Jimm Phillips

The privacy and civil liberties protections being included in the White House’s Cybersecurity Framework are still in the early stages of development, but policy experts at leading privacy groups tell us they do not believe the Cyber Intelligence Sharing and Protection Act (CISPA) is likely to be a factor. Privacy groups criticized CISPA when the House passed it earlier this month because of what they saw as insufficient privacy protections (CD April 19 p6) . But those groups also see the Senate as unlikely to take up the bill, scuttling its chances of affecting the framework. Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va., said Tuesday that he views CISPA as a “sort of useless bill” that “can’t guide us at all” (CD April 24 p12) . The committee did not respond to a request for further comment. The National Institute of Standards and Technology (NIST) and the Department of Homeland Security (DHS) are collaborating to lead development of the Cybersecurity Framework, a set of standards and best practices, in response to President Barack Obama’s February cybersecurity order (CD Feb 14 p1) .

Sprint Nextel lost a net 560,000 subscribers during Q1, in part because of the continued exodus of subscribers from its Nextel platform. About 1.3 million subscribers remain on the Nextel platform, which Sprint still expects to shut down June 30, said Sprint CEO Dan Hesse Wednesday during a Q1 investor earnings call. Sprint added 12,000 subscribers to its own platform, well below analyst estimates of 110,000 to 275,000 additions. Sprint Chief Financial Officer Joseph Eutenauer attributed the losses partially to exiting business clients on the Nextel network who chose to also cancel related subscriptions on the Sprint platform. The carrier will remain focused on recapturing as many of the remaining 1.3 million subscribers on the Nextel platform as it can, though Eutenauer said earlier the carrier still expects it will only be able to recapture about 40 percent of those subscribers. Costs related to the shutdown will reach $500 million to $600 million during Q2, Sprint said.

If President Barack Obama appoints FCC Commissioner Mignon Clyburn as the agency’s interim chair upon FCC Chairman Julius Genachowski’s departure, addressing interoperability in the 700 MHz lower B block will be one of her “higher policy priorities,” said Louis Peraertz, Clyburn’s aide, during an FCBA event Tuesday. Earlier this month, the FCC Wireless Bureau extended the deadline for smaller carriers to build out on the band (CD April 9 p1). Clyburn is hoping to resolve interoperability “fairly quickly,” because it will give options to customers in urban and rural areas, Peraertz said. Interoperability is an important part of the agency’s band plan, but it’s also complicated, said Renee Gregory, Genachowski’s aide. Genachowski’s office continues to be engaged on the issue, she said. FCC Commissioner Jessica Rosenworcel believes issues with interoperability on the band demonstrate that the agency needs to ensure similar problems do not arise when they address the 600 MHz band, said David Goldman, Rosenworcel’s aide.

The U.S. Patent and Trademark Office (PTO) should take steps to eliminate functional claiming -- when a patent claim recites the function of a piece of software -- because such claims allow patentees to “claim functions, not inventions” and therefore obscure the patent’s limits, Verizon Communications said in a filing the PTO released Monday. The PTO collected comments through April 15 on possible reforms to improve the quality of software-related patents as part of its “Software Partnership” with industry; the agency released filings from Verizon and other companies and industry groups filed at the deadline (CD Feb 28 p16).

Financial cybercrime and state-affiliated espionage made up a combined 95 percent of all cybersecurity incidents in 2012 included in a Verizon Communications study released Monday. The report examined 47,000 security incident reports from Verizon and 18 other organizations, including the Department of Homeland Security’s (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and two of its Computer Emergency Readiness Team units, as well as the U.S. Secret Service. Verizon focused its study on the 621 confirmed data breaches included in those reports, said Jay Jacobs, principal with Verizon Enterprise Solutions’ RISK Team, which writes the annual data breach report. A final version of the report had not been made public at our deadline.

Public-private partnerships are important to improving cybersecurity within the global information and communications technology (ICT) supply chain, said Joe Jarzombek, director-software assurance in the Department of Homeland Security’s (DHS) Office of Cybersecurity & Communications. Such partnerships, including DHS’s Software Assurance program, are critical when “you realize that those running our critical infrastructure have the same needs we have,” he said Thursday at a Brookings Institution event. The federal government has a responsibility to help critical infrastructure operators and owners address ICT vulnerabilities, but there needs to be “public will” to make it happen, Jarzombek said. DHS is working with the National Institute of Standards and Technology to foster an industry-led effort to develop the Cybersecurity Framework, a voluntary set of cybersecurity standards and best practices to protect critical infrastructure, as laid out in President Barack Obama’s February cybersecurity order (CD Feb 14 p1).

The Application Privacy, Protection, and Security (APPS) Act would address “key transparency issues surrounding mobile app use,” said Hogan Lovells attorney Mark Brennan, who argues broadband deployment and mobile privacy issues before the FCC, FTC and other federal agencies. A draft version of the bill, which Rep. Hank Johnson, D-Ga., began circulating in January, would introduce new data privacy protections for app users, including requiring app developers to get users’ permission before obtaining personal data, Brennan said Tuesday during an FCBA event.

The FCC did not act within its discretion when it determined InterCall’s services were “telecommunications” service and required the company to pay into the USF, Arent Fox attorney Ross Buntrock argued for The Conference Group. The agency also did not act properly in issuing the order through adjudication, rather than through the notice-and-comment rulemaking procedures it must follow under the Administrative Procedure Act, Buntrock said.

Critics of Progeny’s proposed rollout of its E-911 location service told FCC Chairman Julius Genachowski that the agency should carefully consider the impact the service would have on fellow users of the 900 MHz Multilateration Location and Monitoring Service band before greenlighting it. The members of the Part 15 Coalition, a group of unlicensed Part 15 device users which occupy the 902-928 MHz band, said they're concerned the FCC was moving too quickly toward a decision on the Progeny 911 location service, which they said has the potential to cause “unacceptable levels” of interference. Coalition members and Progeny officials each said told us Friday that the other side was attempting to draw attention away from the technical record. The service would help locate wireless callers to 911.

The framework will need to take into account how government and industry typically view critical infrastructure cybersecurity, Microsoft said. The government “tends to look at critical infrastructure as a monolithic collection of systems and services,” while industry “looks at core elements within its direct control or its contractual obligations to deliver services,” Microsoft said. If the government focuses too much on high-impact -- but low probability -- threat scenarios, the framework could include “requirements and compliance obligations that may not necessarily improve cybersecurity for critical infrastructure or private sector enterprises,” Microsoft said. The framework should be based on six foundational principles, Microsoft said -- risk-based, outcome-focused, prioritized, practicable, “respectful of privacy and civil liberties” and globally relevant. It should also include a cohesive risk assessment and risk management structure, Microsoft said.