An EU cybersecurity strategy to be launched Feb. 7 will require governments to set up computer emergency response teams (CERTs) and mandate breach reporting by the energy, transport, banking, and health sectors, Internet service enablers and public administrations, said Digital Agenda Commissioner Neelie Kroes Wednesday at a global cybersecurity conference in Brussels. Despite the high costs of insecure network and information systems, most information and communication technology users aren’t aware enough of the risks they face online and many aren’t prepared to deal with them, she said. Most cyberincidents could be prevented through simple or cheap measures, she said. And because the risks aren’t contained within borders, fragmentation and duplication of preventative measures must stop, she said. The European Commission will propose a comprehensive approach and legislation to strengthen cyber-resilience and network and information security, she said. The strategy will be a joint effort by Kroes, Home Affairs Commissioner Cecilia Malmström, and EU High Representative for Foreign Affairs and Security Policy Catherine Ashton, a briefing document said. The strategy aims to attain a high level of cyber-resilience by boosting capabilities, preparedness, cooperation, information-exchange and awareness at the national and EU level in network and information security, and to drastically cut cybercrime by strengthening the expertise of agencies dealing with such cases. The strategy also calls for development of an EU cyberdefense policy, and the creation of a European industry and market for secure ICT. It will also expand EU international cyberspace policy to promote the respect of core EU values, and help non-EU third countries toughen their information infrastructure, the document said. The strategy will also clarify the roles and duties of the various EU players in the cybersecurity field. The EC is also proposing, in a draft directive, to require all governments to set up a well-functioning national CERT, appoint a national network and information security (NIS) authority, and adopt a national NIS contingency and cooperation plan and strategy. The EC also wants to extend breach reporting requirements now applicable only to the telecom sector to banking, energy (electricity and natural gas), transport (air and maritime freight and passenger carriers and ports among them), health; key Internet services companies (social networks, search engines, cloud providers and others), and public administrations. For example, it said, an incident affecting an e-commerce platform that prevents the completion of online transactions over several hours would have to be reported, as would a maintenance incident of an information system at a power plant that stops electricity to a small city for several hours. The European Network and Information Security Agency (ENISA) would continue to offer support and technical advice to EU government and the private sector, it said. There will be other measures as well, Kroes said. They include further measures to fight botnets; improve the security and resilience of industrial control systems and smart grids; and make users more aware of the risks and how to tackle them, she said. The plan “will help Europe get its own house in order.” Kroes announced Tuesday night that the EC, European Parliament and Council of Ministers reached political agreement on renewing ENISA’s mandate. “This is a timely development” in light of the upcoming cybersecurity strategy and legislative proposals, she said.
An EU cybersecurity strategy to be launched Feb. 7 will require governments to set up computer emergency response teams (CERTs) and mandate breach reporting by the energy, transport, banking, and health sectors, Internet service enablers and public administrations, said Digital Agenda Commissioner Neelie Kroes Wednesday at a global cybersecurity conference in Brussels. Despite the high costs of insecure network and information systems, most information and communication technology users aren’t aware enough of the risks they face online and many aren’t prepared to deal with them, she said. Most cyberincidents could be prevented through simple or cheap measures, she said. And because the risks aren’t contained within borders, fragmentation and duplication of preventative measures must stop, she said. The European Commission will propose a comprehensive approach and legislation to strengthen cyber-resilience and network and information security, she said. The strategy will be a joint effort by Kroes, Home Affairs Commissioner Cecilia Malmström, and EU High Representative for Foreign Affairs and Security Policy Catherine Ashton, a briefing document said. The strategy aims to attain a high level of cyber-resilience by boosting capabilities, preparedness, cooperation, information-exchange and awareness at the national and EU level in network and information security, and to drastically cut cybercrime by strengthening the expertise of agencies dealing with such cases. The strategy also calls for development of an EU cyberdefense policy, and the creation of a European industry and market for secure ICT. It will also expand EU international cyberspace policy to promote the respect of core EU values, and help non-EU third countries toughen their information infrastructure, the document said. The strategy will also clarify the roles and duties of the various EU players in the cybersecurity field. The EC is also proposing, in a draft directive, to require all governments to set up a well-functioning national CERT, appoint a national network and information security (NIS) authority, and adopt a national NIS contingency and cooperation plan and strategy. The EC also wants to extend breach reporting requirements now applicable only to the telecom sector to banking, energy (electricity and natural gas), transport (air and maritime freight and passenger carriers and ports among them), health; key Internet services companies (social networks, search engines, cloud providers and others), and public administrations. For example, it said, an incident affecting an e-commerce platform that prevents the completion of online transactions over several hours would have to be reported, as would a maintenance incident of an information system at a power plant that stops electricity to a small city for several hours. The European Network and Information Security Agency (ENISA) would continue to offer support and technical advice to EU government and the private sector, it said. There will be other measures as well, Kroes said. They include further measures to fight botnets; improve the security and resilience of industrial control systems and smart grids; and make users more aware of the risks and how to tackle them, she said. The plan “will help Europe get its own house in order.” Kroes announced Tuesday night that the EC, European Parliament and Council of Ministers reached political agreement on renewing ENISA’s mandate. “This is a timely development” in light of the upcoming cybersecurity strategy and legislative proposals, she said.
As Research in Motion changes its corporate name to BlackBerry and rolls out a new operating system and hardware, the smartphone supplier will have its work cut out in seeking to win back customers and secure new ones amid heightened competition from Android and iPhone platforms, retailers we polled said.
The FCC should impose a relatively early deadline on all interconnected text message providers to send bounce-back messages to their customers when text-to-911 isn’t available, not just the nation’s four biggest carriers, AT&T said in comments filed at the FCC. The National Emergency Number Association said the deadline for all should be “generous, but firm.” Under an agreement last year with the Association of Public-Safety Communications Officials and NENA, the top four providers said they would implement systems for transmitting bounce-back messages by June 30. T-Mobile warned that meeting the deadline won’t be easy.
CEA laid out a set of principles it said would help the FCC hold a successful incentive auction of broadcast TV spectrum. Google and Microsoft stressed the importance of maintaining a healthy chunk of the spectrum for unlicensed use. AT&T and Verizon countered small carrier arguments over who should be allowed to participate in the auction.
The Consumer Electronics Association laid out a set of principles it said would help the FCC hold a successful incentive auction of broadcast TV spectrum. Google and Microsoft stressed the importance of maintaining a healthy chunk of the spectrum for unlicensed use. AT&T and Verizon countered small carrier arguments over who should be allowed to participate in the auction.
The first phase of Iowa’s statewide Next-Generation 911 system is complete, said TeleCommunication Systems. That makes Iowa “the first state in the nation to complete a statewide deployment” of a National Emergency Number Association i3-compliant NG-911 system, with all 119 911 centers in the state interconnected to the system that'll eventually allow people to send text, images and video, the company said Friday (http://xrl.us/bocax6). It’s part of a five-year contract with the Iowa Homeland Security Emergency Management Division, the company added.
President Barack Obama nominates Jeffrey Shell, NBCUniversal, to be Broadcasting Board of Governors chairman, for term expiring Aug. 13, 2015, as Obama had planned (CD Sept 14 p17) … House Homeland Security Committee Democrats this Congress include as ranking subcommittee members Yvette Clarke, New York, Cybersecurity, Infrastructure Protection & Security Technologies; Donald Payne, New Jersey, Emergency Preparedness, Response & Communications; as new Republican members Jason Chaffetz, Utah; Steven Palazzo, Mississippi; Lou Barletta and Keith Rothfus, both of Pennsylvania; Chris Stewart, Utah; Richard Hudson, North Carolina; Steve Daines, Montana; Susan Brooks, Indiana; and Scott Perry, Pennsylvania; and as new Democratic members Donald Payne, New Jersey; Beto O'Rourke and Filemon Vela, both of Texas; Tulsi Gabbard, Hawaii; Steven Horsford, Nevada; and Eric Swalwell, California … TechAmerica hires Scott Bousum, ex-House Armed Services Committee staff, as senior manager-national security policy.
Getting an international playing field that is fair to U.S. trade is the key for American jobs and companies, should be the top priority for the second Obama administration, the U.S. Chamber of Commerce said in a new report. It said the U.S. market is largely open to imports, but many other countries continue to levy steep tariffs on U.S. exports, and foreign governments have erected other barriers against U.S. goods and services.
The House Homeland Security Committee plans to examine and monitor the Department of Homeland Security’s role in hardening networks from cyberattack, according to its oversight plan which was published Wednesday (http://xrl.us/bobz3g). The committee will review the federal government’s cyber missions and monitor DHS’s role in “fulfilling its goals in order to prevent a catastrophic cyber attack,” the plan said. The committee will ensure that DHS “facilitates the improved security of our nation’s critical infrastructure while earning and building on the trust of the owners and operators of that infrastructure.” The Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies will examine DHS’s ability to detect the incursion of malicious activity; attribute the source of that activity; and promote best practices, risk assessments, and share threat information across all levels of government and the private sector, the oversight plan said. The subcommittee will examine the resiliency of the nation’s critical infrastructure and “the need to optimize supply chain risk management in order to protect against manipulation without unnecessarily impeding commerce,” said the plan. The Subcommittee on Emergency Preparedness, Response and Communications will monitor the development of FirstNet and the public safety interoperable wireless broadband network. The oversight plan said the Subcommittee on Counterterrorism and Intelligence will evaluate DHS’s ability to deter and respond to emerging threats. Specifically the plan said GPS navigation systems are “highly susceptible to being jammed and hijacked” and an attack on such devices could “disrupt civil aviation and emergency communications, attack global financial exchanges, and corrupt the energy grid.”