This post is part of a continuing DBR on Data series on Executive Order 13800 and updates on its implementation a year after passage.
The U.S. Department of Commerce and the Department of Homeland Security, through the National Telecommunications and Information Administration (NTIA), has released the final report on enhancing the resilience of the Internet and communications ecosystem against botnets and automated distributed threats.
Continue reading “Final Report on U.S. Government Policies and Public-Private Frameworks to Address Botnets, Security and Resiliency Challenges Released”
Mobile phones are ubiquitous extensions of our personal and professional lives and few think deeply about the tangled webs of software and hardware providers that formulate components to mobile phone fabricators. However, the Federal Trade Commission’s recent settlement with BLU Products represents an important reminder of the importance of appropriate vendor oversight in all phases of the manufacturing and sales process.
Continue reading “Mobile Phone Maker BLU Products Settles with FTC Resolving Allegations of Lax Data Security Practices”
The Federal Communications Commission (FCC) made headlines on March 26 when Chairman Ajit Pai proposed that the FCC bar several companies, in the name of national security, from participation in the FCC programs. The FCC plans to vote on this proposal at its next Open Meeting on April 17, 2018.
The proposal was prompted by letters he received from 18 Congressional leaders last December, which asserted the potential for compromised security of U.S. telecommunications networks through insecure equipment supply chains required FCC consideration. Chairman Pai responded to the Congressional letters by noting that FCC itself does not purchase or use the equipment from the named companies and would not intend to take service from a service provider that does. The Chairman however did not stop there; he is proposing that certain companies be barred from participating in the Universal Service Fund (USF) program that subsidizes carrier equipment.
Continue reading “FCC to Wade into the US Telecom Supply Chain in the Name of National Security”
On February 14, 2018, the National Institute of Standards and Technology (NIST) released a draft of its NIST Interagency Report 8200 (NISTIR 8200), which is intended to inform policymakers and standards participants in developing and implementing cybersecurity standards in and for IoT devices and systems. At a high level, the draft report is intended to:
- provide a functional description for IoT (Section 4);
- describe several IoT applications that are representative examples of IoT (Section 5);
- summarize the cybersecurity core areas and provides examples of relevant standards (Section 6);
- describe IoT cybersecurity objectives, risks, and threats (Section 7);
- provide an analysis of the standards landscape for IoT cybersecurity (Sections 8 and 9); and
- map IoT relevant cybersecurity standards to cybersecurity core areas (Appendix D).
Continue reading “NIST Releases Draft Report on IoT Cybersecurity Standards; Comments Due April 18”
The Secretaries of the Department of Commerce and the Department of Homeland Security, through the National Telecommunications and Information Administration (NTIA), in early January 2018 issued a draft report to further public discussion about enhancing the resilience of the Internet and communications ecosystem against botnets and other automated distributed threats. This report continues work initiated under Presidential Executive Order 13800, “Strengthening the Cyber Security of Federal Networks and Critical Infrastructure.” The report seeks additional public comment on known and evolving risks within and to the ecosystem and aims to forge consensus on what approaches warrant consideration for the government either to adopt or to encourage. Commenters are asked to evaluate a range of proposed goals and actions to achieve a more resilient ecosystem as well as to address the roles various stakeholders play in achieving and maintaining resiliency of the ecosystem nationally and globally. Comments are due on the draft report by February 12, 2018 and the final report is due the president by May 11, 2018.
Six principal themes emerged from the government’s analysis of prior comments on identifying and mitigating botnet and other cyber threats, namely that:
- Automated distributed attacks are a global problem;
- While effective tools exist, they are not widely used
- Products should be secured during all stages of their life cycle.;
- Improved education and awareness are necessary;
- Current market incentives are misaligned; and
- Automated distributed attacks are an ecosystem-wide challenge.
Continue reading “Battling Botnets – Evolving U.S. Government Policies and Frameworks to Address Security and Resiliency Challenges”
Over the course of the last year, a number of U.S. technology companies and associations, including Intel, Samsung and the Information Technology Industry Council (ITIC) initiated a process dubbed “the National IOT Strategy Dialogue” the purpose of which was to develop strategic recommendations for U.S. government policymakers on the Internet of Things.
The group recently issued a white paper capturing the recommendations they advocate that the U.S. government undertake or implement. These players suggest that for the U.S. to win the global race to test, develop and deploy beneficial IOT technologies, that the U.S. government needs a strategic roadmap.
Continue reading “Tech Companies Issue White Paper Recommending a National IOT Strategy”