Digital Discourse / Archives for cybersecurity

Digital Policy Roundup: Administration Seeks Input on Data Privacy, Cyber Legislative Proposals Proliferate and NIST Releases Draft Security Guidance with Cloud and Mobile Implications

March 6, 2012 By

Administration Seeks Input on Data Privacy

As a follow-up to the release of the White House Privacy Report, the DOC National Telecommunications and Information Administration (NTIA) has formally requested comment on what issues should be addressed through the privacy multi-stakeholder process, as well as procedures to foster the development of these codes. Comments are due by March 26th.

Consistent with indications from Administration officials, the Federal Register Notice explains that while the NTIA plans to facilitate the development of enforceable codes of conduct that implement the full Consumer Privacy bill of Rights proposed in the Report, as a start to the process “NTIA seeks to conduct a privacy multi-stakeholder process focused on a definable area where consumers and businesses will receive the greatest benefit in a reasonable timeframe.”

Among the list of potential topics, the list of potential topics supplied by NTIA includes: mobile apps and associated issues, cloud computing services, accountability mechanisms, online services directed towards children and teens, trusted identity systems, such as NSTIC, and data collection from various technologies.

Cyber Legislative Proposals Proliferate

Following the release last week of a new cybersecurity legislative proposal, the Secure IT Act, offered by Sens. John McCain (R-Ariz.), Kay Bailey Hutchison (R-TX) and several other Republicans, Reps. Mary Bono Mack (R-CA) and Marsha Blackburn (R-TN) announced Monday their intention to introduce companion legislation. Sponsors have offered the legislation as an alternative to the Cybersecurity Act (S. 2105), introduced last month by Sens. Joe Lieberman (I-CT) and Susan Collins (R-ME), that would not give the Homeland Security Department the power to require critical computer systems to meet certain security standards, and both bills propose to enhance cybersecurity information sharing, reform FISMA, increase cybersecurity R&D and enhance cybercrime enforcement.

And at a time when cybersecurity is becoming an increasingly partisan issue, House E&C Subcommittee Chair Greg Walden (R-OR), in conjunction with the upcoming hearing on Wednesday, announced the formation of a bipartisan Communications and Technology Cybersecurity Working Group, which will include Reps. Lee Terry (R-NE), Anna Eshoo (D-CA), Doris Matsui (D-CA), Bob Latta (R-OH), Michael Doyle (D-PA) and Adam Kinzinger (R-IL).

NIST Security Guidance with Implications on Cloud and Mobile

Last Wednesday, NIST released a draft revision to Federal Guidelines on Security and Privacy Controls for Federal Information Systems and Organizations. Known as SP 800-53, the recent revision results from a year-long initiative to update the content of the security controls catalog and the guidance for selecting and specifying security controls for federal information systems and organizations, seeking to handle “insider threats, supply chain risk, mobile and cloud computing technologies, and other cyber security issues.” In announcing the document, NIST highlighted that “in most instances, with the exception of the new privacy appendix, the new controls and enhancements are not labeled specifically as “cloud” or “mobile computing” controls or placed in one section of the catalog. Rather, the controls and enhancements are distributed throughout the control catalog in various families and provide specific security capabilities that are needed to support those new computing technologies and computing approaches.

Indian Gov. Adopts New Localization Procurement Rule

India has recently approved a new procurement rule that imposes a preference for domestically manufactured electronic products. Specifically, the rule creates a 30% domestic content requirement on an ill-defined range of electronic products and services. Not only does the rule explicitly target laptops and computers, but it could also extend to any software, application or electronic content that the Indian government might deem to be covered. SIIA is working with other leading trade associations to urge the U.S. government to engage strongly with the government of India to rollback this protectionist policy.


Learn more about key policy developments affecting the software and digital content communities with Digital Policy Roundup.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Digital Policy Roundup, Policy Tagged With: , , ,

Digital Policy Roundup: Cyber bills proliferate in Sen., Admin Privacy Reports, and SIIA Conference focuses on Dig. Learning Policy

February 22, 2012 By

Cybersecurity
On the same day that the Sen. Homeland Security Committee held a high profile hearing to discuss the Cybersecurity Act of 2012 (S. 2105), Sen. McCain (R-AZ), Kay Bailey Hutchison (R-TX) and four other Republicans announced their intention to introduce an alternative cybersecurity bill after Congress returns from the President’s Day recess. It will include measures to reform FISMA and facilitate information sharing between the government and private sector about cyber threats, among other things.

Also, following the introduction of S. 2105 last week, Sen. Leahy introduced new legislation to address the law enforcement component of cybersecurity (see summary). The legislation closely tracks Title I of Leahy’s Personal Data Privacy and Security Act of 2011 (S. 1151), which passed out of Committee last year, and is intended to be offered as an amendment when cyber is considered on the Senate floor.

FTC releases App. Privacy Report, Long Awaited DOC Report Expected Thursday
Last week, the FTC issued a staff report regarding the results of a survey of mobile apps for children. The Report, “Mobile Apps for Kids: Current Privacy Disclosures Are Disappointing,” asserts that mobile apps can capture a broad range of user information from a mobile device automatically, including the user’s precise geolocation, phone number, list of contacts, call logs, unique identifiers, and “highlights the lack of information available to parents prior to downloading mobile apps for their children, and calls on industry to provide greater transparency about their data practices.” Additionally, a report from POLITICO has the DC privacy community abuzz with anticipation that the long awaited Dept. of Commerce Privacy Report will be released at a White House privacy event scheduled for this Thursday.

SIIA Ed-Tech Policy Conference to Focus on Digital Learning Needs
As outlined by U.S. Education Secretary Arne Duncan more than a year ago, the New Normal in education is the challenge of “doing more with less” in our pK-20 education system. SIIA continues to support our education system’s efforts to reimagine and retool by personalizing learning and leveraging technology and digital learning. SIIA’s upcoming Ed Tech Government Forum will bring SIIA member technology and education entrepreneurs together with national, state and local education leaders to dialogue about the policies of the “New Normal.

Payroll Tax Holiday Advances Sans Key Tech Tax Provisions
The final payroll tax holiday extension package agreed to last week and expected to be signed by the President later this week does not extend key tech industry tax provisions such as the expired R&D tax credit or extension of the 100 percent bonus depreciation provision for qualified property placed in service before 2013.

ICANN/Domain Name Application Update
ICANN stated that, thus far, 100 applicants have applied for new gTLDs during the current January 12-April 12 application period. The ICANN Board also reaffirmed that there will be a second gTLD registration period at some point after the first window is over.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Digital Policy Roundup Tagged With: ,

Digital Policy Roundup: Sen. Cyber Bill Introduced, IT and IP implications of FY13 Budget, and Patent Reform Rules Proposed

February 14, 2012 By

Cyber

The long-awaited Senate comprehensive cybersecurity legislation, the Cybersecurity Act of 2012, was officially introduced this afternoon by Sens. Joe Lieberman (I-CT), Susan Collins (R-ME), Jay Rockefeller (D-WV) and Dianne Feinstein (D-CA).  And Sen. Lieberman’s Homeland Security Cmte. will hold a legislative hearing on Thursday.

SIIA issued a statement in response to the legislation expressing support for the significant progress in striking a balance between preserving innovation and identifying and regulating critical infrastructure, and urging swift, bipartisan support for legislation that would advance critical cybersecurity priorities to immediately enhance our cybersecurity preparedness.

IT Implications of President’s FY13 Budget

The President’s FY13 budget proposal introduced this week includes a couple key items that reflect the continued support for IP protection.  First, the proposal includes a $5 million increase in funding to combat piracy and counterfeiting, raising the total spent to combat IP crimes by the USG to $40 million. Also, the budget provides support for the PTO’s new fee-setting authority and termination of fee diversion, estimating that the PTO will collect $2.9 billion in 2013, but any amount received in excess of $2.9 billion and deposited in shall remain available to the PTO until expended.

On the Fed. IT funding front, U.S. government spending on information technology would decline 1.2 percent next fiscal year, as part of the efforts to “do more with less,”  increasing efficiency through the use of cloud computing, shared services and mobile technology.

Regardless of the budget politics in an election year, these are both very significant elements, as they serve as markers for where the Obama Administration sees funding priorities that affect software and digital content companies.

Patent Reform

The US Patent & Trademark Office released notices of proposed rulemakings last week regarding a number of key provisions of the Leahy-Smith America Invents Act, including review of the new inter partes and post grant rules.  Comments must be submitted by early April.  Proposed fees for these procedures, as well as higher fees for applications, also were introduced, with the goal of reducing the patent backlog.  The PTO will hold a public hearing on fee proposals on February 15 at the PTO, and February 23 in Sunnyvale, CA, and the deadline for comment on the proposals is February 29th.

ACTA

With the European Parliament is scheduled to consider ACTA in June, the past few weeks have seen several EU member states, including Poland, Latvia and the Czech Republic, withdraw their intent to ratify ACTA or delayed the decision in their national parliaments in response to domestic protests.  On February 10th, in anticipation of these protests the European Commission released a “Factsheet on the Transparency of ACTA Negotiations.”

Ed-Tech Interoperability Standards

On Monday, SIIA released a Primer on K-20 Education Interoperability Standards that provides a framework for understanding interoperability standards that impact educational data, digital content, and software applications. The primer is a component of SIIA’s ongoing efforts to help inform on technical issues that are important to the success of educational technologies.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Digital Policy Roundup Tagged With: , , ,

SIIA Applauds Progress of Senate Cybersecurity Legislation

February 14, 2012 By

With cyber threats more sophisticated and targeted than ever, and growing at an unprecedented rate, now is the time to act on critical cybersecurity legislative priorities. We are pleased to see that Sens. Lieberman, Collins, Rockefeller and Feinstein have made significant progress in striking a balance between preserving innovation and identifying and regulating critical infrastructure.

SIIA continues to believe that cybersecurity legislation could potentially do more harm than good if not done carefully. A regulatory approach would not necessarily make organizations more secure, just more compliant. It is imperative that Congress preserves the ability of technology companies to quickly develop and deploy technology that can detect, prevent and mitigate cybersecurity threats.

We urge swift, bipartisan support for legislation that advances critical cybersecurity priorities and immediately enhances our preparedness. As we identified in a recent letter to Sen. Reid, there are multiple cybersecurity objectives that enjoy strong bipartisan support in the House and Senate, such as enhancing information-sharing between the public and private sectors, reforming FISMA, encouraging increased cybersecurity research and ensuring that law enforcement has the adequate tools and criminal penalties for to protect against cyber crimes.

SIIA is committed to the goal of enacting legislation that will establish a meaningful national framework for data security and for breach notification, and we look forward to continuing to work with Congressional leaders to reach consensus.

Katie CarlsonKen Wasch is President of SIIA.

 

Share|
Filed Under: Government, Policy, Policy - Cybersecurity, Software Tagged With: ,

Digital Policy Roundup: Administration releases latest cloud guidance, Cyber 2012 continues in Senate

February 7, 2012 By

Today, GSA released its latest policy memo, a guidance document for agencies and cloud service providers, describing the general Concept of Operations (CONOPS) for the FedRAMP, the government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based services. The release of this guidance is timely, with GSA’s Dave McClure joining us at our Cloud/GOV Conference next Thursday.

In the Senate, indications this week are that the Homeland Security and Governmental Affairs Committee will hold a hearing next week on cybersecurity legislation. The legislation is still expected to be introduced later this week or early next, and drafts continue to circulate. While Majority Leader Reid signaled in late 2011 his intention for the Senate to consider legislation in this first legislative work period, it’s now clear that this will be pushed back slightly, at least until after the President’s day recess.

And the pressure will begin mounting on House and Senate negotiators to reach a deal to extend the payroll tax cut currently set to expire at the end of the month. Again, extension of the key technology industry R&D tax credit, as well as broader corporate tax reform, will be linked to these discussions, along with other critical “extenders.” The R&D tax cut has been expired since late 2011, on of 14 times it has been allowed to expire in its 30-year history.

Last week, SIIA submitted comments to the FTC in response to their request for input on facial recognition technology. In offering to work with the Commission as they map out an approach for making sure that the public is able to benefit from the further development and deployment of these innovative techniques while still preserving privacy, SIIA urged the to recognize that it has at hand a workable general framework for evaluating and considering the privacy implications of facial recognition technology.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Digital Policy Roundup, Policy Tagged With: ,

Now is the Time to Act Swiftly, Enact Key Cybersecurity Objectives

January 18, 2012 By

SIIA offered its views to the Senate on cybersecurity on Tuesday, in a letter to Sen. Majority Leader Harry Reid (D-NV) in advance of the imminent Senate consideration of cybersecurity legislation.

Our members are dedicated to strengthening the nation’s IT infrastructure and protecting against growing cyber threats. These threats are more sophisticated and targeted than ever and are growing at an unprecedented rate. We know that as a nation, we can’t afford to delay advanced protection and instantaneous remediation.

That’s why SIIA believes that the most effective course of action is to focus in the short term on several critical priorities that enjoy broad bipartisan consensus. These key priorities are:

o Enhance information sharing between the public and private sectors,
o Reform of the Federal Information Security Management Act of 2002 (FISMA),
o Enhance and improve law enforcement tools and criminal penalties for cybercrimes, and
o Encourage increased cybersecurity research.

At the same time, SIIA believes that some complex issues of cybersecurity are not nearly as close to broad consensus. Including them in a comprehensive bill would give them short shrift and potentially slow down the bill’s adoption; most importantly and worryingly, the proposals advanced to date on some of these issues would seriously hinder the very innovation that is our best tool against cyber threats. Securing the Nation’s public and private IT networks will require the attention of Congress, the Administration and industry for the weeks, months and years ahead. It’s not something that can or should be achieved with one piece of legislation. Some of these complex issues include:

o Provide a national framework for data security and data breach notification,
o Designate and protect “covered critical infrastructure” (CCI),
o Clarify the role and authorities of the Department of Homeland Security (DHS),
o Ensure the security of the U.S. IT supply chain, and
o Create incentives for individuals and businesses to enhance their cybersecurity preparedness.

In particular, SIIA would welcome forward movement on a good data security and breach notification legislation. However, House and Senate consideration of this legislation in 2011 revealed many significant differences still needing to be resolved.

While SIIA does not support a heavy regulatory approach to cybersecurity, we do believe that positive incentives have a higher probability of success in two ways: a higher chance of better actual cybersecurity outcomes, and a higher probability of actually becoming law. The private sector responds to incentives, and aligning the interests of the private sector with the outcomes that are in the national interest makes sense. Furthermore, positive incentives (rather than negative ones) are clearly the most effective way to drive higher levels of trust and actual cooperation between the private sector and government – vital things needed to produce real success. SIIA strongly supports exploring positive incentives for individuals and businesses of all sizes as a long-term ongoing approach to securing the Nation’s IT infrastructure.

We are hopeful that the Senate can pass cybersecurity legislation that will quickly address some of the most critical threats to our nation’s IT infrastructure. SIIA members – whose companies work tirelessly to develop and deploy cutting edge cybersecurity solutions – will continue to actively engage policymakers to rapidly enact legislation that promotes technological innovation as the key to better cybersecurity.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Policy, Policy - Cybersecurity Tagged With:

Digital Policy Roundup: 2012 Starts with a Flurry of Tech Policy

January 11, 2012 By

Happy New Year. 2012 is starting out much like 2011 ended, with a flurry of tech policy activity, particularly in the U.S. Senate. Majority Leader Harry Reid (D-NV) has scheduled a key procedural vote on the PROTECT IP Act for Jan. 24, the second day the body will be in session for the new year.

Following that, Reid has also indicated that consideration of comprehensive cybersecurity legislation is also one of his top priorities for the first work period, even though draft legislative language was just made available in mid-December. And with the House scheduled to return a week before the Senate, it’s possible, if not likely that Judiciary Chairman Lamar Smith (R-TX) will proceed with the Committee markup of SOPA. Needless to say, the next couple weeks are going to be busy!

Also on the horizon, ICANN will begin accepting applications for new gLTDs on Thursday (January 12) despite continued objections from some members of Congress and some industry groups. The Coalition for Online Accountability, including SIIA, has recently met with NTIA leadership and the IP Enforcement Coordinator, to discuss the role of the U.S. government in curbing potential abuses of new gTLDs.

Following up on the launch of FedRAMP in December, the Administration last Friday released baseline security controls for cloud providers. Consistent with previous indication from GSA officials, these are significantly reduced from the draft controls made available about a year ago, to which SIIA and many cloud providers expressed significant concerns. GSA has reiterated that this will be an evolving list, but there is no further formal opportunity for comment.

And right before the Holidays, SIIA submitted comments to the FTC regarding their proposed revisions to the Children’s Online Privacy Protection Act (COPPA) Rule. While we expressed our support for several of the FTC’s conclusions, such as preservation of the current definition of a “child” and the “actual knowledge” standard, SIIA raised concerns regarding several of the proposals, including the proposed significant expansion of the definition of “personal information,” elimination of the “e-mail plus” method for notice and consent and various other changes.

SIIA also recommends some new approaches to accommodate new methods of notice and consent and encourages the Commission to take steps to ensure that it is applied as efficiently as possible with respect to school-based educational partners and other providers of educational materials and services.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Digital Policy Roundup, Policy Tagged With: ,
« Older Posts
Newer Posts »