The growing threat of cyberattacks outmatch the modest security improvements made to the U.S. critical infrastructure in the past year, said a McAfee security report unveiled Tuesday at an event sponsored by the Center for Strategic and International Studies. Though operators of the power, oil, gas and water sectors are more cognizant of the threats, not enough is being done to protect critical assets, said an author of the report, Stewart Baker, who was a Department of Homeland Security assistant secretary and is now a partner at Steptoe & Johnson. Meanwhile, existing cybersecurity bills are too costly for the U.S. and Congress has not figured out the best way to encourage greater security in critical U.S. sectors, said a DHS representative speaking at the event.
The following are trade-related highlights of the Executive Communications sent to Congress on April 15, 2011:
The following are trade-related highlights of the Executive Communications sent to Congress on April 12-14, 2011:
LAS VEGAS -- It was easy to find NAB show attendees skeptical about mobile DTV’s prospects, asking around at the Las Vegas convention that concluded on Thursday. Some said they're frustrated about what they perceive as the lack of progress toward starting a viable business. Executives working on just that said they remain optimistic and that doubters need to be patient. “In less than a year, there have been some truly concrete steps to move the ball forward,” said Fox Senior Vice President Erik Moreno. Along with NBCUniversal’s Salil Dalvi, he runs the Mobile Content Venture (MCV), a joint venture between Fox, NBC and several top station groups. “It’s going to be incremental progress for some time, but it’s real progress,” Moreno said.
The recent cyberattack against the European Commission will “certainly speed up” formation of a computer emergency response team for the EU institutions, Home Affairs Commissioner Cecilia Malmström said Wednesday at a cybercrime conference in Budapest, Hungary. The intruders not only wanted to create damage, they were there to get important information, she said. The assault was “particularly sophisticated,” she said. The EU CERT is now expected to launch by the end of May, she said. The EU in general must also hasten its fight against cybercrime by strengthening the security of its networks, she said. The EC internal security strategy involves three main areas, she said: Law enforcement and judicial capacity-building; public-private cooperation to protect citizens; and boosting the capabilities of dealing with cyberattacks. One major component in the fight is the establishment of a European cybercrime center by 2013, she said. An upcoming EC feasibility study will examine what the center should focus on and where it could be hosted, Malmström said. The center is a good example of the kind of improved cooperation the EC wants among national CERTs, the European Network Information and Security Agency, law enforcement agencies and others, she said. A global response is also needed, she said. Europe’s main partner is the U.S., and there is a high-level EU-U.S. working group on cybersecurity that should deliver concrete results within a year, she said. Wednesday’s conference focused on the 10th anniversary of the Council of Europe cybercrime convention, a document Malmström said was influential in upcoming EC proposals for a directive on attacks against information systems. The EC text is largely based on the convention, and only adds provisions covering large-scale cyberattacks, an emerging trend not covered by the CoE, she said. Government ministers discussed the draft Tuesday, she said.
The FCC should define “functional equivalency” so the deaf and hard of hearing “are able to participate equally in the entire conversation” and “they experience the same activity, emotional context, purpose, operation, work, service or role (function) within the call,” a coalition of deaf and hard-of-hearing advocates told the FCC. In the group is Telecommunications for the Deaf and Hard of Hearing, National Association of the Deaf, Association of Late-Deafened Adults, Hearing Loss Association of America, California Coalition of Agencies Serving the Deaf and Hard of Hearing, American Association of the Deaf-Blind, Speech Communication Assistance by Telephone, Communication Service for the Deaf, and Deaf Seniors of America. They laid out a 10-point platform, met with FCC staff and posted their comments in an ex parte notice in docket 10-51. The groups said telecommunications relay service (TRS) vendors “must provide full benefit to all parties on a call, regardless of the complexity and/or cost,” provide an experience that is “at the minimum … equivalent” to the experience of hearing people and use “mainstream products and services” that are “high quality.” TRS vendors also should provide equipment and services that are “accessible and address the diverse needs of” the deaf and hard of hearing, provide interoperable communications, “be motivated to bring products to market that keep up with mainstream technological advancements,” give a “wide selection of choices” for software and hardware, and allow for emergency calls that “fully satisfy the safety and security needs of” users. Customers should get “prompt, comprehensive customer care” and provider should commit “to uphold the integrity of the TRS Fund,” the groups said.
The nation is still largely unprepared to deal with threats to cyber infrastructure, Rep. James Langevin, D-R.I., said Monday at a cybersecurity symposium at the University of Rhode Island. The national cyberworkforce “isn’t large enough to match the scale of these threats,” said Langevin, the ranking member of the House Emerging Threats and Capabilities Subcommittee. About 20,000 to 30,000 federal workers are needed in the field, he said. Cybersecurity legislation needs to move forward, said Sen. Sheldon Whitehouse, D-R.I. “We are ready in the Senate. We hope to do a major bill.” Malicious actors in cyberspace “already caused damage to the U.S. government,” economy and citizens, Whitehouse said. “Intellectual property worth over $1 trillion has already been stolen.” The industry and government must establish basic rules of the road, he added. “We can’t have vulnerabilities be the nation’s dirty, big secret any longer.” The cybersecurity efforts of government and industry are static, said National Security Agency Director Keith Alexander. “We have to do much more,” like give administrators an active role in looking for the threats, he said. He also stressed the need for privacy protections: “Civil liberties and privacy are not at the expense of cybersecurity.” The government also should find a way to share threat signatures with international allies in classified form, he added. The Energy Department is developing a roadmap to secure control systems in the energy sector, said Douglas Maughan, cybersecurity division director at the Homeland Security Department. The process includes developing and integrating protective measures, ensuring that improvements are sustained and assessing the Energy Department’s security posture, because “we can’t tell how sick many of our systems are,” he said. In research, “I've seen no end to technologies being funded and then end up catching dust, never being released into the public,” he said. “We have to change that.”
Recent events in North Africa and with WikiLeaks show how easily access to Internet content and services can be disrupted, and raise the question of whether governments have a duty to preserve the Internet, the Council of Europe said Wednesday. It said an April 18-19 CoE conference on Internet freedom will consider whether there should be a global treaty, rather than principles, to safeguard online free speech. Up for discussion are draft governance principles and recommendations for protecting and promoting Internet universality, integrity and openness. The proposed governance principles call for protection of fundamental human rights and democracy. They recommend that governance arrangements ensure full participation of governments, the private sector, civil society and the technical sector, and that countries refrain from acting in ways that might directly or indirectly harm someone outside their jurisdiction. Internet-related policies should aim toward universal access, and stability and resilience should be key objectives of Internet governance, the draft said. It also urged CoE members to maintain the decentralized nature of day-to-day management of the Internet, its open architecture and network neutrality. The proposal for protecting Internet integrity sets out general principles: (1) Governments should do “no harm” to Internet access and use. (2) They should cooperate in good faith to develop Internet-related public policies to avoid adverse cross-border impacts on access and use. (3) Countries should take steps to prevent and respond to significant transborder Internet disruptions, and jointly develop emergency plans for responding to interferences with Internet infrastructure. (4) CoE members should notify potentially affected countries of significant risks of cross-border disruptions, share information with them, cooperate with each other on responses, and, if appropriate, help affected nations resolve the problems. (5) Governments should craft “reasonable legislative, administrative or other measures,” including suitable monitoring mechanisms, to ensure they meet their commitments to the principles. The draft also recommended that CoE members discuss the possibility of developing international law on responsibility and liability for damage, its assessment and compensation, and settlement of related disputes. The documents must be approved by the Committee of Ministers, the CoE said. Panelists at the forum include representatives from the U.S. State Department, ITU, ICANN, Verizon, AT&T, NATO and the European Broadcasting Union, it said.
Recent events in North Africa and with WikiLeaks show how easily access to Internet content and services can be disrupted, and raise the question of whether governments have a duty to preserve the Internet, the Council of Europe said Wednesday. It said an April 18-19 CoE conference on Internet freedom will consider whether there should be a global treaty, rather than principles, to safeguard online free speech. Up for discussion are draft governance principles and recommendations for protecting and promoting Internet universality, integrity and openness. The proposed governance principles call for protection of fundamental human rights and democracy. They recommend that governance arrangements ensure full participation of governments, the private sector, civil society and the technical sector, and that countries refrain from acting in ways that might directly or indirectly harm someone outside their jurisdiction. Internet-related policies should aim toward universal access, and stability and resilience should be key objectives of Internet governance, the draft said. It also urged CoE members to maintain the decentralized nature of day-to-day management of the Internet, its open architecture and network neutrality. The proposal for protecting Internet integrity sets out general principles: (1) Governments should do “no harm” to Internet access and use. (2) They should cooperate in good faith to develop Internet-related public policies to avoid adverse cross-border impacts on access and use. (3) Countries should take steps to prevent and respond to significant transborder Internet disruptions, and jointly develop emergency plans for responding to interferences with Internet infrastructure. (4) CoE members should notify potentially affected countries of significant risks of cross-border disruptions, share information with them, cooperate with each other on responses, and, if appropriate, help affected nations resolve the problems. (5) Governments should craft “reasonable legislative, administrative or other measures,” including suitable monitoring mechanisms, to ensure they meet their commitments to the principles. The draft also recommended that CoE members discuss the possibility of developing international law on responsibility and liability for damage, its assessment and compensation, and settlement of related disputes. The documents must be approved by the Committee of Ministers, the CoE said. Panelists at the forum include representatives from the U.S. State Department, ITU, ICANN, Verizon, AT&T, NATO and the European Broadcasting Union, it said.
The Pipeline and Hazardous Materials Safety Administration has announced that it is denying a petition filed by the National Association of State Fire Marshals (NASFM) to classify polyurethane foam and certain finished products containing polyurethane foam (e.g. sofas, insulation)1 as hazardous material for purposes of transportation in commerce.