Connect with us

Cybersecurity

BroadbandBreakfast.com Hosts Broadband Breakfast Club Event ‘Cybersecurity Legislation in Congress: Where Does it Stand?’ Tuesday, February 21st, in Washington, DC

Published

on

WASHINGTON, Friday, February 17th, 2012 – The internet policy news and events service BroadbandBreakfast.com will hold its February 2012 Broadband Breakfast Club event.

“Cybersecurity Legislation in Congress: Where Does it Stand?” on Tuesday, February 21st, 2012 at Clyde’s of Gallery Place, 707 7th St. NW, Washington, DC 20001 from 8 am – 10 am.

American and Continental breakfasts are included. The program begins shortly after 8:30 a.m. Tickets to the event are $45.00 plus a small online fee.

Registration is available at http://broadbandbreakfast.eventbrite.com

The Broadband Breakfast Club is sponsored by Comcast, Google, ICF International (ICFI), The National Cable & Telecommunications Association (NCTA) the Telecommunications Industry Association (TIA) and US Telecom.

The Broadband Breakfast Club series meets on the third Tuesday of each month (except for August and December).

The Broadband Breakfast Club schedule can be viewed at http://broadbandbreakfastseries.eventbrite.com

Read our website for broadband news and event write-ups http://www.broadbandbreakfast.com

Videos of our previous events are available at: https://broadbandbreakfast.com/category/broadband-tv/

‘Cyber Security Legislation in Congress: Where Does it Stand?’ Event Description

The effort to move major cybersecurity legislation into the senate is longstanding. For at least three years there have been numerous hearings and dozens of legislative drafts – and yet, there are calls for more discussion and vetting.

February is turning out to be Cybersecurity Month in Washington, as multiple major cybersecurity legislative endeavors, with broad and deep implications for shoring up the US infrastructure, make their way through the house and senate. The question is, are all involved participants ready to actually move forward on this? And if so, will Congress be able to achieve sweeping cybersecurity legislation before the presidential election?

Examples of such bills include:

  • The House Homeland Security Committee marking up the “Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act (PRECISE), which addresses multiple cybersecurity issues and creates a new information sharing organization, NISO.
  • Energy and Commerce hearings in anticipation of the “Cyber Intelligence Sharing and Protection Act of 2011” which addresses information sharing.
  • The “Cybersecurity Enhancement Act of 2011”, which addresses cybersecurity R&D, and passed through the Science and Technology Committee last year.
  • The Cybersecurity Act of 2012 (S. 2105), which would direct the Department of Homeland Security to assess and determine what industries to classify as “critical infrastructure.”
  • A comprehensive bill taking on FISMA reform, governmental authorities, critical infrastructure protection, R&D information sharing, data breaches and miscellaneous provisions.

Keynote Speaker:

Ari Schwartz

Senior Policy Advisor to the Secretary

Internet Policy Task Force

United States Department of Commerce

Ari Schwartz serves as a Senior Policy Advisor to Commerce Secretary John Bryson.  Schwartz helps to run the Department of Commerce’s Internet Policy Task Force, providing input on areas such as cybersecurity, privacy, and identity management and represents the Department on a range of policy-related interagency working groups. He came to the Department of Commerce through the National Institute of Standards and Technology where he served as Senior Internet Policy Advisor for the NIST Information Technology Laboratory. Prior to his work in Government, Schwartz served over 12 years as Vice President and Chief Operating Officer of the Center for Democracy and Technology. While at CDT Schwartz led the Anti-Spyware Coalition (ASC), anti-spyware software companies, academics, and public interest groups dedicated to defeating spyware. He won both the 2006 RSA and the 2010 Online Trust Alliance awards for Excellence in Public Policy. He was also named one of the Top 5 influential IT security thinkers of 2007 by Secure Computing and an emerging leader by both Government Executive and Politico

 

Panelists: 

Larry Clinton

President

Internet Security Alliance (ISA)

Larry Clinton is the President of the Internet Security Alliance (ISA), a multi-sector trade association with membership from virtually every one of the designated critical industry sectors. The mission of the ISA is to combine advanced technology with economics and public policy to create a sustainable system of cyber security. Mr. Clinton is known for his ability to take the complicated issues in this space and explain them clearly to a wide range of audiences—professional, policy makers and the general public. He has been featured in mass media such as USA Today, the PBS News Hour, the Morning Show on CBS, Fox News, CNN’s Situation Room, C-SPAN, and CNBC.  He has also authored numerous professional journal articles on cyber security. This year he has published articles in the Cutter IT Journal, the Journal of Strategic Security and the Journal of Software Technology. Mr. Clinton is regularly called upon to testify before both the U.S. House and Senate. In 2008, ISA published its Cyber Security Social Contract, which is both the first and last source cited in the Executive Summary of President Obama’s Cyber Space Policy Review and which also cites more than a dozen ISA white papers – far more than any other source. The ISA’s pro-market, anti-regulatory approach to cyber security is outlined in its numerous publications, including the “ISA Cyber Security Social Contract,” “The Social Contract 2.0: A 21st Century Program for Effective Cyber Security,” “The Financial Management of Cyber Risk: An Implementation Framework for CFOs,” and “The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask,” all of which were written by the ISA Board of Directors and edited by Mr. Clinton.

 

Tommy Ross

Senior Intelligence and Defense Advisor

Senator Harry Reid

Tommy Ross is Senior Intelligence and Defense Advisor to Senate Majority Leader Harry Reid of Nevada. In this capacity, he advises Senator Reid on national security matters, serves as an ex officio staff member to the Senate Select Committee on Intelligence, and is responsible for all compartmented “Gang of 8” intelligence matters for the Majority Leader. Prior to his service with Senator Reid, he served as Legislative Director for Rep. David Price of North Carolina’s Fourth District, and advised Rep. Price on issues relating to foreign affairs, defense, intelligence, veterans, and justice. He also provided program support for Rep. Price’s work as Chairman of the House Democracy Partnership, a congressional commission working to strengthen basic capabilities of legislatures in developing democracies. In addition, Tommy has worked as a national security policy analyst for the Senate Democratic Policy Committee, an arm of the Democratic Leader’s office, and as a research assistant for Senate Democratic Leader Tom Daschle. He is a graduate of Davidson College in North Carolina and earned an M.A. in Theology and Ethics from Union Theological Seminary in New York. He has also completed a certificate program through the U.S. Air Force’s Air Command and Staff College, and is a term member of the Council on Foreign Relations.

Nick Rossi

Minority Staff Director

Senate Homeland Security and Governmental Affairs Committee

 

Ari Schwartz

Senior Policy Advisor to the Secretary

Internet Policy Task Force

United States Department of Commerce

 

Moderator:

 

Joseph Menn

Author, Speaker and Investigative Reporter

Technology Project Reporter, Reuters

Specializing in technology issues for Reuters, Joe previously worked for the Financial Times and the Los Angeles Times. He is the author of the 2010 influential bestseller “Fatal System Error: The Hunt for the New Crime Lords who are Bringing Down the Internet,” a real-life thriller that brought bring the modern face of cybercrime to a mainstream audience. “Fatal System Error” revealed new evidence of collaboration between major governments and organized cybercriminals and has been placed on the official reading list of the U.S. Strategic Command. It was named one of the ten best nonfiction works of the year by Hudson Booksellers and one of the top five business books by 1-800-CEO-READ. Compared by the New Yorker to the novels of Stieg Larsson, “Fatal System Error” has been translated into Japanese, Chinese and Korean.

Menn also wrote “All the Rave: The Rise and Fall of Shawn Fanning’s Napster,” which was named one of the three best books of 2003 by Investigative Reporters and Editors Inc. He has won two “Best in Business” awards from the Society of American Business Editors and Writers and has been a two-time finalist for the Loeb Awards for business reporting. Menn has spoken at top security industry conferences RSA, DefCon and Black Hat DC, industry gatherings in England, Canada, Australia and Spain, and training sessions convened by US bank regulators and federal law enforcement. He is a graduate of Harvard College and lives in San Francisco.

Background on BroadbandBreakfast.com

BroadbandBreakfast.com is in its fourth year of hosting monthly breakfast forums in Washington on internet policy issues. These events are on the record, open to the public and consider a wide range of viewpoints. Our Broadband Breakfast Club meets on the third tuesday of every month (except for August and December).

Our elected official keynotes have included Representatives Zoe Lofgren (D-CA), John Conyers (D-MI), Diane Watson (D-CA), Joe Barton (R-TX) and Rick Boucher (D-VA).

Our agency and commission official keynotes have included Deputy Undersecretary for Agriculture Dallas Tonsager, Julius Genachowski, Chairman FCC; Jonathan Adelstein, RUS Administrator; Anna Gomez, Deputy Assistant Secretary NTIA.

Our moderated discussion panels are comprised of leaders from a wide variety of organizations including government, industry, law firms, academia, nonprofit, journalism and many others.

Our audiences are equally diverse.

The keynote speech is followed by a moderated panel discussion in which audience participation is encouraged.

For More Information Contact:

Sylvia Syracuse

Director of Marketing and Events

BroadbandBreakfast.com

Sylvia@broadbandcensus.com

646-262-4630

 



Sylvia manages the Broadband Breakfast Club, on-the-record monthly discussion groups that meet on the THIRD Tuesday of each month. She has had a long career in non-profit development and administration, and has raised funds for technology and science education, and managed a project on health information exchange adopted by the State of New York. She understands community education and infrastructure needs for effective broadband access.

Continue Reading
Click to comment

Leave a Reply

Cybersecurity

FCC Halts Authorization of Equipment That Threatens National Security

The FCC’s order prevents future authorizations of equipment on the commission’s “Covered List” of national security threats.

Published

on

Photo of FCC Commissioner Brendan Carr

WASHINGTON, November 28, 2022 – The Federal Communications Commission published Friday a modification of certification rules that will bar from United States markets technologies that are considered threats to national security.

The commission’s action seeks to prevent Chinese tech companies deemed to be national security threats – such as Huawei and ZTE – from gathering data on and surveilling American citizens. The Chinese Communist government can force, under law, private companies to hand over data from their products, thus putting Americans at risk, experts and government officials have said.

Friday’s action bars the commission from issuing further authorizations for covered technologies, without which those technologies may not be imported to or marketed in the United States. The action also closes loopholes that would allow certain products to skirt the authorization process.

“That does not make any sense,” said FCC Chairwoman Jessica Rosenworcel in a statement. “After all, there is little benefit in having these lists and these bans in place just to leave open other opportunities for this equipment to be present in our networks. So today we are taking action to align our equipment authorization procedures with the rest of our national security policies.”

The FCC already publishes a list of entities and products, on the advice of Public Safety and Homeland Security,  that pose national security risks. The commission has long shown skepticism toward such risky technologies, notably disallowing the use of universal service funds to buy certain products in 2019.

The rule covers many types of equipment, including base stations, phones, cameras, and Wi-Fi routers.

With this decision, the FCC has fulfilled a congressional mandate to enact a moratorium on equipment on the covered list within 12 months. The statute followed a notice of proposed rulemaking it issued last year.

Congress in 2017 forbade the Department of Defense from using telecommunications equipment or services from Huawei or ZTE. Building on that effort, Congress the next year expanded prohibitions on federal use of technology from those companies and three others. In 2019, in response to concerns over the integrity of communications networks and supply chains, the White House declared a national emergency.

In March 2020, then-President Donald Trump signed into law the Secure Networks Act, requiring the FCC to prohibit the use of moneys it administers for the acquisition of designated communications equipment. The act promoted the removal of existing compromised equipment through a reimbursement program – called Rip and Replace – and further directed the commission to create and maintain the covered list.

FCC Commissioner Brendan Carr, outspoken on national security issues, celebrated Friday’s decision, but called for further action.

“We must also vigilantly monitor compliance with the rules we’ve established today, including by ensuring that entities do not make an end run around our decision by ‘white labeling’ covered gear – a process that involves putting a benign or front group’s name on equipment that would otherwise be subject to our prohibitions,” Carr said in a statement.

Rosenworcel said in her statement that the order covers “re-branded or ‘white label’ equipment that is developed for the marketplace. In other words, this approach is comprehensive.”

Carr also once again called for federal action against TikTok, the Chinese built social media app. The video-sharing app gathers extensive data on users, and despite protestations to the contrary, the platform routinely feeds Americans’ information to the Chinese government, reports say.

“Secure networks mean little if insecure applications are allowed to run, sweep up much of the same sensitive data, and send it back to Beijing,” Carr said.

Continue Reading

China

Report Urges States, Local Governments Follow Federal Rules on Prohibited Equipment Purchases

Only a handful of states have crafted their purchasing decisions after federal rules banning certain companies’ equipment.

Published

on

Members of the Center for Security and Emerging Technology at Georgetown University

WASHINGTON, November 14, 2022 – A think tank is recommending state and local governments align their rules on buying technology from companies with federal guidelines that prevent agencies from purchasing certain prohibited foreign technology, such as ones from Chinese companies.

The Center for Security and Emerging Technology at Georgetown University notified the Federal Communications Commission late last month of a report released that month regarding what it said was a concerning trend of state and local governments having outdated procurement policies that are seeing them purchase equipment banned for federal purchase.

“State and local policymakers should not be expected to independently analyze and address the threats posed by foreign technology, but it would behoove them to align their own procurement practices with the rules set by the federal government,” the report recommends.

The FCC has a list of companies, as required by the Secure and Trusted Communications Networks Act of 2019, that it updates on a rolling basis through commission votes that it says pose a national security threat to the country’s networks. It last updated the list in September, when it added Pacific Network Corp. and China Unicom Operations Ltd. to the growing list that already includes Huawei and ZTE.

Chinese companies and following Communist Party directions

U.S. officials and experts have warned that Chinese companies operating anywhere in the world must follow directions of the Chinese Communist Party, which they say could mean anything from surveillance to American data falling into the hands of that government.

The report notes at least six state governments had their networks breached by a state-sponsored Chinese hacking group between May 2021 and February 2022.

The only states that have enacted local regulations aligned with federal provisions are Florida, Georgia, Louisiana, Texas, and Vermont, the report said. Provisions in Georgia and Texas prohibit private companies from entering into agreements with the covered companies. Vermont, Texas and Florida provisions block state entities from purchasing equipment from countries like China, Russia, Iran, North Korea, Cuba, Venezuela and Syria. Louisiana and Georgia provisions ban public-funded schools from buying prohibited technology.

The remaining 45 states do not explicitly target the equipment and services they produce, nor are they directly responsible for following federal provisions, the report said, leaving state entities vulnerable in obtaining equipment from third party contractors that could pose a security risk.

“Many government entities also lack the in-house technical expertise and procedures to understand and address such threats in the first place, and those that do may prioritize addressing immediate threats like ransomware over the more abstract risks posed by foreign ICTS,” the report said.

Section 889 of the 2019 National Defense Authorization Act is one out of four federal provisions addressing the issue, prohibiting federal agencies from using equipment and services from Huawei, ZTE, Hikvision, Dahua and Hytera as well as working with contractors that use the equipment.

Prohibited products finding their way in

In some cases, the report said, the listed companies will sell their products to third party contractors that are not listed on Section 889 to bypass regulations, according to the report. Due to the low cost of Chinese equipment, public schools and local governments will purchase from the third-party entities that are unknowingly selling prohibited equipment, it added.

“These ‘middle-man’ vendors can mask the origin of their products, which creates major challenges for organizations aiming to keep certain equipment and services off their networks”, the report reads.

“Currently, contractors are responsible for self-certifying that their products and internal networks do not contain covered [products]” and “… inspecting the IT infrastructure—equipment, services, and components – of every contractor that does business with the federal government would require a staggering level of resources, making it difficult for agencies to conduct effective oversight.”

Continue Reading

Cybersecurity

Internet of Things Devices May Provide a Weak Point for Cybersecurity, Says CableLabs

But every device is a potential way into its network, and the recent explosion of IoT devices presents security risks.

Published

on

Screenshot of Brian Scriber, vice president of security and privacy technologies at CableLabs.

WASHINGTON, November 9, 2022 – Since Internet-of-Things appliances are prime “landing spot[s]” for cyber-attackers looking for network access, industry standards and open-source resources are important to maintaining cybersecurity at the device level, said Brian Scriber, vice president of security and privacy technologies at CableLabs, a non-profit the innovation arm of the cable industrylab.

“The mark that we’re really shooting for is how do we get some industry-led initiatives to really make a difference on the… supply” (of IoT devices),” Scriber said Tuesday on during a cybersecurity panel at the American Enterprise Institute, a conservative think tank.

IoT refers to network-connected devices that can interact with their environments. IoT devices can be refrigerators, thermostats, home-security systems, health-monitoring devices, and much else. But every device is a potential way into its network, and the recent explosion of IoT devices presents security risks.

“If you are an attacker, finding a vulnerable device like a lightbulb is fantastic because it has power constantly, it has the computational ability to be able to engage, you gave it network credentials when you brought it on your network,” Scriber argued. And e

Even a secure network can’t protect against the cyber risks associated with vulnerable devices, he added.

In addition to device security, overall network security is crucial and can be enhanced by limiting communication between devices, suggested said Katerina Megas, program manager of the Cybersecurity for Internet of Things Program at the National Institute of Standards and Technology, a federal agency responsible for technical calibration and standard-setting.

“There has to be an ecosystem approach,” Megas said.

In October, President Joe Bidens administration announced preliminary steps towards a cybersecurity labeling system for IoT devices.

By developing and rolling out a common label for products that meet by U.S. Government standards and are tested by vetted and approved entities, we will help American consumers easily identify secure tech to bring into their homes,” the White House said.

Continue Reading

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Broadband Breakfast Research Partner

Trending