Connect with us

Cybersecurity

With Resignation of David Redl, NTIA Updates Biography for Now-Acting Administrator Diane Rinaldo

Published

on

With the sudden resignation of National Telecommunications and Information Administrator David Redl on Thursday, the U.S. Commerce Department’s NTIA has updated its web page for Diane Rinaldo, formerly the Deputy Assistant Secretary for Communications and Information, and the now-acting administrator of the agency.

From the web site:

  • Diane Rinaldo was sworn in as Deputy Assistant Secretary for Communications and Information at the Department of Commerce on April 20, 2018. On May 9, 2019, she became Acting Assistant Secretary for Communications and Information for the Department, and Administrator of the National Telecommunications and Information Administration, the Executive Branch agency principally responsible for advising the President on telecommunications and information policy.
  • Focusing on cybersecurity and technology policy, Diane has extensive experience in government and the private sector throughout her career. She staffed the House Permanent Select Committee on Intelligence, where she was the lead committee staffer on Congress’ landmark cybersecurity legislation, the Cybersecurity Act of 2015. She also served as the oversight and budget monitor for the National Security Agency and the defense network systems, and served as Deputy Chief of Staff to Congressman Mike Rogers as his top technology policy staffer.
  • Recognized for her work on cybersecurity, Rinaldo was awarded the Executive Women’s Forum’s 2016 Influencer of the Year award. She earned a bachelor’s degree in Political Science from the University of Maine and an Executive Certificate from the Kennedy School of Government at Harvard University for cyber studies.

Additionally, from among the comments issued today following the announcement of Redl’s resignation, were those of Federal Communications Commission Chairman Ajit Pai:

“David Redl is a longtime colleague, who served with distinction during his 18 months at NTIA.  He was a vocal advocate within the Department of Commerce for repurposing federal spectrum for commercial use and fostering the private sector’s lead in 5G deployment.”

From Claude Aiken, CEO of the Wireless Internet Service Providers Association:

“David’s work at the Department of Commerce with the NTIA, and elsewhere in government, has had a profound and positive effect on the U.S. communications landscape. He was passionate about getting affordable broadband deployed to all Americans and advancing U.S. leadership in new technologies. WISPA especially appreciates all that David did with the myriad government stakeholders to help free-up more shared spectrum for commercial use.  These important efforts, we hope, will carry forward at the NTIA.”

(Photo of Diane Rinaldo on a cybersecurity panel in 2015, when she was a staff member of the House Permanent Select Committee on Intelligence, and from the NTIA website.)

Breakfast Media LLC CEO Drew Clark has led the Broadband Breakfast community since 2008. An early proponent of better broadband, better lives, he initially founded the Broadband Census crowdsourcing campaign for broadband data. As Editor and Publisher, Clark presides over the leading media company advocating for higher-capacity internet everywhere through topical, timely and intelligent coverage. Clark also served as head of the Partnership for a Connected Illinois, a state broadband initiative.

Cybersecurity

Lawmakers Should Incentivize Cybersecurity in Private Sector: Cisco Executive

One weak link can threaten the entire system.

Published

on

Photo of Jeetu Patel of CISCO

WASHINGTON, May 25, 2023 – A Cisco executive urged Congress at a Semafor event Thursday to provide more incentives for companies to ensure their cybersecurity posture is up to date. 

While Jeetu Patel, general manager of security at the information technology giant, didn’t specify what types of incentives can be used, he said the incentives must push private infrastructure to have high security standards. 

Both private and public sectors have a part to play in improving the nation’s security, he noted, adding private companies must build products that are secure by design. 

There is “tremendous” need for cross-nation coordination around cyberattacks, said Patel. He urged lawmakers to democratize cybersecurity by simplifying the process, adding the nation must be united to gain traction against attackers.

The cybersecurity industry has not made conversations simple to follow or technology easy to use, he said. Simplifying cybersecurity is the only way we can democratize it and when it’s democratized, it can be made universal, said Patel. 

He warned that the country cannot let the financial constraints of a few companies put the whole system at risk. Regardless of how affluent a country is, the weakest link controls the strength of the chain, he said. 

Artificial Intelligence will change cybersecurity fundamentally, he noted. It is important to remember that AI tools are also available to attackers. Currently, the majority of attacks stem from fraudulent emails which AI can make more personalized and difficult to discern from real communication, he said.  

Cybersecurity defenses must evolve

We need to develop an idea of civic responsibility for tech innovators and students in STEM fields, added Suzanne Spaulding, senior advisor of Homeland Security at the Center for Strategic and International Studies. Civic responsibility is the antidote to disinformation and is the change central to democracy, she continued.  

Spaulding warned companies against relying on existing cybersecurity measures. Resilience is about having layers of plans and assuming they all will fail, she said.  

This comes at a time of Congressional focus on cybersecurity. In March, two bills were introduced by Senators Jacky Rosen, D-Nev., and Marsha Blackburn, R-Tenn., to establish pilot programs in the Department of Defense and Homeland Security that would hire civilian cybersecurity personnel in reserve. 

In 2021, President Joe Biden signed an executive order on improving American cybersecurity capabilities following the Colonial Pipeline ransomware attack and SolarWinds breach in 2020.   

Continue Reading

Cybersecurity

Sector Specific Agencies a Resource for Cybersecurity Concerns

Federal agencies are equipped to support sectors dealing with cybersecurity concerns.

Published

on

Photo of Puesh Kumar of Department of Energy

WASHINGTON, May 16, 2023 – Sector specific agencies, federal departments responsible for infrastructure protection activities in a designated critical infrastructure sector, are prepared to address cybersecurity concerns across various industries, said witnesses at a House Energy and Commerce Committee hearing on Tuesday. 

Malicious actors are targeting U.S. infrastructure, said witnesses. In 2021, President Biden signed an executive order on improving American cybersecurity capabilities following the Colonial Pipeline ransomware attack and SolarWinds breach in 2020. 

In March, two bills were introduced by Senators Jacky Rosen, D-Nev., and Marsha Blackburn, R-Tenn., to establish pilot programs in the Department of Defense and Homeland Security that would hire civilian cybersecurity personnel in reserve. 

The Administration for Strategic Preparedness and Response addresses increasingly sophisticated and frequent attacks on hospital and public health centers by providing each hospital with personalized and specific instruction on mitigation and disaster response best practices. 

Cyberattacks on hospitals have a negative effect on the surrounding area similar to that of a natural disaster, claimed Brain Mazanec, deputy director of the Office of Preparedness at ASPR. There have been more than double cyber-attacks on hospitals from 2016 to 2021, he said. 

The Environmental Protection Agency is responsible for addressing water system cyberattacks, said David Travers, director of Water Infrastructure and Cyber Resilience Division at EPA. The EPA’s Evaluating Cybersecurity guidance is intended to assist states with building their own secure systems for water and sewer systems.  

It is essential that sector specific agencies develop strong relationships with sectors under their jurisdiction well before disastrous incidents occur, said Puesh Kumar, director of the office of cybersecurity at the Energy Security and Emergency Response at the Department of Energy. 

The Energy and Commerce Committee also participated in a markup of the Energy Emergency Leadership Act Tuesday which would amend the Department of Energy Organization Act to elevate the leadership of the DOE’s emergency response and cybersecurity functions. 

“Establishing assistant-secretary leadership at the department will reflect the importance of managing this threat,” said Subcommittee on Energy, Climate, and Grid Security Chair Jeff Duncan. 

The Act passed on unanimous vote to report to the full committee without amendment. 

Duncan also emphasized the importance of a strong domestic supply chain, calling for a “‘Made in America’ system for nuclear fuel” in order to “give the domestic industry the market certainty they need to invest and build out the necessary infrastructure.”

On June 27, Broadband Breakfast’s Made in America Summit will examine energy infrastructure and international supply chain issues in depth.

Continue Reading

Cybersecurity

Charter Suggests Network Authentication Layer for Equipment Certification

The telecom said manufacturers are in the best position to ensure security.

Published

on

Illustration from Security Architect

WASHINGTON, April 5, 2023 – Charter Communications is recommending the Federal Communications Commission require device manufacturers seeking equipment authorization to add a layer of authentication security to protect against cyberthreats.

In a letter to the commission on Friday, the telecommunications company suggested the commission require, as a condition of certification, devices pass a security authentication step to connect to the user’s network. When an internet-connected device connects to a network, it can also access sensitive information being shared on it – leaving the door open to malicious activity.

This “baseline” security “would erect a new barrier to prevent malicious actors from exploiting unauthorized or unidentified devices connected to consumer broadband networks without consumers’ knowledge or consent,” Charter said in its letter, following a meeting with FCC officials. “It would also be a simple and efficient way to address major cybersecurity vulnerabilities without the Commission needing to prescribe detailed cybersecurity requirements.”

“The most vulnerable devices often lack strong passwords and other basic security measures, which make them susceptible to malicious actors and frequent sources of harmful traffic across networks,” Charter added. “Devices that can connect to home networks without first being authenticated are also a significant source of cyber threats. And, despite various educational efforts, many consumers still never change the default passwords that come printed on their devices.”

The company noted that this practice is accepted by industry standards bodies and the broader security community and would relieve consumers of an additional burden when they come to connect their devices.

In conjunction with a November order that halted equipment authorizations from companies on a national security blacklist, the FCC is currently contemplating a proposal that would revamp the equipment authorization program to minimize cybersecurity threats and other malicious activity of foreign agents. The proposal asks whether it should ban component parts of a problematic device, and not just the manufactured product, and if it should require certification applicants to have a U.S.-based representative to ensure compliance.

As ubiquitous 5G connectivity takes hold in the country, more and more internet-connected devices are flooding the market.

“The proliferation of cybersecurity incidents in recent years and, particularly, the growing number of cyber threats that exploit unsecured IoT devices, underscores the need for more proactive efforts to deter and combat vulnerabilities before they reach consumers,” Charter noted in the letter, adding device manufacturers are in the “best position” to address these common security vulnerabilities.

Charter added that a combination of device manufacturer action on the authentication front and user action to additional security layers – through stronger passwords, for example – “will better protect Americans and US networks from the growing harm of cyber threats.”

The company said it actively strives to enhance security measures for its devices, including some of its newer routers requiring users to provide a unique credential to manage their home network instead of a default password. It said its routers also have pre-set security settings and undergo regular software updates.

FCC Commissioner Nathan Simington had previously advocated for mandating ongoing, as-needed cybersecurity updates to mitigate risks on wireless devices already in the hands of consumers.

Continue Reading

Signup for Broadband Breakfast News



Broadband Breakfast Research Partner

Trending