The National Institute of Standards and Technology’s (NIST) Cybersecurity Framework still has a mixed legacy for the critical infrastructure sectors to which it was targeted, more than six months after the agency released the framework’s “Version 1.0,” industry participants said Wednesday during a joint Industrial Control System Information Sharing and Analysis Center (ICS-ISAC)-DCT Associates webinar. NIST released the Version 1.0 framework in mid-February, simultaneous with the start of the Department of Homeland Security’s (DHS) voluntary Critical Infrastructure Cybersecurity Community (C3) program to encourage industry use of the framework (CD Feb 13 p5).
Jimm Phillips
Jimm Phillips, Associate Editor, covers telecommunications policymaking in Congress for Communications Daily. He joined Warren Communications News in 2012 after stints at the Washington Post and the American Independent News Network. Phillips is a Maryland native who graduated from American University. You can follow him on Twitter: @JLPhillipsDC
Most major wireless parties continued to urge the FCC to revise the rules it proposed for a new Citizens Broadband Radio Service on the 3.5 GHz band. Replies said the major faults of the rulemaking continue to be the proposed exclusion zones and the three-tiered spectrum access system (SAS) licensing framework. The comments, posted Friday and Monday in docket 12-354, repeated concerns that parties raised in July (CD July 16 p4). Commissioners Mike O'Rielly and Ajit Pai had also raised concerns about the size of the proposed exclusion zones, in which spectrum use would be restricted to protect government incumbents, when the commission approved the FNPRM in April (CD April 24 p4).
The California Public Utilities Commission (CPUC) said its review of Comcast’s deal to buy Time Warner Cable and associated TWC Information Services and Bright House Networks deals will focus on both the public interest aspects of the deals and the implications Comcast/TWC will have on broadband deployment in the state. The scope of CPUC’s plans, which it said Thursday in a memo will include requests for “significant factual data” from the companies (http://bit.ly/1l7IUhC), will make the commission’s review very thorough, said industry observers in interviews. CPUC said it will use its review of Comcast/TWC to seek out conditions related to California-specific effects of the deal and inform any comments the commission files as part of FCC review of the deal.
The Connecticut Public Utilities Regulatory Authority (PURA) appears likely to approve Frontier Communications’ proposed acquisition of AT&T’s wireline, broadband and video assets in the state, after a recent agreement between Frontier and state officials, but that approval is unlikely to come swiftly, industry observers said in interviews Thursday. The office of Connecticut Attorney General George Jepsen, a Democrat, and the Office of Consumer Counsel (OCC) reached an agreement with Frontier Tuesday on public interest conditions related to the deal (CD Aug 13 p13).
The New York Public Service Commission (PSC) is moving closer to a decision in its review of the proposed Comcast/Time Warner Cable (TWC) deal, with industry observers telling us they believe recently filed recommendations from the Department of Public Service (DPS) staff signal the PSC could approve the merger, though with significant concessions. Public interest groups opposed to Comcast/TWC said they continue to support full denial at the state level rather than extracting concessions. New York raised the state regulatory requirements earlier this year for cable franchise deals like Comcast/TWC, with the law now requiring applicants to show a deal would be in the public interest rather than requiring the PSC to approve deals unless it could prove harm to the public interest (CD March 21 p15). The PSC will factor the DPS staff comments and other filings into its decision, which it expects to announce at its Oct. 2 meeting, a spokesman said.
Netflix Vice President-Global Public Policy Chris Libertelli said state regulators have a role to play in the net neutrality debate, but told a Thursday meeting at the California Public Utilities Commission (CPUC) that the role should be to focus on protecting consumers. States have to be careful about the route they take in any foray into net neutrality because focusing on issues like the intrastate role of ISPs could be a “debate that isn’t productive,” he said. Net neutrality could also be an issue in any state’s review of major industry mergers like the proposed Comcast/Time Warner Cable deal, Libertelli said. Comcast/TWC creates a large enough company that “if consolidation happens, there’s no reason that Comcast couldn’t own every cable company in America,” he said. Netflix has opposed Comcast/TWC on net neutrality grounds, though Comcast has said Netflix’s opposition is about shifting interconnection costs to all Internet consumers (CD April 28 p20).
Alabama’s state 911 service fee rose Friday from $1.60 to $1.75 per month for all wireless and wireline customers. Opponents have decried that, because the Alabama 911 Board requires the estimated 200,000 consumers in the state who use the FCC low-income Lifeline program to pay those fees. Lifeline provider TracFone and a coalition of seven groups have been trying to get the Lifeline subscriber rule removed from the 911 fee base, saying Alabama is the only state to require Lifeline subscribers to pay a 911 fee. The Alabama 911 Board adopted the rule last year, effective Dec. 31, requiring eligible telecom carriers (ETCs) to collect the fee from Lifeline subscribers, saying requiring those subscribers to pay the fee made it “more equitable” and better aligned it with state law (http://bit.ly/1qNUuAS).
The Department of Homeland Security (DHS) endorsed Tuesday a cyber-risk oversight handbook for corporate board of directors jointly published by AIG, the Internet Security Alliance (ISA) the National Association of Corporate Directors (NACD). DHS is incorporating the handbook into its Critical Infrastructure Cyber Community (C3) Volunteer Program, the program the department is using to encourage use of the National Institute of Standards and Technology-facilitated Cybersecurity Framework, said DHS Assistant Secretary Andy Ozment, head of the National Protection and Programs Directorate’s (NPPD) Office of Cybersecurity and Communications, during a news conference announcing DHS’s adoption of the handbook. DHS will also make the handbook available through the U.S. Computer Emergency Readiness Team’s website, said Ozment. The handbook, originally released last month, says corporate boards of directors should handle cybersecurity using a set of five principles, including an understanding that cybersecurity is “an enterprise-wide management issue,” rather than just an IT issue. Boards also need to understand the legal implications of cyber risks and should have adequate access to cybersecurity expertise to evaluate policies, the handbook said. They should also expect management to create an enterprise-wide cyber risk framework that is adequately funded, and should identify which risks to “avoid, accept, mitigate or transfer through insurance,” the handbook said (http://bit.ly/1mbVuut). Directors are “very much aware of cybersecurity,” but need guidance on how to confront it, said NACD President and CEO Ken Daly during the news conference. ISA President Larry Clinton said the handbook could help corporate board and cybersecurity experts “connect the dots,” noting that both sides need to understand each others’ lexicons.
The timing of any Senate action on the National Cybersecurity and Critical Infrastructure Protection Act (HR-3696) and three other cybersecurity bills the House passed Monday night remains unclear, said industry lawyers and lobbyists in interviews. The bills encountered virtually no opposition on the House floor, as expected (CD July 29 p9). The House passed HR-3696, the Critical Infrastructure Research and Development Advancement Act (HR-2952) and the Safe and Secure Federal Websites Act (HR-3635) on voice votes. It passed the Homeland Security Cybersecurity Boots-on-the-Ground Act (HR-3107) 395-8. HR-3696 codifies the Department of Homeland Security’s current cybersecurity role, while HR-2952 and HR-3107 are also DHS-centric. The Senate Homeland Security Committee has passed a few bills seen similar to these bills.
A set of four cybersecurity bills the House was set to vote on Monday night appeared likely to pass with strong bipartisan support, industry lawyers and lobbyists told us in interviews before the vote. Debate on the bills had not begun at our deadline. The major bill of the four was the National Cybersecurity and Critical Infrastructure Protection Act (HR-3696), which would codify the Department of Homeland Security’s (DHS) existing role in dealing with cybersecurity issues, but would not extend the department’s powers (CD Feb 6 p7). HR-3696 also deals with DHS’ role in information sharing, but lawyers and lobbyists we spoke with said the information sharing aspect of the bill has not stirred up controversy as did the House-passed Cyber Intelligence Sharing and Protection Act (HR-624) or the Senate’s Cybersecurity Information Sharing Act (S-2588).