A May report from the Office of Management and Budget and the Department of Homeland Security suggests federal chief information officers are “not empowered” to oversee cybersecurity risk management, Venable Cybersecurity Risk Management Group Managing Director-Cybersecurity Services Ari Schwartz told House Homeland Security Committee lawmakers Wednesday. Cybersecurity and Infrastructure Protection Subcommittee Chairman John Ratcliffe, R-Texas, noted the report shows 74 percent of federal agencies “have cybersecurity programs that are either at risk or high risk.” There's "an evident lack of strategy in mitigating risk across federal agencies,” he said during a subcommittee hearing. Symantec Global Government Affairs Senior Strategist Ken Durbin described the report as “a clear-eyed and unbiased look at the current state of our cybersecurity preparedness.” Carnegie Mellon University Software Engineering Institute CERT Technical Director-Cybersecurity Risk and Resilience Summer Fowler recommended the U.S. “advance our cybersecurity risk management practices with a focus on operational resilience,” based on the report. Lawmakers discussed emergency response technology in a separate hearing before the Emergency Preparedness, Response and Communications Subcommittee. Chairman Dan Donovan, R-N.Y., said “American ingenuity should be nurtured” to ensure communities are ready for the next threat. National Institute of Standards and Technology Public Safety Communications Division Chief Dereck Orr listed emerging technologies the federal government is developing for emergency response, including: deployable drones with autonomous flight controls; various LTE broadband device capabilities; location-based services for assets and personnel; and public safety analytics tools that will allow public use of large amounts of data. Federal Emergency Management Agency Deputy Administrator-Resilience Daniel Kaniewski discussed how FEMA “leveraged crowdsourcing data from digital volunteer networks to enhance situational awareness during the 2017 disasters.” DHS Science and Technology Directorate Director-First Responders Group Daniel Cotter said his office is “adding value at the intersection” of Smart Cities and the IoT. That includes development of unmanned aerial systems, detection sensors and SmartHubs for responder-focused mobile communication, he said.
Karl Herchenroeder
Karl Herchenroeder, Associate Editor, is a technology policy journalist for publications including Communications Daily. Born in Rockville, Maryland, he joined the Warren Communications News staff in 2018. He began his journalism career in 2012 at the Aspen Times in Aspen, Colorado, where he covered city government. After that, he covered the nuclear industry for ExchangeMonitor in Washington. You can follow Herchenroeder on Twitter: @karlherk
Sens. Ted Cruz and John Cornyn, Republicans from Texas, told us they’re working to amend music copyright legislation after concerns raised by Blackstone Group (see 1807240054). Two prominent songwriter groups accused the private equity firm and its music licensing entities of a greedy political play that could sink rare consensus music copyright change.
Opponents of the Supreme Court’s Wayfair decision (see 1807200042 and 1807020035) sought to put a moratorium on states collecting online sales taxes from vendors without physical presence. Proponents told lawmakers to leave states alone, as the high court’s reversal is allowing responsible tax collection.
Issues raised by Texas Republican Sens. Ted Cruz and John Cornyn and backed by performing rights organization SESAC could jeopardize Senate passage of the Music Modernization Act, said observers Tuesday. Cruz and Cornyn during markup (see 1806280062) voiced concern about the bill’s mechanical licensing collective (MLC), which would establish a royalty payment database overseen by the Copyright Office, precluding private entities from competing. Two experts said SESAC is concerned the new framework could put its Harry Fox Agency, which collects and distributes money to music rights holders, out of business. BMI said in a statement Tuesday it’s disappointed “last minute asks” could threaten the legislation: “We hope that the parties currently in disagreement can work together to resolve their issues, allowing this important piece of legislation to move forward.” SESAC is “committed to working towards a version of the Music Modernization Act that retains all of the benefits for writers, publishers and [demand-side platforms] and which will move music licensing into the 21st Century while supporting a competitive market in music rights administration,” a spokesperson said.
The intelligence community provides classified information to social media companies to help counter malicious foreign actors on platforms, said Department of Homeland Security National Protection and Programs Directorate Undersecretary Christopher Krebs Friday. Krebs didn’t specify what information is provided at the Washington Post-Hewlett Packard event on Russian interference. Representatives from Facebook, Twitter and YouTube confirmed to the House Judiciary Committee last week that each of the platforms removed Russian-linked accounts and content related to election interference (see 1807170043).
FTC Consumer Protection Bureau Director Andrew Smith worked with 54 clients that could trigger his recusal, including Equifax, PayPal and Uber, according to agency records we obtained through a Freedom of Information Act request. The clients paid Smith $5,000 or more in a given year dating back two years from his May 21 appointment. By signing President Donald Trump’s ethics pledge, Smith for two years after his appointment can't participate “in any particular matter involving specific parties that is directly and substantially related to [a] former employer or former clients, including regulations and contracts.”
The U.S. needs data security legislation, which could strengthen FTC civil penalty authority and deter repeat offenders, Chairman Joe Simons and Commissioner Rohit Chopra told the House Digital Commerce Subcommittee Wednesday (see 1807160051). During the new commission’s first official appearance on Capitol Hill, House Commerce Committee ranking member Frank Pallone, D-N.J., said that despite Uber’s infractions in two data breaches, the FTC couldn't levy civil penalties (see 1804120056).
Social media platforms continue to struggle with distinguishing legitimate posts from harmful content, resulting in bias against conservatives, House Judiciary Committee Republicans told witnesses from Facebook, Twitter and YouTube Tuesday (see 1807130061). Democrats dismissed that as false and criticized the majority for not addressing President Donald Trump’s denial of Russian interference online in the 2016 election.
Expect the House Digital Commerce Subcommittee's Wednesday hearing to focus on whether the FTC has proper authority to protect consumers’ digital privacy (see 1807110060), members told us. “I want to see more authority given to the Federal Trade Commission,” said ranking member Jan Schakowsky, D-Ill. “Unfortunately, they don’t have the authorities that are needed in order to provide the kind of data security that we need. I think it’s the appropriate agency to do it, but presently they don’t have the capacity.”
Given the patchwork of state and international privacy laws developing with the EU general data protection regulation and California’s new measure (see 1806290043), Senate Republicans told us they are open to legislating. And that chamber's Democrats seek such a regime.