Jimm Phillips

The National Institute of Standards and Technology on Thursday continued its push for public input on the Cybersecurity Framework, convening a workshop at North Carolina State University’s (NCSU) Centennial campus in Raleigh. The workshop -- set to run through Friday -- and a comment period running through Dec. 13 will help the agency revise the framework in advance of the expected release of a final version in February. Although NIST is examining all aspects of the framework, one of the main areas of interest since a preliminary version dropped in late October has been Appendix B, the framework’s privacy and civil liberties section.

Secretary of Homeland Security nominee Jeh Johnson told the Senate Homeland Security Committee Wednesday that he will “vigorously pursue” the Department of Homeland Security’s missions, which include a significant role in cybersecurity. “We need to move the ball forward on cybersecurity,” he said. Johnson, the Department of Defense’s former general counsel, was a main participant in legal discussions regarding the department’s cybersecurity policies (CD Oct 21 p8). Committee Chairman Tom Carper, D-Del., said cybersecurity is a “very important issue” for DHS, but the committee largely ignored it during Thursday’s hearing, with most senators focusing on how Johnson would fix management issues plaguing the department. Ranking member Tom Coburn, R-Okla., and Sen. John McCain, R-Ariz., said during the hearing they expect Johnson will be confirmed, though McCain said he doesn’t currently support Johnson. Committee Democrats at the hearing uniformly supported Johnson’s confirmation.

Rep. George Holding, R-N.C., said there’s a “pretty good likelihood” that the House Judiciary Committee will mark up the Innovation Act (HR-3309) within the next two weeks. “We've worked closely on the staff level with our Senate counterparts on a little pre-conferencing, and I think we'll make some headway on that,” he said Friday at an event hosted by the U.S. Chamber of Commerce’s Global Intellectual Property Center (GIPC). A committee spokeswoman had no comment. Holding was one of the bill’s original cosponsors when committee Chairman Bob Goodlatte, R-Va., introduced the bill in late October (CD Oct 24 p12). Goodlatte has said he has an ambitious timeline for the bill, holding a hearing on the bill less than a week after introducing it (CD Oct 30 p15). Other committee members and some industry stakeholders urged the committee to slow movement of the bill and consider its impact.

The controversial National Security Agency surveillance programs have created a “serious perception issue” for the U.S. as it tries to defend multistakeholder Internet governance on the international stage, State Department officials said during a news conference Wednesday. The NSA surveillance controversy was “the elephant in the room” last month at the International Governance Forum in Bali, Indonesia (CD Oct 28 p9). IGF participants raised “lots of questions” about the surveillance programs, said Scott Busby, deputy assistant secretary of state-democracy, human rights and labor. Part of the U.S. mission at the conference was to listen to international input as the White House reviews those programs, he said.

A Senate Commerce subcommittee hearing on demand letters Thursday was its first foray into this year’s debate over the best legislative ways to curb patent abuse. Until now the House and Senate Judiciary committees have dominated that debate, with the Innovation Act (HR-3309), sponsored by House Judiciary Chairman Bob Goodlatte, R-Va., being seen as the most advanced legislation dealing with the issue thus far. Industry observers anticipate Senate Judiciary Committee Patrick Leahy, D-Vt., will bow a similarly important bill soon (CD Oct 28 p9).

Spectrum sharing is the “new reality” and is the only way U.S. industry and government agencies will be able to meet their long-term spectrum needs, said NTIA Administrator Larry Strickling Tuesday at a joint NTIA-National Institute of Standards and Technology event. Strickling and members of other federal agencies highlighted the importance of developing new technologies to make spectrum sharing as effective as possible. He urged stakeholders not to dismiss spectrum sharing as a “perfectly hopeless notion,” noting that in the 1920s then-Secretary of Commerce Herbert Hoover predicted that wireless telecom would work only as a means for mass communication, not for individual conversation. “Hoover failed miserably at predicting the future of wireless communications and the lesson we should all draw from that is that none of us will ever quite know where technology will take us in the end,” Strickling said.

The Department of Homeland Security inspector general found that a year after the department’s Office of Cybersecurity and Communications (CS&C) reorganized its internal structure, it “still faces challenges in sharing cyber threat information with other federal cyber operations centers.” CS&C, part of DHS’s National Protection and Programs Directorate (NPPD), reorganized in October 2012 to improve the National Cybersecurity and Communications Integration Center’s functionality, the DHS IG said in a report made public Monday. NCCIC has since enhanced partnerships with other federal cyberoperations centers to address specific incidents and increased interagency collaboration, the report said. The NCCIC also collaborated with the FBI and other public and private partners to release Joint Indicator Bulletins related to cyberthreats and conducted drills to improve cyberoperations centers’ capabilities and plans, the report said. But NPPD needs to address tech and workforce deficiencies -- issues NPPD told the IG it is working to improve (http://1.usa.gov/1a3ndpB).

Congress “is going to have to take the lead” on cybersecurity, said former Rep. Cliff Stearns, R-Fla., at an FCBA event Wednesday night. Stearns is now a senior adviser at APCO Worldwide. Although President Barack Obama issued a cybersecurity executive order in February, Stearns said he believes “it has gone nowhere. You need some kind of leadership in the House and Senate to say ’this is the basic standards that we've got to go forward with.’ Absent that, industry is going to have to work within themselves.” Although the House passed the Cyber Intelligence Sharing and Protection Act earlier this year, similar information sharing legislation will be difficult to pass in either the House or Senate following leaks about the controversial National Security Agency surveillance programs, Stearns said.

The White House and the Department of Homeland Security highlighted their efforts to advance efforts to improve cybersecurity Wednesday. The U.S. is “light-years ahead of where we were 18 months ago” in advancing the national conversation on cybersecurity, said White House Cybersecurity Coordinator Michael Daniel at a Bloomberg Government event. The White House has been working with federal agencies since February to implement President Barack Obama’s cybersecurity executive order. As part of that implementation effort, the National Institute of Standards and Technology released a preliminary version of the Cybersecurity Framework last week (CD Oct 23 p1). Daniel lauded the framework Wednesday as a “remarkable example of true public-private partnership.” Agencies’ budgets also show the degree to which the White House is making cybersecurity a big priority, he said, noting that the administration’s cyber efforts are as well protected as its other priorities given the strains of sequestration. The White House is also continuing to encourage Congress to pass information-sharing legislation that would improve the cybersecurity of critical infrastructure, Daniel said. The order will “help bring clarity to the specific kinds of information-sharing that we need,” said Suzanne Spaulding, DHS deputy undersecretary-National Protection and Programs Directorate. DHS is the primary department responsible for implementing the order. DHS is doing “everything we can to help public and private sector make wise risk management decisions,” she said.

The House Homeland Security Committee approved two Department of Homeland Security-centric cybersecurity bills Tuesday, sending them to the full House for consideration. The committee approved the bills -- the Critical Infrastructure Research and Development Advancement Act (HR-2952) and the Homeland Security Cybersecurity Boots-on-the-Ground Act (HR-3107) -- on voice votes with amendments. The bills had received unanimous support from the House Cybersecurity Subcommittee in September (CD Sept 19 p20).