Maintain Cybersecurity Spending

A recent article in Politico warned that cybersecurity could be a casualty of a sequester ax.  The problem is that without a change in course, the federal budget is headed for a uniform across the board reduction and that would include the multiple programs that carry out our nation’s responsibilities for protecting federal networks, staving off foreign cyber attacks and researching new technologies. As Politico put it: “Many of those initiatives would be hit hard by deep cuts beginning in 2013 unless Congress pushes back the target date for its legally mandated cuts, exempts some categories of spending or does away entirely with its fallback, deficit-reduction plans.”

And then the news hit that the White House itself had been the target of a cyber attack. Fortunately, this time, no classified systems were compromised and no data was extracted.  This time.

It is not often that events illustrate so vividly the risks to the nation in continuing an unacceptable compromise policy.  No one really wants a sequester, and no one really wants the consequences that would flow from one. Policymakers need to do what it takes to avoid it.

But failing that, the Administration should find a way to prioritize cyber security spending.  Congress did not agree on all aspects of the stalled cybersecurity legislation, but they did agree that more Federal funding for cyber security programs and research was an urgent national priority. Sequester planning should maintain that priority.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow the SIIA Public Policy team on Twitter at @SIIAPolicy

SIIA Applauds Passage of Cybersecurity Legislation in House

SIIA commends today’s House passage of the Cybersecurity Intelligence Sharing and Protection Act (CISPA, H.R. 3523). With cyber threats more sophisticated and targeted than ever, and growing at an unprecedented rate, now is the time to act on critical cybersecurity legislative priorities. We believe the top priority is to establish a framework that enables the public and private sectors to work together in sharing information on known threats and vulnerabilities. H.R. 3523 would accomplish the vital objective of early detection and notification of cybersecurity threats. This is the most critical component of preventing and mitigating attacks, and will increase security across the board.

As important as this bill is, information sharing is not alone enough to protect the nation’s cyber threats. SIIA continues to support quick passage of other key measures before the House to address the nation’s most pressing cybersecurity challenges, while preserving innovation. These measures include:

• HR 4257 to reform of Federal Information Security Management Act (FISMA),
• HR 2096 and HR 3834 to provide for additional cybersecurity R&D.

A strong and responsive cybersecurity system that doesn’t add burdensome regulation will make everyone more secure and keep our country at the forefront of tech innovation.

Ken WaschKen Wasch is President of SIIA.

SIIA DPR: Bills Lined-up for Cyber Week, SIIA Releases Education Interoperability Primer, and ICANN Continues to Postpone

Cyber Week Arrives With Slate of Legislation, Proposed Amendment to CISPA Ongoing
House Republican Leadership officially confirmed last Friday the four cybersecurity bills that will be considered this week. Consistent with expectations, those are: H.R. 2096 – Cybersecurity Enhancement Act, Rep. McCaul (R-TX), H.R. 3834 – Advancing America’s Networking and IT R&D Act, Rep. Hall (R-TX), H.R. 3523 – Cyber Intelligence Sharing and Protection Act, Rep. Rogers (R-MI) and H.R. 4257 – Federal Information Security Amendments Act, Rep. Issa (R-CA). Most of the activity is expected to take place on Thursday, with Rogers’ bill likely to be the most heavily debated. Members were provided until COB Tuesday to file amendments.

Last week, SIIA joined with several other leading technology trade groups in sending a letter in support for these measures. The outlook is still uncertain for two other cyber week hopefuls: Rep. Lungren’s (R-CA) H.R. 3674 -the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act, which saw a slimmed-down version pass the Homeland Security Committee last week, and the data security/breach notification legislation, H.R. 2577 – the Safe DATA Act, Rep. Bono Mack (R-CA). Committee staff shared publicly the latest discussion draft this afternoon, and Rep. Bono Mack is hopeful to advance the legislation through regular order in the coming weeks. So we can possibly expect that to be considered by the E&C Committee soon.

SIIA Releases Primer on K-20 Education Interoperability Standards
This week, SIIA officially released a “Primer on K-20 Education Interoperability Standards” that provides a framework for understanding interoperability standards that facilitate the exchange of information among educational systems and support the integration of content, data, and components from different technology applications. The importance of interoperability is highlighted in the pending initiative to develop online assessments aligned to the Common Core State Standards, funded with federal Race to the Top grants to the SBAC and PARCC state consortia, among other initiatives. The Primer is intended enable developers of educational applications and digital content to further understand how adoption of interoperability standards can advance both education goals as well as their own business needs, with the goal of helping to achieve a flexible, modular assessment technology architecture to meet evolving and unique state and local requirements.

ICANN Further Extends TLD Application Process
ICANN confirmed last week that continuing technical problems have further delayed the deadline for the submission of new gTLD applications. As a result, ICANN will not be in a position to reveal the new gTLD applications received on April 30, as previously scheduled. ICANN has recently said it “will provide an update on the timing of the reopening no later than Friday, 27 April,” and while no new date has been provided to reveal the list, ICANN has said that “the date when applied-for TLDs are announced will follow announcement of the application system re-opening date.” So stay tuned.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

SIIA Joins Call for Narrow, Bipartisan Cybersecurity Legislation

SIIA today announced its endorsement of three bipartisan measures to make improvements to cybersecurity. SIIA joined with the Information Technology Industry Council (ITI) and other trade associations representing a broad range of U.S. companies in a letter to Speaker John Boehner and Minority Leader Nany Pelosi supporting this major national security priority. The measures seek to bring to bear the resources of U.S. companies to protect personal information.

SIIA urges Congress to pass legislation on the following issues that would immediately enhance our cybersecurity posture:

• Improved information sharing through HR 3523;
• Reform of Federal Information Security Management Act (FISMA) through HR 4257;
• Additional cybersecurity R&D through HR 2096 and HR 3834.

Passing these bipartisan measures, which are expected to be taken up in the House of Representatives next week, will improve public and private cybersecurity infrastructure without adding unnecessary expense or bureaucracy.

SIIA has long called for a measured, collaborative approach to cybersecurity legislation in order to protect consumers while allowing companies to continue to innovate. These bills tackle important security issues without adding excessive regulation or bureaucracy that could stifle American technology leadership. They will allow industry to work closely with government to ensure aggressive security that is flexible enough to keep up with the speed and sophistication of today’s cyber attacks.

Ken WaschKen Wasch is President of SIIA.

Digital Policy Roundup: House Cyber Week Approaching, SCOTUS to Hear Key Textbook IP Case, and DOC Unveils IP Econ Report

Congress Returns, Next Week is House “Cyber Week”
With Congress back from the Easter recess, there is much activity ongoing for “cyber week,” beginning on April 23. During the week, several cybersecurity bills are expected to be brought to the House floor for a vote, including: H.R. 2096 – Cybersecurity Enhancement Act, Rep. McCaul (R-TX), H.R. 3834 – Advancing America’s Networking and IT R&D Act, Rep. Hall (R-TX), H.R. 3523 – Cyber Intelligence Sharing and Protection Act, Rogers (R-MI), H.R. 4257 – Federal Information Security Amendments Act, Issa (R-CA). In preparation for next week, Rep. Rogers continues to explore amendments to his legislation to address concerns raised by the civil liberties watchdogs, and the Homeland Security Committee is also scheduled to consider additional information sharing legislation Wednesday morning, H.R. 3674- Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act, legislation that the bill’s sponsor, Rep. Lungren (R-CA) is seeking to have considered.

Supreme Court to Hear Key Textbook “First Sale” Copyright Case
This week, the Supreme Court decided to hear the copyright case of Kirtsaeng v. John Wiley & Sons Inc., a key case for SIIA members focused on whether the copyright law’s “first sale doctrine” applies when the copyrighted work–here a foreign edition of a textbook–is made and sold outside the United States and then imported into the United States. The case at issue involves a student from Thailand who attempted to subsidize his expenses by having friends and family members send him foreign editions of textbooks, which he would then sell online. If the Supreme Court affirms the lower courts by holding that the first sale defense does not apply, the unauthorized distribution and sale of a copyrighted work here would constitute a copyright infringement.

Department of Commerce Releases IP Economic Report
As we reported last week, on April 11, the Department released a report titled “Intellectual Property and the U.S. Economy: Industries in Focus,” which estimates the economic impact of IP related industries on the U.S. economy. The report, which was prepared by the Economics and Statistics Administration and the U.S. Patent and Trademark Office, was initiated as part of the Intellectual Property Enforcement Coordinator’s (IPEC) 2010 Joint Strategic Plan to create a comprehensive study to better understand the role of IP in the economy and to inform policy decisions related to IP enforcement. In response, SIIA issued a statement hailing the Report as evidence that IP is essential to the creation of American jobs and growth and underscores the critical importance of adequately protecting the software and digital content industries.

ICANN Extends Window for gTLD Applications
Last week, ICANN extended the window for submitting applications for new gTLDs from April 12 to April 20, because of a technical issue effecting the performance of the TLD Application System (TAS). April 30 remains the target date for ICANN to publish the applied-for new domain names, but this is subject to change.

Ninth Circuit Rules on Reach of CFAA
Last week, the Ninth Circuit Court, in US v. Nosal reached a decision in a highly-anticipated Computer Fraud and Abuse Act (CFAA) case, that Nosal’s acts did not violate the CFAA, concluding that the “plain language of the CFAA ‘target[s] the unauthorized procurement or alteration of information, not misuse or misappropriation’” and more significantly that “the CFAA does not extend to violations of use restrictions.” In the case, the U.S. brought criminal charges under the CFAA against a former employee for “exceed[ing] authorized access” to his former company’s computers for the purpose of obtaining and using company information in violation of the terms of the company’s computer use policy.

For SIIA policy updates including upcoming events, news and analysis, subscribe to SIIA’s weekly policy email newsletter, Digital Policy Roundup.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Digital Policy Roundup: Administration Seeks Input on Data Privacy, Cyber Legislative Proposals Proliferate and NIST Releases Draft Security Guidance with Cloud and Mobile Implications

Administration Seeks Input on Data Privacy

As a follow-up to the release of the White House Privacy Report, the DOC National Telecommunications and Information Administration (NTIA) has formally requested comment on what issues should be addressed through the privacy multi-stakeholder process, as well as procedures to foster the development of these codes. Comments are due by March 26th.

Consistent with indications from Administration officials, the Federal Register Notice explains that while the NTIA plans to facilitate the development of enforceable codes of conduct that implement the full Consumer Privacy bill of Rights proposed in the Report, as a start to the process “NTIA seeks to conduct a privacy multi-stakeholder process focused on a definable area where consumers and businesses will receive the greatest benefit in a reasonable timeframe.”

Among the list of potential topics, the list of potential topics supplied by NTIA includes: mobile apps and associated issues, cloud computing services, accountability mechanisms, online services directed towards children and teens, trusted identity systems, such as NSTIC, and data collection from various technologies.

Cyber Legislative Proposals Proliferate

Following the release last week of a new cybersecurity legislative proposal, the Secure IT Act, offered by Sens. John McCain (R-Ariz.), Kay Bailey Hutchison (R-TX) and several other Republicans, Reps. Mary Bono Mack (R-CA) and Marsha Blackburn (R-TN) announced Monday their intention to introduce companion legislation. Sponsors have offered the legislation as an alternative to the Cybersecurity Act (S. 2105), introduced last month by Sens. Joe Lieberman (I-CT) and Susan Collins (R-ME), that would not give the Homeland Security Department the power to require critical computer systems to meet certain security standards, and both bills propose to enhance cybersecurity information sharing, reform FISMA, increase cybersecurity R&D and enhance cybercrime enforcement.

And at a time when cybersecurity is becoming an increasingly partisan issue, House E&C Subcommittee Chair Greg Walden (R-OR), in conjunction with the upcoming hearing on Wednesday, announced the formation of a bipartisan Communications and Technology Cybersecurity Working Group, which will include Reps. Lee Terry (R-NE), Anna Eshoo (D-CA), Doris Matsui (D-CA), Bob Latta (R-OH), Michael Doyle (D-PA) and Adam Kinzinger (R-IL).

NIST Security Guidance with Implications on Cloud and Mobile

Last Wednesday, NIST released a draft revision to Federal Guidelines on Security and Privacy Controls for Federal Information Systems and Organizations. Known as SP 800-53, the recent revision results from a year-long initiative to update the content of the security controls catalog and the guidance for selecting and specifying security controls for federal information systems and organizations, seeking to handle “insider threats, supply chain risk, mobile and cloud computing technologies, and other cyber security issues.” In announcing the document, NIST highlighted that “in most instances, with the exception of the new privacy appendix, the new controls and enhancements are not labeled specifically as “cloud” or “mobile computing” controls or placed in one section of the catalog. Rather, the controls and enhancements are distributed throughout the control catalog in various families and provide specific security capabilities that are needed to support those new computing technologies and computing approaches.

Indian Gov. Adopts New Localization Procurement Rule

India has recently approved a new procurement rule that imposes a preference for domestically manufactured electronic products. Specifically, the rule creates a 30% domestic content requirement on an ill-defined range of electronic products and services. Not only does the rule explicitly target laptops and computers, but it could also extend to any software, application or electronic content that the Indian government might deem to be covered. SIIA is working with other leading trade associations to urge the U.S. government to engage strongly with the government of India to rollback this protectionist policy.

Learn more about key policy developments affecting the software and digital content communities with Digital Policy Roundup.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Digital Policy Roundup: Cyber bills proliferate in Sen., Admin Privacy Reports, and SIIA Conference focuses on Dig. Learning Policy

On the same day that the Sen. Homeland Security Committee held a high profile hearing to discuss the Cybersecurity Act of 2012 (S. 2105), Sen. McCain (R-AZ), Kay Bailey Hutchison (R-TX) and four other Republicans announced their intention to introduce an alternative cybersecurity bill after Congress returns from the President’s Day recess. It will include measures to reform FISMA and facilitate information sharing between the government and private sector about cyber threats, among other things.

Also, following the introduction of S. 2105 last week, Sen. Leahy introduced new legislation to address the law enforcement component of cybersecurity (see summary). The legislation closely tracks Title I of Leahy’s Personal Data Privacy and Security Act of 2011 (S. 1151), which passed out of Committee last year, and is intended to be offered as an amendment when cyber is considered on the Senate floor.

FTC releases App. Privacy Report, Long Awaited DOC Report Expected Thursday
Last week, the FTC issued a staff report regarding the results of a survey of mobile apps for children. The Report, “Mobile Apps for Kids: Current Privacy Disclosures Are Disappointing,” asserts that mobile apps can capture a broad range of user information from a mobile device automatically, including the user’s precise geolocation, phone number, list of contacts, call logs, unique identifiers, and “highlights the lack of information available to parents prior to downloading mobile apps for their children, and calls on industry to provide greater transparency about their data practices.” Additionally, a report from POLITICO has the DC privacy community abuzz with anticipation that the long awaited Dept. of Commerce Privacy Report will be released at a White House privacy event scheduled for this Thursday.

SIIA Ed-Tech Policy Conference to Focus on Digital Learning Needs

As outlined by U.S. Education Secretary Arne Duncan more than a year ago, the New Normal in education is the challenge of “doing more with less” in our pK-20 education system. SIIA continues to support our education system’s efforts to reimagine and retool by personalizing learning and leveraging technology and digital learning. SIIA’s upcoming Ed Tech Government Forum will bring SIIA member technology and education entrepreneurs together with national, state and local education leaders to dialogue about the policies of the “New Normal.

Payroll Tax Holiday Advances Sans Key Tech Tax Provisions
The final payroll tax holiday extension package agreed to last week and expected to be signed by the President later this week does not extend key tech industry tax provisions such as the expired R&D tax credit or extension of the 100 percent bonus depreciation provision for qualified property placed in service before 2013.

ICANN/Domain Name Application Update

ICANN stated that, thus far, 100 applicants have applied for new gTLDs during the current January 12-April 12 application period. The ICANN Board also reaffirmed that there will be a second gTLD registration period at some point after the first window is over.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Curated By Logo