The National Institute of Standards and Technology believes President Barack Obama’s executive order on cybersecurity was “quite explicit” in emphasizing that the Cybersecurity Framework the agency is developing in consultation with critical infrastructure industries needs to be voluntary, Charles Romine, NIST director-Information Technology Laboratory, told a House Homeland Security subcommittee Thursday. Chairman Pat Meehan, R-Pa., had said he was concerned that some language in the executive order could be interpreted to give agencies the authority to impose regulations via the framework. NIST has a long history of developing frameworks that have governed industry practices in a purely voluntary way, and the agency believes that approach will be effective in developing the framework this time, Romine said. “I'm not concerned about this being a hidden way of getting regulatory authority.”
Jimm Phillips
Jimm Phillips, Associate Editor, covers telecommunications policymaking in Congress for Communications Daily. He joined Warren Communications News in 2012 after stints at the Washington Post and the American Independent News Network. Phillips is a Maryland native who graduated from American University. You can follow him on Twitter: @JLPhillipsDC
The departments of Homeland Security (DHS), Commerce and Treasury hope their reports on possible incentives to encourage the private sector to adopt voluntary cybersecurity standards will be made public by the end of the month, said Jeanette Manfra, DHS deputy director running the task force implementing President Barack Obama’s Cybersecurity Executive Order, during a Wiley Rein program Wednesday on implementation of that order. Among other things, the order tasks DHS with overseeing the private sector’s implementation of the National Institute of Standards and Technology’s (NIST) forthcoming voluntary Cybersecurity Framework, including implementation of incentives (CD Feb 14 p1). DHS, Commerce and Treasury submitted separate reports to the Office of Management and Budget June 12 that examined the feasibility and effectiveness of possible incentives, but they have not yet been made public while they undergo an internal review (CD July 8 p9).
Department of Homeland Security (DHS) Secretary Janet Napolitano said Friday she will resign in September. Napolitano, who was one of the first cabinet officials President Obama appointed at the start of his first term in 2009, said she’s stepping down to become president of the University of California system. While Napolitano’s departure is unlikely to fundamentally alter DHS’s role in federal cybersecurity matters, it may slow progress on implementing President Obama’s cybersecurity executive order, industry experts told us.
Senate Commerce Committee leaders circulated draft cybersecurity legislation that’s meant to be a “bipartisan consensus,” a committee official told us Thursday. The bill, backed by Committee Chairman Jay Rockefeller, D-W.Va., and Ranking Member John Thune, R-S.D., is expected to be marked up by the end of the month, said the official. The draft is the Senate’s first attempt at enacting cybersecurity legislation in the 113th Congress. The House passed a revised version of the Cyber Intelligence Sharing and Protection Act (HR-624) in April, but industry officials have said they don’t believe it will pass the Senate, and the White House has threatened a veto.
All federal cybersecurity efforts that don’t directly relate to defense should be consolidated within the Department of Commerce, former Sen. Slade Gorton, R-Wash., told the House Commerce Committee’s Oversight subcommittee Tuesday. The subcommittee hearing focused on determining ways to best solve cybersecurity threats to U.S. intellectual property.
Congress should expand its efforts to address international intellectual property theft beyond cybersecurity legislation, former Sen. Slade Gorton, R-Wash., a member of the Commission on the Theft of American Intellectual Property (IP Commission), is expected to say this Tuesday in testimony before the House Commerce Committee’s Oversight and Investigations subcommittee. The IP Commission is working on issues including recommend policies that will mitigate intellectual property theft by China and others (http://1.usa.gov/11wjHmO). The subcommittee is holding the hearing to determine the scope of cybersecurity threats to U.S. intellectual property and technology, and the best legislative ways to address those threats.
FTC Chairwoman Edith Ramirez’s remarks Thursday in favor of a possible FTC investigation into the business practices of patent assertion entities (PAEs) are “obviously going to have some impact” in the federal government’s ongoing debate over how to best address the issue of abusive patent litigation, said American Intellectual Property Law Association (AIPLA) Executive Director Todd Dickinson, former director of the U.S. Patent and Trademark Office (PTO). “It keeps the iron in the fire,” he told us.
FTC Chairwoman Edith Ramirez said the commission should use its authority under Section 6(b) of the FTC Act to investigate the business practices of patent assertion entities (PAEs) to examine whether those practices harm competition and consumer interests. Section 6(b) of the FTC Act gives the agency the authority to do a full investigation of an industry’s business practices, including issuing subpoenas, and report their findings to Congress and the public. Ramirez said at a Thursday joint Computer and Communications Industry Association (CCIA) and American Antitrust Institute (AAI) event that she supports conducting an investigation, but did not say she would formally ask the commission to vote to start one.
A pair of controversial National Security Agency (NSA) surveillance programs that collect phone metadata and user data from online services have helped prevent “potential terrorist events over 50 times since 9/11,” NSA Director Keith Alexander told a House Intelligence Committee hearing Tuesday. At least 10 of those threats involved U.S. targets, though Alexander and other intelligence officials only disclosed details of two new cases Tuesday. The programs are “immensely valuable for protecting our nation and securing the security of our allies,” Alexander said. Most members of the committee defended the programs Tuesday, with Chairman Mike Rogers, R-Mich., a former FBI agent, inviting Alexander and other officials to dispel the “laundry list” of “incomplete information” that has circulated since news of the programs leaked earlier this month.
FCC Commissioner Ajit Pai urged Congress to “permanently” exclude cellphone firmware unlocking from the provisions of the Digital Millennium Copyright Act (DMCA). The librarian of Congress declined in October to renew a three-year exemption that excluded unlocking from prosecution under the DMCA, meaning consumers who unlock their mobile devices could face civil and criminal penalties. “This is a classic case of the government solving a problem that doesn’t exist,” Pai said Monday at a joint TechFreedom-Competitive Enterprise Institute event. Contract-law rights, including early termination fees, already ensure subscribers fulfill contracts with the carriers, he said. “Adding heavy-handed copyright penalties, including hefty criminal fines, marries the sledgehammer to the fly,” Pai said. Congress is already considering at least four bills that would address the issue -- the Unlocking Consumer Choice and Wireless Competition Act (HR-1123), the Unlocking Technology Act (HR-1892), the Wireless Device Independence Act (S-467) and the Wireless Consumer Choice Act (S-481).