesday that cybersecurity should be one of the top priorities for every business, but many businesses still don’t consider it as such.
“I was not that surprised to see 50 percent of executives count it as a high priority,” said Chad Kliewer, the information security officer of Pioneer Telephone Cooperative, at a Tuesday webinar hosted by the Center for Strategic and International Studies.
“Let’s be honest, its not a moneymaker for most people,” he added.
Rep. James Langevin, D-R.I., who is chairman of the House Cyber, Innovative Technologies and Information Systems Subcommittee, was joined by several members of both the public and private sectors discussing cybersecurity for small and medium-sized businesses in the critical infrastructure industry. They used US Telecom’s recent 2021 Cybersecurity Survey as a backdrop for that discussion.
According to the survey, 26 percent of employees, versus 50 percent of executives, consider cybersecurity a high priority. Kliewer expressed disappointment about that gap, saying that for his company, he spends a lot of time focusing on employees and ensuring that they’re all informed on cybersecurity.
One challenge to be addressed to get businesses up to speed on cybersecurity is education and awareness.
Jeff Goldthorp of the Federal Communications Commission suggested on the webinar the possibility of federal agencies to providing “fairly robust and rich and large set of guidance and practices” to a smaller segment of the industry that “has a different set of needs or where the scale is smaller,” he said.
Ola Sage, CEO of CyberRx, expressed similar concern. There could be several reasons why employees don’t make cybersecurity as high a priority as executives, she said, including lack of mechanisms to communicate that message across the company, or employees believing that cybersecurity isn’t their personal responsibility. It comes back to the question of education and awareness, she said.
Langevin said cyber criminals often go after a broad range of targets, hoping to hit the easiest victims. “These criminals go after entities really with the weakest cybersecurity hygiene, which often unfortunately means small businesses,” he said. “Ransomware is rampant right now, and its hitting a lot of small businesses in addition to hospitals or school systems,” he said.
Langevin said cybersecurity monitoring is about “risk management,” which is an ongoing process.
The influence of foreign nation-state adversaries
The webinar came in the wake of other cybersecurity panels and congressional hearings on the recent SolarWinds cyberattack that infiltrated thousands of American companies and federal agencies. The hack is currently being blamed on Russia.
Langevin touched on the influence of foreign nation-state adversaries. “I want to make something perfectly clear: countries like Russia actively aid and abet cyber criminals,” he said.
“We’re really living in a golden age of cyber crime because there are countries, again, that allow and encourage criminals to operate within their borders,” he said. “While some of the talk of norms and the need for stronger cyber diplomacy may seem esoteric, I can really assure you that it is increasingly relevant to stopping the constant stream of intrusions targeting small businesses around the country,” he said.
Eric Goldstein, executive assistant director for cybersecurity at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said “adversaries of all types are targeting American businesses now.
“It is not just the case that if you are a company that has highly sensitive [intellectual property] or provides critical infrastructure that you are the only type of company at risk. We are now seeing adversaries, including criminal groups, that will launch what I call indiscriminate attacks targeting anybody in this country with a vulnerability,” he said.
“Every company in America is at risk,” he said, adding they need to “take urgent steps to manage vulnerabilities in their IT infrastructure.”
Senate Looks for Answers During First Public Hearing on SolarWinds Cyber Attack
WASHINGTON, February 24, 2021 – In the first public hearing on the topic since the SolarWinds cyberattack in December, industry leaders testified Tuesday before the Senate Intelligence Select Committee that there are still unanswered questions about the attack.
Those questions include who did it, how they did it, and what they wanted.
Although the attack colloquially assigns SolarWinds as the victim, many companies were affected, and it was the cybersecurity firm FireEye that first announced they had been infiltrated.
The hack, which occurred between March and June 2020 and targeted several companies and federal agencies, has been widely attributed to Russian intelligence. FireEye’s CEO Kevin Mandia and Microsoft President Brad Smith, both whom testified at the hearing, said the adversary was likely the Russians, but did not want to give an irrefutable affirmation.
“We all pretty much know who it is,” said Mandia.
Although there is not yet definitive proof, we are confident from the evidence that this was the Russian intelligence agency, said Smith.
As Broadband Breakfast reported Tuesday, SolarWinds’ CEO Sudhakar Ramakrishna said that the attack was very sophisticated and required extensive expertise, as it occurred in the software update supply chain environment.
The other witnesses agreed. Mandia explained that FireEye found the implanted code from thousands of hours of examining detailed assembly code that requires specialized knowledge to understand.
Although we’ve seen many cyberattacks in the past, the scale of this attack was new, said Smith. The level of expertise we saw here required at least a thousand very skilled, capable engineers, he said.
Mandia said that this attack has been in the works for a long time. “This has been a multi-decade campaign for them. They just so happen to—in 2020—create a backdoor SolarWinds implant,” he said.
“They did a dry run in October of 2019, where they put innocuous code into the SolarWinds build just to make sure the results of their intrusion made it into the SolarWinds production platform environment,” he said.
SolarWinds still does not yet know how the attacker penetrated the company’s supply chain environment, but has narrowed it down to a few possibilities, said Ramakrishna. He did not elaborate on details, emphasizing that the investigation was still under way.
The witnesses said that what the hackers wanted and everything they took is still a mystery. At this point, we still don’t know everything the attacker did—only the attacker does, said Smith.
Various senators asked what needs to be done now that the world knows about the attack. The witnesses said they need better partnerships between the public and private sectors, especially a confidential way to report cyberattacks to the government.
They also said that nations need to agree on “ground rules” for engaging in cyberwarfare. During war, we agree not to bomb ambulances or hospitals, and in the digital space there needs to be equivalent off-limit targets, said Smith. These should include software updates, because the entire world and every type of infrastructure, both digital and physical, relies on them, he said.
The House Oversight and Homeland Security Committees are scheduled to hold a similar hearing Friday.
SolarWinds CEO Says Hack Shows Need for Information-Sharing Between Industry and Government
February 23, 2021 – The data breach suffered by SolarWinds in December illustrates the need for better communications between industry and government, according to the CEO of the information tech company.
CEO Sudhakar Ramakrishna said Monday that it is important that the industry shares information because cyberattacks cannot be dealt with alone.
Ramakrishna and Suzanne Spaulding from the Center for Strategic & International Studies talked Monday about what SolarWinds and the industry had learned in the two months since the malicious attack.
“I see this as an organizational commitment to the community,” Ramakrishna said. “Why would a victim of a hack be out there talking about it? It is our obligation to do so,” he added.
Improving information sharing
Ramakrishna said there are three aspects of cyberwarfare that the community can improve on.
First, there needs to be more public and private partnerships between companies and governments to resolve these issues, which should also include protection and possible incentives for hacked victims to come forward publicly.
Second, the community needs to set better standards for itself, to reach for excellence instead of just compliance. We should do more than just check off the necessary boxes to meet requirements, he said.
Third, there needs to be better communication methods with government agencies, he noted. Ramakrishna lamented that dealing with different agencies slowed down their ability to find solutions and led to an “asymmetry of information” between the company and the government. He suggested there could be one government “clearinghouse” that communicates with companies and then disseminates the information to the necessary agencies.
The SolarWinds cyberattack, which many believe was Russian in origin, breached several prominent entities, including federal agencies, through a supply-chain software update in early 2020. Although SolarWinds initially thought up to 18,000 of its customers may have been affected, they’re learning that that number is actually much less than that, Ramakrishna said.
Neither he nor Spaulding could definitively say what the perpetrators wanted from the attack, but speculated that they had many objectives, including a few likely “prized assets,” according to Ramakrishna, and gathering details about the environments that they hacked.
They probably wanted more than just to look around—it was more than just a reconnaissance mission, Spaulding said.
Ramakrishna stepped into the CEO position at SolarWinds on January 4, and said he wasn’t expecting a malicious cyberattack to be the first priority of his new tenure, but said that he was prepared for circumstances like this from his previous experience.
He, as well as former SolarWinds CEO Kevin Thompson, will now testify in front of the U.S. House Oversight and Homeland Security Committees on Friday about the attack. to be held on Friday.
- Huawei’s Success In China A Win For Washington, Expert Says
- Partnerships And Trust Go Long Way To Securing Financing For Broadband Projects, Panelists Say
- Faster Rural Broadband Bill, Tools For Robocalls, Opposition To Instagram For Kids
- Telecoms Should Actively Build Broadband Infrastructure Through Road Developments
- Openreach Partners With STL For Fiber Build
- FCC to Vote On Emergency Connectivity Fund Policies By Mid-May: Rosenworcel
Signup for Broadband Breakfast
Artificial Intelligence3 months ago
Artificial Intelligence Aims to Enhance Human Capabilities, But Only With Caution and Safeguards
Fiber4 months ago
Smaller Internet Providers Were Instrumental to Fiber Deployment in 2020, Says Fiber Broadband Association
Privacy1 month ago
New Laws Needed on Capturing Data Collection From Mixed Reality, Experts Say
Artificial Intelligence1 month ago
Staying Ahead On Artificial Intelligence Requires International Cooperation
#broadbandlive1 month ago
Broadband Breakfast Live Online Wednesday, March 24, 2021 – The State of Online Higher Education
Cybersecurity3 months ago
Internet of Things Connected Devices Are Inherently Insecure, Say Tech Experts
White House3 months ago
Building Better Broadband Underscores Joe Biden’s Top Policy Initiatives
Broadband Roundup2 months ago
Getting Older Adults Connected, Nextlink Internet Partnership, Tacoma Convention Center Gains 5G Connectivity