Connect with us

#broadbandlive

February 2012 Breakfast Club Recap: Cybersecurity Legislation in Congress, Performance Measures and Critical Infrastructure

Published

on

WASHINGTON, February 23, 2012 – Last week, after years of congressional hearings and dozens of legislative drafts, The Senate Homeland Security and Governmental Affairs Committee introduced the Cybersecurity Act of 2012 S.2105.  Senators Lieberman, Collins, Rockefeller and Feinstein introduced the bi-partisan legislation following a year of high profile cyberattacks on the Senate, CIA, FBI, Utility companies and most recently, the FTC.  February’s timely Broadband Breakfast Club  “Cybersecurity Legislation in Congress: Where Does it Stand?” brought together a panel of experts representing industry and multiple branches of government, to discern the future of the proposed legislation and possible hindrances towards its adoption.

Ari Schwartz, Senior Policy Advisor to the Secretary of Commerce, Internet Policy Task Force, United States Department of Commerce, gave the keynote address to kickoff the event.

Event Highlights

Complete Program

Schwartz began by reiterating FBI director Mueller’s statement that cybersecurity in this country is now out pacing the concerns over terrorism.  He started off by explaining the wide variety of threat actors, everyone from teenage hackers in their bedrooms, to organized crime, corporate espionage and the most dangerous, nation state espionage.

Schwartz made it clear that most of the work that has been accomplished in the cybersecurity space has been done through private sector led standards.   He believes that standards based organizations have been responsible for leading us where we are today. “The private sector has done the best job at building a network that is flexible, that has grown, that is open in its nature, and that has been an engine for new ideas and innovation.”

An issue he brought up was the role of the Department of Homeland Security in the proposed comprehensive cybersecurity legislation.  Referring back to the administration’s proposal on where legislation would be most helpful he noted, “What was DHS mandated to do?  Protect critical infrastructure.  The definition is broad and comes from the Patriot Act, but DHS currently has little authority to act in many of the needed sectors.”

Schwartz suggested that in order to give DHS the ability to ensure that the nation’s basic infrastructure is protected,there needs to be a narrowing of the definition of critical infrastructure, and that that could be done through a rulemaking process.  

For core critical infrastructure, Schwartz argued, progress toward cybersecurity will happen through agreed upon standardized performance measures towards which people can build utilizing the whichever technology they deem necessary. He urged a retreat from tech mandates.

Schwartz was then joined on a panel by Larry Clinton, President, Internet Security Alliance, Tommy Ross, Senior Intelligence and Defense Advisory for Senator Harry Reid, and Nick Rossi, Minority Staff Director, Senate Homeland Security and Government Affairs Committee.  Jennifer Martinez, Technology Reporter for Politico stepped in to moderate.

Most of the panel spoke positively about the bi partisan legislative effort, including the feedback from multiple committees, hearings and stakeholders over the past couple of years.

Clinton was the first to address a series of concerns about the legislation.  “We should be enacting creative and effective legislation and we have the opportunity to do that in this congress, the question is, what should “That” be. Industry is in support of info sharing, greater law enforcement, more research and development and educational components.”

Clinton’s biggest concern was the section of the Bill that grants DHS new undetermined authority.  He expressed that many on the industry side do not think the process, as laid out in the bill, would work. Particularly, that it would result in a lag time of 8-10 years before the performance requirements, that would be needed to regulate critical infrastructure, would be ready. “The regulatory process designed to deal with the technology of previous eras does not work with 21st century problems of cyber security.”

The correct model, stated Clinton, would account for market incentives, liability reform, better use of insurance, streamlined regulations, and better use of government procurement, so that there could be a change in the economics of cyber security.  Industry is currently investing enough to fulfill their own cybersecurity responsibility but cannot be asked to invest for national defense purposes as well, as it is not in their shareholders’ interest.

Clinton suggested alternative models such as industry collaboration with the DOJ, DOD and Commerce to create more market incentives for industries to update their systems. That, he said, “would be a dynamic motivator that moves much quicker and, we think, can have more security, faster, and that fits with economics and technology.”  Clinton added, “this Bill only deals with technology and not the economics, it describes how attacks occur but not why they occur.”

Rossi defended the bill by stating that the bill is not a traditional regulatory bill, that they have avoided technology mandates because they are aware that this is an area where technology outpaces regulation. So what they have proposed, is the development of performance requirements that are essentially best practices for the most crucial segments of our critical infrastructure and not something they expect to effect a wide swath of the private sector.  Rossi added that there are protections in the Bill that would “make sure that if there are existing regulations that satisfy the security needs of a sector that they can receive a waiver, and if there is a specific company that has already adopted sufficient security then it to can get a waiver.”

In addition, the Bill incorporates a Title included by Senator Feinstein that calls for improved information sharing “that would benefit not only critical infrastructure, but more broadly, those that are willing to participate in information exchanges with the government.”

Ross continued from Rossi’s statement, by addressing the idea of market incentives.  Ross believes there is challenge in relying solely on the market, as while in some situations there are sufficient incentives towards adoption of stronger security measures, in other cases market forces are inefficient. One issue being a lack of competition in certain markets, as in the energy utility field, where there are limited incentives to build cybersecurity into the network.  A second issue is that there are a wide range of threats and that the low probability, high risk attacks are the ones that could be the most devastating. Yet, the private sector is not ready to invest much in low probability scenarios. “In order to make sure that we are not vulnerable in those attacks, the government needs to be able to intervene in a very targeted manner for those specific attacks.”

Schwartz chimed in to add some thoughts about insurance and the low probability/ high consequence attacks.  “There is no market out there,” said Schwartz, and “mandating a market will not create a market. However, putting together performance requirements can help to build an insurance marketplace.”

In response to Ross’ comment about utilities, Clinton pointed out that the economics of the industry are already built into the regulatory structure and that government already has the mechanism to move in and work with those entities that have existing structures.

In the new world, Clinton continued, where the private sector is on the front lines of national defense, there are going to have to be new incentives.

With regards to insurance, Clinton agreed that insurance is one of the best motivators of pro social behavior and can certainly be used to drive more cybersecurity.  Clinton added that there are some antitrust statutes that need to be changed to get insurance companies to share more information.  “If information was shared, there would be a more realistic assessment of risk that would lower prices.  When you lower prices, more companies get into the market….when you push down prices, more people buy insurance and you get a virtuous cycle.”

One thing Ross mentioned is that they were working out, through DHS’ sector specific performance standards approach, the resolution of artificial market gaps. With regard to energy again, FERC and NRC have two different standards for meeting cybersecurity concerns for which DHS can serve a coordinating function to ensure that standards across sectors where there are regulatory entities, are working at a consistent level with no artificial unevenness.

To clarify performance standards Ross added, their focus is on “performance standards that focus on fixes in network design and are not affected by the exact origin of the individual threats.” He used air Gap.  Scada systems as an example.

Rossi added, “we are looking at existing regulatory regimes, deferring to primary regulators and taking advantage of requirements and regulations that are already in place, we are not trying to create additional layers.”  Rossi reiterated that they are not focusing on the actual technology but rather performance requirements that particular critical infrastructures or assets would need to work towards.  Further, that the liability protections built into the Bill are protections for punitive damages, but they are interested in finding additional ways to build more incentives into the bill.

When asked about the perceived urgency surrounding a potential massive attack on critical infrastructure within the next two years, Ross rejected the notion that it would take 8-10 years to put standards in place.  “The approach embodied in the bill is characterized by a nuanced, sophisticated understanding of the regulatory landscape and the threat landscape.  It is not a questions of whether we should or should not regulate, every sector is different with different needs, activity and regulatory environment.”  He added that “the Bill calls for DHS to do a risk assessment and prioritize the most critical infrastructure.”  In this Bill, DHS will not be charged with implementation, inspections or mandating specific infrastructure. The established performance requirements will be set and then left to the private sector, either through self certification or third party assessment, to determine whether they are in compliance

 

As Deputy Editor, Chris Naoum is curating expert opinions, and writing and editing articles on Broadband Breakfast issue areas. Chris served as Policy Counsel for Future of Music Coalition, Legal Research Fellow for the Benton Foundation and law clerk for a media company, and previously worked as a legal clerk in the office of Federal Communications Commissioner Jonathan Adelstein. He received his B.A. from Emory University and his J.D. and M.A. in Television Radio and Film Policy from Syracuse University.

#broadbandlive

Broadband Breakfast on December 7, 2022 – What to Expect from Congress on Social Media and Privacy Regulation

The American Data Privacy and Protection Act seemed primed to be the strongest federal privacy legislation ever passed

Published

on

Photoillustration from the Electronic Frontier Foundation

Our Broadband Breakfast Live Online events take place on Wednesday at 12 Noon ET. Watch the event on Broadband Breakfast, or REGISTER HERE to join the conversation.

Wednesday, December 7, 2022, 12 Noon ET – What to Expect from Congress on Social Media and Privacy Regulation

With both Republicans and Democrats having concerns about social media and data privacy, how will the new Congress tackle these issues in the 118th Congress next year? We’ll also review the status of the substantial American Data Privacy and Protection Act in the 117th Congress. At one point, it seemed primed to become the strongest federal privacy legislation ever passed. Now, it might not even make it to the House floor after opposition to its preemption provisions.

Meanwhile, the Big Tech privacy landscape is rapidly shifting: Apple’s steps toward consumer privacy are cutting into ad revenue for companies like Meta, and Federal Communications Commissioner Brendan Carr has called for a complete ban of TikTok over data privacy concerns. What, if anything, will the 118th Congress do in response?

Panelists:

  • Panelists have been invited
  • Drew Clark (moderator), Editor and Publisher, Broadband Breakfast

WATCH HERE, or on YouTubeTwitter and Facebook.

As with all Broadband Breakfast Live Online events, the FREE webcasts will take place at 12 Noon ET on Wednesday.

SUBSCRIBE to the Broadband Breakfast YouTube channel. That way, you will be notified when events go live. Watch on YouTubeTwitter and Facebook

See a complete list of upcoming and past Broadband Breakfast Live Online events.

Continue Reading

#broadbandlive

Broadband Breakfast on November 23, 2022 – Elon and Ye and Donald, Oh My!

How will Elon Musk’s acquisition of Twitter and Ye’s acquisition of Parler shape the social media landscape?

Published

on

See Twitter Takeover by Elon Musk Forces Conflict Over Free Speech on Social Networks, Broadband Breakfast, November 23, 2022

Our Broadband Breakfast Live Online events take place on Wednesday at 12 Noon ET. Watch the event on Broadband Breakfast, or REGISTER HERE to join the conversation.

Wednesday, November 23, 2022, 12 Noon ET – Elon and Ye and Donald, Oh My!

With Elon Musk finally taking the reins at Twitter after a tumultuous acquisition process, what additional new changes will come to the world’s de facto public square? The world’s richest man has already reinstated certain banned accounts, including that of former president Donald Trump. Trump has made his own foray into the world of conservative social media, as has politically polarizing rapper Ye, formerly Kanye West, currently in the process of purchasing right-wing alternative platform Parler. Ye is no stranger to testing the limits of controversial speech. With Twitter in the hands of Musk, Parler in the process of selling and Trump’s Truth Social sort-of-kind-of forging ahead in spite of false starts, is a new era of conservative social media upon us?

Panelists

  • Mark MacCarthy, Nonresident Senior Fellow in Governance Studies, Center for Technology Innovation, Brookings Institution
  • Mike Masnick, Founder and Editor, Techdirt
  • Randolph May, President, The Free State Foundation
  • Bret Swanson, Nonresident Senior Fellow, American Enterprise Institute
  • Drew Clark (moderator), Editor and Publisher, Broadband Breakfast

Panelist resources:

Mark MacCarthy is a Nonresident Senior Fellow in Governance Studies at the Center for Technology Innovation at Brookings. He is also adjunct professor at Georgetown University in the Graduate School’s Communication, Culture, & Technology Program and in the Philosophy Department. He teaches courses in the governance of emerging technology, AI ethics, privacy, competition policy for tech, content moderation for social media, and the ethics of speech. He is also a Nonresident Senior Fellow in the Institute for Technology Law and Policy at Georgetown Law.

Mike Masnick is the founder and editor of the popular Techdirt blog as well as the founder of the Silicon Valley think tank, the Copia Institute. In both roles, he explores the intersection of technology, innovation, policy, law, civil liberties, and economics. His writings have been cited by Congress and the EU Parliament. According to a Harvard Berkman Center study, his coverage of the SOPA copyright bill made Techdirt the most linked-to media source throughout the course of that debate.

Randolph May is founder and president of The Free State Foundation, an independent, non-profit free market-oriented think tank founded in 2006. He has practiced communications, administrative, and regulatory law as a partner at major national law firms. From 1978 to 1981, May served as Assistant General Counsel and Associate General Counsel at the Federal Communication Commission. He is a past Chair of the American Bar Association’s Section of  Administrative Law and Regulatory Practice.

Bret Swanson is president of the technology research firm Entropy Economics LLC, a nonresident senior fellow at the American Enterprise Institute, a visiting fellow at the Krach Institute for Tech Diplomacy at Purdue University and chairman of the Indiana Public Retirement System (INPRS). He writes the Infonomena newsletter at infonomena.substack.com.

Drew Clark (moderator) is CEO of Breakfast Media LLC, the Editor and Publisher of BroadbandBreakfast.com and a nationally-respected telecommunications attorney. Under the American Recovery and Reinvestment Act of 2009, he served as head of the State Broadband Initiative in Illinois. Now, in light of the 2021 Infrastructure Investment and Jobs Act, attorney Clark helps fiber-based and wireless clients secure funding, identify markets, broker infrastructure and operate in the public right of way.

Social media controversy has centered around Elon Musk’s Twitter, Ye’s new role in Parler, and former U.S. President Donald Trump

WATCH HERE, or on YouTubeTwitter and Facebook.

As with all Broadband Breakfast Live Online events, the FREE webcasts will take place at 12 Noon ET on Wednesday.

SUBSCRIBE to the Broadband Breakfast YouTube channel. That way, you will be notified when events go live. Watch on YouTubeTwitter and Facebook

See a complete list of upcoming and past Broadband Breakfast Live Online events.

Continue Reading

#broadbandlive

Broadband Breakfast on November 16, 2022 – How to Value Your Fiber Company

In the midst of what can only be described as a fiber boom, how should you value your fiber business?

Published

on

Our Broadband Breakfast Live Online events take place on Wednesday at 12 Noon ET. Watch the event on Broadband Breakfast, or REGISTER HERE to join the conversation.

Wednesday, November 16, 2022, 12 Noon ET – How to Value Your Fiber Company

The United States is currently in the midst of what can only be described as a fiber boom. Wireless and 5G technologies aren’t going away, but stringing fiber deeper into neighborhoods is necessary. And because of this understanding, fiber businesses can become very valuable. In this special session of Broadband Breakfast Live Online, we’ll explore the important question of how to value your fiber business.

Panelists:

  • Andrew Semenak, Managing Director, Pinpoint Capital Advisors
  • Angelo Lacroix, Investment Director, DIF Capital Partners
  • Jeff Johnston, Lead Communications Economist, CoBank
  • Drew Clark (moderator), Editor and Publisher, Broadband Breakfast

Andrew Semenak has over 20 years experience in corporate finance and investment banking with large global firms. He is the founding partner of Pinpoint Capital Advisors and has advised on numerous domestic and international capital raisings and mergers and acquisition transactions. Andrew’s relationships span leading small and mid market companies, private equity and infrastructure funds, pension plans, sovereign wealth funds, family offices, endowments and insurance companies.

Angelo Lacroix is an Investment Director covering core plus and value add infrastructure investments in North America for DIF Capital Partners with a strong emphasis on digital investments like fiber and data centers. DIF Capital Partners is a leading midmarket private equity infrastructure investor with over 14bn of assets under management. Angelo is a CFA Charterholder with over a decade of transaction experience and has previous global work experience at KPMG Corporate Finance as well as Macquarie Capital.

Jeff Johnston has over 25 years of telecom experience that includes 11 years as a Wall Street analyst covering tech media and telecom, and 13 years of product management and business development experience for telecom operators. He is currently a lead communications economist in the Knowledge Exchange research division for CoBank, a $160 billion commercial bank that finances rural infrastructure (communications, power and energy) and agriculture.

Drew Clark (moderator) is CEO of Breakfast Media LLC, the Editor and Publisher of BroadbandBreakfast.com and a nationally-respected telecommunications attorney. Under the American Recovery and Reinvestment Act of 2009, he served as head of the State Broadband Initiative in Illinois. Now, in light of the 2021 Infrastructure Investment and Jobs Act, attorney Clark helps fiber-based and wireless clients secure funding, identify markets, broker infrastructure and operate in the public right of way.

WATCH HERE, or on YouTubeTwitter and Facebook.

As with all Broadband Breakfast Live Online events, the FREE webcasts will take place at 12 Noon ET on Wednesday.

SUBSCRIBE to the Broadband Breakfast YouTube channel. That way, you will be notified when events go live. Watch on YouTubeTwitter and Facebook

See a complete list of upcoming and past Broadband Breakfast Live Online events.

Continue Reading

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Broadband Breakfast Research Partner

Trending