Financial cybercrime and state-affiliated espionage made up a combined 95 percent of all cybersecurity incidents in 2012 included in a Verizon Communications study released Monday. The report examined 47,000 security incident reports from Verizon and 18 other organizations, including the Department of Homeland Security’s (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and two of its Computer Emergency Readiness Team units, as well as the U.S. Secret Service. Verizon focused its study on the 621 confirmed data breaches included in those reports, said Jay Jacobs, principal with Verizon Enterprise Solutions’ RISK Team, which writes the annual data breach report. A final version of the report had not been made public at our deadline.
Jimm Phillips
Jimm Phillips, Associate Editor, covers telecommunications policymaking in Congress for Communications Daily. He joined Warren Communications News in 2012 after stints at the Washington Post and the American Independent News Network. Phillips is a Maryland native who graduated from American University. You can follow him on Twitter: @JLPhillipsDC
Public-private partnerships are important to improving cybersecurity within the global information and communications technology (ICT) supply chain, said Joe Jarzombek, director-software assurance in the Department of Homeland Security’s (DHS) Office of Cybersecurity & Communications. Such partnerships, including DHS’s Software Assurance program, are critical when “you realize that those running our critical infrastructure have the same needs we have,” he said Thursday at a Brookings Institution event. The federal government has a responsibility to help critical infrastructure operators and owners address ICT vulnerabilities, but there needs to be “public will” to make it happen, Jarzombek said. DHS is working with the National Institute of Standards and Technology to foster an industry-led effort to develop the Cybersecurity Framework, a voluntary set of cybersecurity standards and best practices to protect critical infrastructure, as laid out in President Barack Obama’s February cybersecurity order (CD Feb 14 p1).
The Application Privacy, Protection, and Security (APPS) Act would address “key transparency issues surrounding mobile app use,” said Hogan Lovells attorney Mark Brennan, who argues broadband deployment and mobile privacy issues before the FCC, FTC and other federal agencies. A draft version of the bill, which Rep. Hank Johnson, D-Ga., began circulating in January, would introduce new data privacy protections for app users, including requiring app developers to get users’ permission before obtaining personal data, Brennan said Tuesday during an FCBA event.
The FCC did not act within its discretion when it determined InterCall’s services were “telecommunications” service and required the company to pay into the USF, Arent Fox attorney Ross Buntrock argued for The Conference Group. The agency also did not act properly in issuing the order through adjudication, rather than through the notice-and-comment rulemaking procedures it must follow under the Administrative Procedure Act, Buntrock said.
Critics of Progeny’s proposed rollout of its E-911 location service told FCC Chairman Julius Genachowski that the agency should carefully consider the impact the service would have on fellow users of the 900 MHz Multilateration Location and Monitoring Service band before greenlighting it. The members of the Part 15 Coalition, a group of unlicensed Part 15 device users which occupy the 902-928 MHz band, said they're concerned the FCC was moving too quickly toward a decision on the Progeny 911 location service, which they said has the potential to cause “unacceptable levels” of interference. Coalition members and Progeny officials each said told us Friday that the other side was attempting to draw attention away from the technical record. The service would help locate wireless callers to 911.
The framework will need to take into account how government and industry typically view critical infrastructure cybersecurity, Microsoft said. The government “tends to look at critical infrastructure as a monolithic collection of systems and services,” while industry “looks at core elements within its direct control or its contractual obligations to deliver services,” Microsoft said. If the government focuses too much on high-impact -- but low probability -- threat scenarios, the framework could include “requirements and compliance obligations that may not necessarily improve cybersecurity for critical infrastructure or private sector enterprises,” Microsoft said. The framework should be based on six foundational principles, Microsoft said -- risk-based, outcome-focused, prioritized, practicable, “respectful of privacy and civil liberties” and globally relevant. It should also include a cohesive risk assessment and risk management structure, Microsoft said.
The FCC’s role in regulating the communications industry needs to be reduced to reflect a more competitive marketplace, said Robert Litan, director of research at Bloomberg Government, in an interview for C-SPAN’s The Communicators which was set for telecast Saturday. Litan and Hal Singer, managing director at Navigant Economics, were on the program to discuss their book, The Need for Speed: A New Framework for Telecommunications Policy for the 21st Century. There was a case for more regulation within the industry 30 years ago because of monopolies within the industry, but “times change,” Litan said. “But in a world in which now we have convergence and we have a lot more competition, there’s less need for regulation” on issues like net neutrality. The FCC’s net neutrality order is “too radical, too harsh” in dealing with possible issues of discrimination in priority delivery contracts between network providers and websites, Singer said. He argued the order should be reversed, with discrimination issues dealt with “after the fact” by administrative law judges. There is more competition in the telecom industry than when AT&T had a monopoly on telephone service, but that “doesn’t necessarily mean that there is adequate competition,” Michael Weinberg, senior staff attorney at pro-regulatory Public Knowledge, told us. “If that’s your bar, then all sorts of things are going to look competitive. It is more competitive than an absolute monopoly, but I don’t think that means it’s adequately competitive.” While Litan and Singer are critical of the FCC in The Need for Speed, they note that the commission is only carrying out Congress’s instructions, Singer said. “The direction is going to have to come from Congress in recognition of the new landscape,” he said. Congress needs to reduce the FCC’s merger review authority within the wireless industry, Singer said. Since the FTC and Department of Justice’s Antitrust Division already examine those mergers for antitrust issues, “what is the FCC doing in this second, duplicative review?” he said. The FCC is then in a position to “give away things to the competitors who complain the loudest about a particular merger,” Singer said. “So long as you vest the agency with that kind of power, to move around millions or billions of dollars to special interests, you are going to get hordes of lobbyists walking around the halls of the agency looking for handouts.” The FCC should have a role in reviewing mergers within the wireless industry because of its expertise within the space, but “shouldn’t have a supplemental vote,” he said. Congress gave the FCC merger review authority under a public interest standard, which is important but different from the antitrust issue, Weinberg said. Public Knowledge has “been concerned in the past about the FCC’s interest in following through with enforcement of its merger conditions,” he said. “But that doesn’t necessarily mean that the FCC shouldn’t have a role in mergers or that there’s absolutely no situation in which conditions make sense.”
If U.S. government approval of SoftBank’s proposed purchase of 70 percent ownership of Sprint Nextel “is contingent upon agreement to restrict purchase of telecommunications equipment from select venders by virtue of geography, then it is a sad day for free and open global trade,” Huawei spokesman Bill Plummer told us in an email. House Intelligence Committee Chairman Mike Rogers, R-Mich., has said SoftBank and Sprint told him they will not integrate Huawei-manufactured telecom equipment into the Sprint network if the government approves the deal. The companies also said they plan to reduce Clearwire’s use of Huawei-manufactured equipment; Sprint is seeking government approval of its plan to buy out the carrier. SoftBank and Sprint were addressing concerns that Huawei posed a potential national security risk (CD April 1 p5). Excluding a manufacturer based on geography will do little to address network security concerns “given that every telecom gear vender relies on common global supply chains and faces common cyber-challenges,” Plummer said. “Such a contingency would mean little more than the unfair market-distorting penalization of a globally-respected company that meets the highest standards of network security, is a trusted vendor to 45 of the world’s top 50 network operators, and is an active investor and employer in the U.S.”
MetroPCS’s board urged shareholders to approve a proposed merger with T-Mobile USA, noting in a letter Monday that there’s “no assurance that MetroPCS will be able to deliver the same or better stockholder value as a stand-alone wireless company in the future.” MetroPCS said it believes merging with T-Mobile “will create the value leader in the U.S. wireless marketplace and provide significantly more value and potential equity upside to MetroPCS stockholders than could be achieved by MetroPCS on a stand-alone basis” (http://bit.ly/XmcELo).
Sprint Nextel and SoftBank have told House Intelligence Committee Chairman Mike Rogers, R-Mich., “they would not integrate Huawei in to the Sprint network and would take mitigation efforts to replace Huawei equipment in the Clearwire network,” Rogers said in a statement Thursday. SoftBank is seeking federal government approval for its planned buy of 70 percent ownership of Sprint; the government also needs to approve Sprint’s plan to purchase full control of Clearwire. The SoftBank and Clearwire deals have received additional attention because of both companies’ use of Huawei-manufactured equipment -- Huawei and fellow China-based telecom equipment manufacturer ZTE are helping build SoftBank’s 4G network in Japan, while Clearwire uses Huawei equipment on the edges of its network. Clearwire has previously said it’s reducing its use of Huawei-manufactured equipment.