Connect with us

Cybersecurity

BroadbandBreakfast.com Hosts Broadband Breakfast Club Event ‘Cybersecurity Legislation in Congress: Where Does it Stand?’ Tuesday, February 21st, in Washington, DC

Published

on

WASHINGTON, Friday, February 17th, 2012 – The internet policy news and events service BroadbandBreakfast.com will hold its February 2012 Broadband Breakfast Club event.

“Cybersecurity Legislation in Congress: Where Does it Stand?” on Tuesday, February 21st, 2012 at Clyde’s of Gallery Place, 707 7th St. NW, Washington, DC 20001 from 8 am – 10 am.

American and Continental breakfasts are included. The program begins shortly after 8:30 a.m. Tickets to the event are $45.00 plus a small online fee.

Registration is available at http://broadbandbreakfast.eventbrite.com

The Broadband Breakfast Club is sponsored by Comcast, Google, ICF International (ICFI), The National Cable & Telecommunications Association (NCTA) the Telecommunications Industry Association (TIA) and US Telecom.

The Broadband Breakfast Club series meets on the third Tuesday of each month (except for August and December).

The Broadband Breakfast Club schedule can be viewed at http://broadbandbreakfastseries.eventbrite.com

Read our website for broadband news and event write-ups http://www.broadbandbreakfast.com

Videos of our previous events are available at: https://broadbandbreakfast.com/category/broadband-tv/

‘Cyber Security Legislation in Congress: Where Does it Stand?’ Event Description

The effort to move major cybersecurity legislation into the senate is longstanding. For at least three years there have been numerous hearings and dozens of legislative drafts – and yet, there are calls for more discussion and vetting.

February is turning out to be Cybersecurity Month in Washington, as multiple major cybersecurity legislative endeavors, with broad and deep implications for shoring up the US infrastructure, make their way through the house and senate. The question is, are all involved participants ready to actually move forward on this? And if so, will Congress be able to achieve sweeping cybersecurity legislation before the presidential election?

Examples of such bills include:

  • The House Homeland Security Committee marking up the “Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act (PRECISE), which addresses multiple cybersecurity issues and creates a new information sharing organization, NISO.
  • Energy and Commerce hearings in anticipation of the “Cyber Intelligence Sharing and Protection Act of 2011” which addresses information sharing.
  • The “Cybersecurity Enhancement Act of 2011”, which addresses cybersecurity R&D, and passed through the Science and Technology Committee last year.
  • The Cybersecurity Act of 2012 (S. 2105), which would direct the Department of Homeland Security to assess and determine what industries to classify as “critical infrastructure.”
  • A comprehensive bill taking on FISMA reform, governmental authorities, critical infrastructure protection, R&D information sharing, data breaches and miscellaneous provisions.

Keynote Speaker:

Ari Schwartz

Senior Policy Advisor to the Secretary

Internet Policy Task Force

United States Department of Commerce

Ari Schwartz serves as a Senior Policy Advisor to Commerce Secretary John Bryson.  Schwartz helps to run the Department of Commerce’s Internet Policy Task Force, providing input on areas such as cybersecurity, privacy, and identity management and represents the Department on a range of policy-related interagency working groups. He came to the Department of Commerce through the National Institute of Standards and Technology where he served as Senior Internet Policy Advisor for the NIST Information Technology Laboratory. Prior to his work in Government, Schwartz served over 12 years as Vice President and Chief Operating Officer of the Center for Democracy and Technology. While at CDT Schwartz led the Anti-Spyware Coalition (ASC), anti-spyware software companies, academics, and public interest groups dedicated to defeating spyware. He won both the 2006 RSA and the 2010 Online Trust Alliance awards for Excellence in Public Policy. He was also named one of the Top 5 influential IT security thinkers of 2007 by Secure Computing and an emerging leader by both Government Executive and Politico

 

Panelists: 

Larry Clinton

President

Internet Security Alliance (ISA)

Larry Clinton is the President of the Internet Security Alliance (ISA), a multi-sector trade association with membership from virtually every one of the designated critical industry sectors. The mission of the ISA is to combine advanced technology with economics and public policy to create a sustainable system of cyber security. Mr. Clinton is known for his ability to take the complicated issues in this space and explain them clearly to a wide range of audiences—professional, policy makers and the general public. He has been featured in mass media such as USA Today, the PBS News Hour, the Morning Show on CBS, Fox News, CNN’s Situation Room, C-SPAN, and CNBC.  He has also authored numerous professional journal articles on cyber security. This year he has published articles in the Cutter IT Journal, the Journal of Strategic Security and the Journal of Software Technology. Mr. Clinton is regularly called upon to testify before both the U.S. House and Senate. In 2008, ISA published its Cyber Security Social Contract, which is both the first and last source cited in the Executive Summary of President Obama’s Cyber Space Policy Review and which also cites more than a dozen ISA white papers – far more than any other source. The ISA’s pro-market, anti-regulatory approach to cyber security is outlined in its numerous publications, including the “ISA Cyber Security Social Contract,” “The Social Contract 2.0: A 21st Century Program for Effective Cyber Security,” “The Financial Management of Cyber Risk: An Implementation Framework for CFOs,” and “The Financial Impact of Cyber Risk: 50 Questions Every CFO Should Ask,” all of which were written by the ISA Board of Directors and edited by Mr. Clinton.

 

Tommy Ross

Senior Intelligence and Defense Advisor

Senator Harry Reid

Tommy Ross is Senior Intelligence and Defense Advisor to Senate Majority Leader Harry Reid of Nevada. In this capacity, he advises Senator Reid on national security matters, serves as an ex officio staff member to the Senate Select Committee on Intelligence, and is responsible for all compartmented “Gang of 8” intelligence matters for the Majority Leader. Prior to his service with Senator Reid, he served as Legislative Director for Rep. David Price of North Carolina’s Fourth District, and advised Rep. Price on issues relating to foreign affairs, defense, intelligence, veterans, and justice. He also provided program support for Rep. Price’s work as Chairman of the House Democracy Partnership, a congressional commission working to strengthen basic capabilities of legislatures in developing democracies. In addition, Tommy has worked as a national security policy analyst for the Senate Democratic Policy Committee, an arm of the Democratic Leader’s office, and as a research assistant for Senate Democratic Leader Tom Daschle. He is a graduate of Davidson College in North Carolina and earned an M.A. in Theology and Ethics from Union Theological Seminary in New York. He has also completed a certificate program through the U.S. Air Force’s Air Command and Staff College, and is a term member of the Council on Foreign Relations.

Nick Rossi

Minority Staff Director

Senate Homeland Security and Governmental Affairs Committee

 

Ari Schwartz

Senior Policy Advisor to the Secretary

Internet Policy Task Force

United States Department of Commerce

 

Moderator:

 

Joseph Menn

Author, Speaker and Investigative Reporter

Technology Project Reporter, Reuters

Specializing in technology issues for Reuters, Joe previously worked for the Financial Times and the Los Angeles Times. He is the author of the 2010 influential bestseller “Fatal System Error: The Hunt for the New Crime Lords who are Bringing Down the Internet,” a real-life thriller that brought bring the modern face of cybercrime to a mainstream audience. “Fatal System Error” revealed new evidence of collaboration between major governments and organized cybercriminals and has been placed on the official reading list of the U.S. Strategic Command. It was named one of the ten best nonfiction works of the year by Hudson Booksellers and one of the top five business books by 1-800-CEO-READ. Compared by the New Yorker to the novels of Stieg Larsson, “Fatal System Error” has been translated into Japanese, Chinese and Korean.

Menn also wrote “All the Rave: The Rise and Fall of Shawn Fanning’s Napster,” which was named one of the three best books of 2003 by Investigative Reporters and Editors Inc. He has won two “Best in Business” awards from the Society of American Business Editors and Writers and has been a two-time finalist for the Loeb Awards for business reporting. Menn has spoken at top security industry conferences RSA, DefCon and Black Hat DC, industry gatherings in England, Canada, Australia and Spain, and training sessions convened by US bank regulators and federal law enforcement. He is a graduate of Harvard College and lives in San Francisco.

Background on BroadbandBreakfast.com

BroadbandBreakfast.com is in its fourth year of hosting monthly breakfast forums in Washington on internet policy issues. These events are on the record, open to the public and consider a wide range of viewpoints. Our Broadband Breakfast Club meets on the third tuesday of every month (except for August and December).

Our elected official keynotes have included Representatives Zoe Lofgren (D-CA), John Conyers (D-MI), Diane Watson (D-CA), Joe Barton (R-TX) and Rick Boucher (D-VA).

Our agency and commission official keynotes have included Deputy Undersecretary for Agriculture Dallas Tonsager, Julius Genachowski, Chairman FCC; Jonathan Adelstein, RUS Administrator; Anna Gomez, Deputy Assistant Secretary NTIA.

Our moderated discussion panels are comprised of leaders from a wide variety of organizations including government, industry, law firms, academia, nonprofit, journalism and many others.

Our audiences are equally diverse.

The keynote speech is followed by a moderated panel discussion in which audience participation is encouraged.

For More Information Contact:

Sylvia Syracuse

Director of Marketing and Events

BroadbandBreakfast.com

Sylvia@broadbandcensus.com

646-262-4630

 



Sylvia manages the Broadband Breakfast Club, on-the-record monthly discussion groups that meet on the THIRD Tuesday of each month. She has had a long career in non-profit development and administration, and has raised funds for technology and science education, and managed a project on health information exchange adopted by the State of New York. She understands community education and infrastructure needs for effective broadband access.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Cybersecurity

Cyber Notification Bill Critical, But Won’t Stop Bad Actors Entirely, Says Senator

Congress recently passed legislation including a requirement for critical infrastructure entities to notify government on cyber attacks.

Published

on

Photo of Senator Mark Warner, D-Virginia

WASHINGTON, March 15, 2022 – Mandatory cyber attack reporting is critical to keeping up cyber defenses against potential Russian attacks, a U.S. senator said, following the passing by Congress of legislation that would require certain companies to report such attacks within 72 hours.

But Senator Mark Warner, D-Virginia, and a former State Department cyber expert, said the bill will not stop bad actors entirely.

“We probably cannot be 100 percent effective on keeping the bad guys out,” Warner said Monday during a Center for Strategic and International Studies event discussing the Russian invasion of Ukraine. “We shouldn’t aim for 100 percent perfection on defense, but what we should aim for is this information sharing, so that we could then share with the private sector.”

The Cyber Incident Reporting for Critical Infrastructure Act of 2022, part of a larger budget bill, requires certain critical infrastructure owners, including in the communications, energy and healthcare sector, and operators to notify the Cybersecurity and Infrastructure Security Agency of cybersecurity on attack incidents in certain circumstances. It was passed by both chambers and President Joe Biden is expected to sign the bill into law soon.

The bill’s passing comes after a year of high-profile cyber attacks that targeted software companies, a meat producer and an oil transport firm. Following those attacks, lawmakers and cyber officials urged Congress to push the bill forward. Late last year, Secretary of State Antony Blinken announced the department intends to create a new cyber bureau to help tackle the growing challenge of cyber warfare.

It also comes as Russia continues its war in Ukraine, which some have suspected will ramp up global cyber attacks.

‘Shields up’

Chris Painter, president of the Global Forum on Cyber Expertise Foundation and former coordinator for cyber issues at the State Department, agreed with Warner on Monday, saying that he thinks “that we will see that [cybersecurity attack capability] is being held in reserve, so I think shields up is really the right approach for the U.S.

“With a dedicated adversary like Russia,” Painter said “you could be very good at defense, [but] they’re still going to get in.”

Warner, who said the notification requirement is a “giant step forward,” said the bill doesn’t “want to hold the company accountable, [but] we do want to go after malware actors.” He added this is about being resilient in the face of incoming attacks.

But in a January congressional hearing about cybersecurity, Ross Nodurft of the Alliance for Digital Innovation, warned Congress against an “overly prescriptive definition of a [cybersecurity] incident” to avoid running the risk of “receiving so many notifications that the incidents which are truly severe are missed or effectively drowned out due to the frequency of reporting.”

Continue Reading

Cybersecurity

Justin Reilly: Rising Ransomware Threats on Schools Require Better Approach to Cybersecurity

Ransomeware attacks are a costly lesson for educators.

Published

on

The author of this Expert Opinion is Justin Reilly, CEO of Impero Software

Since the advent of the pandemic, education has been in a state of vulnerable flux. The rapid embrace of technology, sparked by the need to introduce remote learning, has given many educators whiplash. They need time to normalize, but recent trends threaten their ability to do so.

Against the backdrop of technological chaos, opportunistic hackers have been targeting schools with heightened fervor, causing harmful delays and disruptions on both a systemic and financial level. It’s time for schools to start getting proactive about cybersecurity, or they risk paying a hefty tuition to learn why they should have acted sooner.

Education technology use is surging across the nation. A recent study showed ed-tech up 52 percent over pre-pandemic levels, with U.S. school districts using nearly 1,500 different digital tools on average each month. While these digital tools possess the power to ultimately streamline and transform classroom management for the better, teachers are still feeling overwhelmed by the number of technology solutions they’re being asked to implement.

This issue is being exacerbated by many tech-resistant districts and teachers being forced to catch up all at once. When the pandemic hit, using devices and technology in the classroom was no longer an option – learning quickly needed to be online and accessible. By now, the dam has fully broken on tech adoption and we’re only likely to see these trends accelerate. Of course, as other sectors have seen firsthand over the last two years, these unchecked developments often cast unsavory shadows.

An appealing target for hackers

School districts were already an appealing target for hackers ahead of the pandemic, but the rapid adoption of technology – often outstripping security measures equal to these digital strides – has effectively chummed the waters for malicious elements looking for a “soft” target.

Cyberattacks against school districts went up by 18 percent in 2020, the height of the pandemic. The trend has continued since and isn’t expected to slow down in 2022. Among attacks against school districts, ransomware – an attack that locks users out of files on their own systems and then demands ransom money to return their rightful access – is by far the most common variety.

Just a few weeks into 2022, there were already multiple major headlines involving ransomware targeting school districts. The biggest story was the hacking of education website service provider FinalSite, which shut down the websites of 5,000 schools and colleges. Another story involved the cancellation of classes for 75,000 students after the Albuquerque Public Schools district fell victim to a ransomware attack it had been fending off for several weeks.

Yet another case, also in New Mexico, affected the town of Truth & Consequences. The town suffered a cyberattack just after Christmas and, as of mid-January, had still not regained control of its computer systems.

There’s no time left for district leaders to drag their feet on cybersecurity. It can be tough, especially given budget challenges, but the gap between digital advancement and lacking cybersecurity presents too great of a risk for schools.

Make cybersecurity a priority in hiring 

So what can school districts do to prepare? The first step is to make cybersecurity a proper priority – and that includes budgeting and hiring. Many schools still don’t have dedicated cybersecurity officers, instead relying on – in many cases at best – a CIO who happens to be tech-savvy.

This is starting to turn around in light of recent events, with more and more schools hiring chief cybersecurity officers and point-persons. Keeping up with this trend will be critical for setting a strong foundation.

Budgeting will always be a challenge, of course, seeing as many school districts still don’t have any budget at all dedicated to cybersecurity. This needs to change, but some schools have started getting creative on this front in the meantime. One possibility is to fold cybersecurity efforts into operating budgets. Another timely approach is to capitalize on new and improved “cyber grants” being offered by federal and local governments to meet this increasing need.

The most important thing is simply not to be ad hoc about cybersecurity. School districts can proactively gather data to find out where their needs are, what the wants are from teachers, and how they can properly address them. It’s far better to start gathering this data early rather than wait until it’s too late.

Consider this: schools can either make the investment now or pay much more a short way down the road. Should a school or district become the victim of ransomware, they’ll have to pay both to resolve the immediate crisis and for cybersecurity upgrades, all of which will have been unbudgeted and leave them reeling long after the attack. The norms of education are changing, and priorities need to change with them.

Justin Reilly is the CEO of Impero Software, which offers a virtual private network solution for schools and also serves more than half of the Fortune 100. This Expert Opinion is exclusive to Broadband Breakfast.

Broadband Breakfast accepts commentary from informed observers of the broadband scene. Please send pieces to commentary@breakfast.media. The views reflected in Expert Opinion pieces do not necessarily reflect the views of Broadband Breakfast and Breakfast Media LLC.

Continue Reading

Cybersecurity

Preventing Cyber Attacks Lies With Security Hygiene and Multi-factor Authentication, Experts Say

Panelists said everyone who is connected should be prepared.

Published

on

Photo of Marc J. Krasney, Elizabeth Rogers, Vin Paladini, and Paul M. Kay in Thursday's webinar event.
Screenshot of Marc Krasney, Elizabeth Rogers, Vincent Paladini, and Paul Kay at Thursday's webinar event

WASHINGTON, March 1, 2022 – Security hygiene, multi-factor authentication, and employee training are key to preventing cyber attacks, experts said at a Federal Communications Bar webinar on Thursday.

“We’re all targeted” for cyber attacks, regardless of the size of the company, said Paul Kay, senior vice president and chief information officer of EchoStar Corporation, a provider of satellite and internet services.

Panelists flagged basic security hygiene as the best way to prevent cyber attacks. Kay spoke to the importance of not reusing credentials, activating multi-factor authentication, and being aware of the various kinds of fishing schemes, such as smishing, where suspicious links that are meant to bypass your security are sent via SMS on your phone.

According to John Ansbach, vice president at cyber security firm Stroz Friedberg, half of all cyber attacks were stopped by multi-factor authentication. “It’s not foolproof, but it works,” he said.

At an event early last month, the executive director of the National Cybersecurity Alliance, which has on its board members including Lenovo, Facebook and Microsoft, advocated for mandatory two-factor authentication, which requires another method to verify identity.

A lot of people who deal with sensitive information on a regular basis are now working from home and it’s never been more crucial to have good cyber security measures, added Elizabeth Rogers, partner at the Michael Best law firm. “We’re in a permanent hybrid workforce situation,” she said.

Cyber training

Training employees is also crucial to preventing and recovering from attacks, the experts said. According to Vincent Paladini, senior attorney at energy and water resource management firm Itron, 85 percent of cyber attacks involve a human element, and 61 percent involve credentials.

Good cyber security involves “training the workforce on all levels,” said Rogers. “We’re only as strong as our weakest link.”

Additionally, Kay recommended that larger businesses look at incident response firms. “If you’re a good-sized business, it makes good sense to take a look at these firms,” he said. “You need to be prepared to clean up the aftermath [of a cyber attack].”

Continue Reading

Recent

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Trending