With the sudden resignation of National Telecommunications and Information Administrator David Redl on Thursday, the U.S. Commerce Department’s NTIA has updated its web page for Diane Rinaldo, formerly the Deputy Assistant Secretary for Communications and Information, and the now-acting administrator of the agency.
From the web site:
- Diane Rinaldo was sworn in as Deputy Assistant Secretary for Communications and Information at the Department of Commerce on April 20, 2018. On May 9, 2019, she became Acting Assistant Secretary for Communications and Information for the Department, and Administrator of the National Telecommunications and Information Administration, the Executive Branch agency principally responsible for advising the President on telecommunications and information policy.
- Focusing on cybersecurity and technology policy, Diane has extensive experience in government and the private sector throughout her career. She staffed the House Permanent Select Committee on Intelligence, where she was the lead committee staffer on Congress’ landmark cybersecurity legislation, the Cybersecurity Act of 2015. She also served as the oversight and budget monitor for the National Security Agency and the defense network systems, and served as Deputy Chief of Staff to Congressman Mike Rogers as his top technology policy staffer.
- Recognized for her work on cybersecurity, Rinaldo was awarded the Executive Women’s Forum’s 2016 Influencer of the Year award. She earned a bachelor’s degree in Political Science from the University of Maine and an Executive Certificate from the Kennedy School of Government at Harvard University for cyber studies.
Additionally, from among the comments issued today following the announcement of Redl’s resignation, were those of Federal Communications Commission Chairman Ajit Pai:
“David Redl is a longtime colleague, who served with distinction during his 18 months at NTIA. He was a vocal advocate within the Department of Commerce for repurposing federal spectrum for commercial use and fostering the private sector’s lead in 5G deployment.”
From Claude Aiken, CEO of the Wireless Internet Service Providers Association:
“David’s work at the Department of Commerce with the NTIA, and elsewhere in government, has had a profound and positive effect on the U.S. communications landscape. He was passionate about getting affordable broadband deployed to all Americans and advancing U.S. leadership in new technologies. WISPA especially appreciates all that David did with the myriad government stakeholders to help free-up more shared spectrum for commercial use. These important efforts, we hope, will carry forward at the NTIA.”
(Photo of Diane Rinaldo on a cybersecurity panel in 2015, when she was a staff member of the House Permanent Select Committee on Intelligence, and from the NTIA website.)
Companies Should Adopt Default No Trust Position on Programs to Protect Against Cyberattacks
Panelists identified risks in employees freely accepting links without thinking about their associated risks.
WASHINGTON, August, 24, 2022 – Companies should assume that new programs installed on company systems pose a threat to their networks to ensure a vigilant position on hacking risks, according to an expert on cybersecurity, after the country faced a number of high-profile cyberattacks recently.
The zero trust approach in which the default position is one of distrust of new programs was touted by Osman Saleem, cybersecurity and privacy director of operational technology and internet of things at professional services firm PricewaterHouseCoopers in Canada, who was speaking as a panelist on a Fierce Telecom event on Monday.
The event heard that the vast majority of security breaches at companies were a result of human error, including clicking on links containing malicious software (malware) that can wreak havoc on and suspend company systems. Data, in the case of a ransomware attack, can be locked away until the company pays a monetary sum to get it back.
Fred Gordy, director of cybersecurity at smart building company Intelligent Buildings, said companies sometimes don’t even back-up their systems in the event of an attack and only end up doing so in response to an attack.
Gordy also encouraged the zero trust approach to company security by assuming all digital programs and software have malware.
Opportunities for better cybersecurity
Saleem proposed that cybersecurity documents be reviewed and revised regularly because the cyber landscape always changes. This, he said, can protect the digital infrastructure of the companies’ systems, operations and employees.
Meanwhile, Congress has been pressing the issue, following the high-profile cyberattacks on software company SolarWinds, financial services company Robinhood, meat producer JBS, and oil transport company Colonial Pipeline. President Joe Biden earlier this year signed, as part of a larger budget bill, the Cyber Incident Reporting for Critical Infrastructure Act of 2022, which requires certain critical infrastructure companies to report cyberattacks to the federal government.
A House Oversight and Reform committee investigation concluded that certain hacks on companies were perpetrated through, in one example, an employee accepting a fake browser update. In the case of Colonial Pipeline and JBS, the use of many devices connected to the internet (IoT), the investigation found mass-produced factory password settings may have been the point of vulnerability.
Rep. Swalwell Says App Preference Bill Will Harm National Security
‘I just want to limit the ability for any bad actor to get into your device.’
July 27, 2022 – Antitrust legislation that would restrict the preferential treatment of certain apps on platforms would harm national security by making more visible apps from hostile nations, claimed Representative Eric Swalwell, D-Calif, at a Punchbowl News event Wednesday.
The American Innovation and Choice Online Act is currently under review by the Senate and, if passed, would prohibit certain online platforms from unfairly preferencing products, limiting another business’ ability to operate on a platform, or discriminating against competing products and services.
The legislation would ban Apple and Google from preferencing their own first-party apps on their app stores, which would make it easier for apps disseminated from hostile nations to be seen on the online stores, Swalwell said.
“[Russia and China] could flood the app store with apps that can vacuum up consumer data and send it back to China,” said Swalwell, adding that disinformation regarding American elections would spread. “Until these security concerns are addressed, we should really pump the breaks on this.”
Swalwell asked for a hearing conducted by Judiciary Committee of the House with the National Security Agency, Federal Bureau of Investigation, and Homeland Security officials to lay out what the bill would mean for national security.
“I just want to limit the ability for any bad actor to get into your device, whether you’re an individual or small business,” said Swalwell.
Lawmakers have become increasingly concerned about China’s access to American data through popular video-sharing apps, such as TikTok. Last month, Federal Communications Commissioner Brendan Carr called for Apple and Google to remove the app on the grounds that the app’s parent company, ByteDance, is “beholden” to the Communist government in China and required to comply with “surveillance demands.”
The comments follow debate surrounding the bill, which was introduced to the Senate on May 2 by Sen. Amy Klobuchar, D-Minn., on how it would affect small businesses and American competitiveness globally.
Government Should Incentivize Information Sharing for Ransomware Attacks, Experts Say
‘Information sharing between the government and the private sector, while integral to tackling ransomware, is inconsistent.’
WASHINGTON, July 27, 2022 – The federal government should incentivize the reporting of cyberattacks through safe harbor and shield laws, said experts at an Atlantic Council event Tuesday, as a recent law requiring companies in critical infrastructure sectors to report such attacks to the federal government is limited and currently unclear on who exactly it impacts.
The Cyber Incident Reporting for Critical Infrastructure Act passed in March does not cover private companies who do not operate in the critical infrastructure sectors and does not include safe harbor and shield laws that would encourage private companies to engage in the process.
Oftentimes, companies will avoid interacting with law enforcement to avoid the stigma associated with being a victim of a cyberattack and out of fear of being held liable by regulators and investors, said Trent Teyema, senior fellow at technology policy university collaborative GeoTech Center.
Teyema called for a safe harbor framework, a law that provides protection against legal liability when other conditions are met. Such a provision would decrease the risk of companies being held liable for cyberattacks from regulators, investors, and the public.
He also called for shield laws that would protect against revealing certain information to the government as a requirement for receiving law enforcement assistance.
The government needs to make it easy for the private sector to share information with law enforcement, said Teyema.
“Information sharing between the government and the private sector, while integral to tackling ransomware, is inconsistent,” read a report written by Teyema and David Bray, fellow at GeoTech Center. Information sharing across sectors allows cybersecurity experts in both sectors to learn about new vulnerabilities in software and new attack vectors. It strengthens collective resiliency and can influence the processes used to anticipate and respond to threats, continued the report.
Ransomware on the rise
Ransomware attacks in which bad actors demand money to release encrypted data are increasing dramatically, reported the White House last year. Ransomware incidents often disrupt critical services, such as banks, hospitals and schools that require constant access to data. In 2021, there was approximately $20 billion in damages from ransomware attacks in the United States, with $11 billion in 2020 and $5 billion the year before, said Bray.
This follows on the heels of the 2021 Colonial Pipeline hack that targeted the billing system and led to the shutdown of the largest fuel pipeline in the United States. The Russian-speaking cybercrime group responsible, DarkSide, received $4.4 million in ransom from Colonial, part of which was later recovered by the United States law enforcement.
Research firm Cybersecurity Ventures predicts that there will be a ransomware attack every two seconds by the year 2031 with global costs exceeding $265 billion.
- Tech Against Texas Social Media, Alabama Middle Mile Grant, IP3 Awards Bestowed
- State Broadband Maps Show Significantly Fewer Served Locations than Does FCC’s Map
- As LEO Industry Grows, FCC Adopts Rule to Limit Space Debris
- Shielding Broadband Grants from Taxes, American at ITU, Google Fiber Multi-Gig Speeds
- Public–Private Partnership Model ‘Most Effective Way’ to Address Digital Divide: AT&T Rep
- In Video Session, Christopher Mitchell Digs Into Community Ownership and Open Access Networks
Signup for Broadband Breakfast
Broadband Roundup4 weeks ago
AT&T Sues T-Mobile Over Ad, Nokia Partners with Ready, LightPath Expanding
Broadband Mapping & Data2 weeks ago
Broadband Mapping Masterclass on September 27, 2022
Broadband Mapping & Data3 weeks ago
FCC’s Fabric Challenge Process Important Part of Getting Map Right, Agency Says
WISP3 weeks ago
Wisper Internet CEO Takes Issue With Federal Government Preference for Fiber
Big Tech3 weeks ago
A White House Event, Biden Administration Seeks Regulation of Big Tech
Funding3 weeks ago
NTIA Middle Mile Director Stresses Need for Infrastructure to Withstand Climate Events
Fiber4 weeks ago
In ‘Office Hours’ Sessions, NTIA Addresses Questions of Middle Mile Grant Applicants
Broadband Roundup3 weeks ago
Cogent Buys T-Mobile Wireline, $81 Million from Emergency Connectivity Fund, Digital Redlining Study