OVERNIGHT TECH: Industry readies for cyber framework

THE LEDE: On Wednesday, the Obama administration will unveil its voluntary cybersecurity framework, aimed at increasing cyber standards for critical infrastructure networks such as telecommunications companies.

As part of an executive order last year, President Obama directed the Commerce Department’s National Institute of Standards and Technology (NIST) to come up with a voluntary framework for the private companies to protect themselves from cyberattacks. NIST released a draft of the framework in October and has been accepting comments on the draft.

ADVERTISEMENT
Released in October, the draft laid out recommendations to help companies identify, protect against, detect, respond to and recover from cyberattacks.

Jeff Greene, senior policy counsel at Symantec, said the framework released Wednesday is expected to largely mirror the draft from October.

“The core of the document is going to largely be the same,” he said.

Greene said he expects that Wednesday’s release will highlight the flexibility with which companies can use the framework.

“Security is going to be different at every organization,” he said. “I think that was always in the document, [but] I think it's going to be a little more obvious up front.” 

The framework is expected to focus less on privacy concerns than the October document, which had a lengthy appendix on privacy and civil liberties issues, Greene said. NIST has “taken an approach to privacy more in line with some of the private sector” input, he said, adding that the agency has conducted a “remarkably open process” to fine-tune the framework and incorporate outside input.

In a statement on Tuesday, the Information Technology Industry Council — which includes Apple, Google, IBM, Intel and Symantec — released a set of four principles it hopes the Department of Homeland Security (DHS) will consider as it develops and implements the voluntary framework.

The DHS should engage with the private sector to make companies aware of the framework as a resource and should work with the private sector as the framework develops, the tech industry group said. Additionally, the group encouraged the DHS to “carefully determine” how it wants to measure the success of the framework — including creating benchmarks that are flexible, realistic and appropriate — and to de-emphasize its current focus on analyzing ways to incentivize private companies’ participation in the framework.

“Given limited fiscal resources and the complexity of incentives, including the necessary involvement of multiple stakeholders including Congress, it is highly unlikely any will be available at, or immediately following, the February 2014 launch” of the framework, the group said.

Senate Dems increase pressure on FCC: A group of Democratic senators is increasing the pressure on the Federal Communications Commission to act in light of a recent federal court decision overturning the agency’s net neutrality rules, which kept Internet providers from blocking or slowing access to certain websites.

The FCC should “quickly adopt enforceable rules to prevent the blocking and discrimination of Internet traffic,” Democratic Sens. Ron Wyden (Ore.), Jeff Merkley (Ore.), Ed Markey (Mass.), Richard Blumenthal (Conn.) and Al Franken (Minn.) said in a letter to FCC Chairman Tom Wheeler that was released Tuesday.

Last week, Markey introduced the Senate version of a bill that would restore the agency’s net neutrality rules until the commission acts. During a speech yesterday, Wheeler said he plans to announce the agency’s next steps “in the coming days.”

Supreme Court sets date for Aereo case: The Supreme Court will hear arguments in a case challenging the tech company Aereo on April 22, it announced on Tuesday. Aereo sells devices that let consumers stream live local broadcast television on their laptops, tablets and other devices, which broadcasters say is a violation of copyright law. A federal appeals court sided with Aereo last year, but the company welcomed the high court review to settle the dispute once and for all.

Justice Samuel Alito has recused himself from the case because his family reportedly owns stock in Disney, the owner of ABC, which is challenging Aereo. 

EU to vote on NSA: A committee of the European Parliament will vote on a set of recommendations to protect the data of European citizens in light of an inquiry into the National Security Agency’s (NSA) surveillance programs on Wednesday. Lawmakers on the civil liberty committee could decide to suspend international agreements on exchanging data or grant new protections for people like former NSA contractor Edward Snowden, who leaked documents that revealed the extent of the U.S. spy agency’s programs.

French President François Hollande, in Washington this week, said in a press conference on Tuesday that he and President Obama had “clarified things” about the spy agency.  

“This was in the past,” he added. “Mutual trust has been restored, and that mutual trust must be based on respect for each other’s country, but also based on the protection of private life, of personal data; the fact that any individual, in spite of technological progress, can be sure that he is not being spied on.”

In a speech last month outlining reforms at the NSA, Obama said that the U.S. would curtail spying against the leaders of friendly countries and grant some new protections to foreign citizens. 

New anti-online gambling push: The Coalition to Stop Internet Gambling — backed by GOP donor and casino magnate Sheldon Adelson — will announce that 39 groups will be joining the coalition’s efforts to stop the legalization of online gambling at the state and federal levels.

According to the group, the 39 organizations joining the effort “represent a broad-based coalition that has come together to confront the many and varied threats posed by legalized Internet gambling”

Verizon blames businesses for low data security: A majority of businesses are not maintaining constant compliance with a set of industry data security standards, according to a new report from Verizon.

That failure to keep protections in line with standards set by the Payment Card Industry (PCI) Security Council — not the strength of the standards themselves — is helping to contribute to an increasing trend of data breaches at retailers, financial institutions and other businesses, the report found.

In 2012, global credit card fraud added up to more than $11 billion.

“We continue to see many organizations viewing PCI compliance as a single annual event, unaware that compliance needs to have a 365 day-a-year focus,” said Rodolphe Simonetti, a managing director at the company, in a statement.

Dropbox releases transparency report: The online storage company Dropbox received fewer than 250 government requests to access account information for national security reasons, it disclosed in a transparency report released on Tuesday. But it wants to get more specific. 

As result of a recent agreement with the Justice Department, communications companies are allowed to report the number of data requests they have received in block chunks of either 250 or 1,000, depending on how they report the information. Some firms have protested the restrictions and pledged to fight to be able to release additional information. Dropbox shared those criticisms and said it wanted to be able to report “the exact number” of national security requests it gets.

Tech exports total $204 billion, study finds: Exports from American tech companies added up to $204 billion in 2012, according to a study from the TechAmerica Foundation. That represents a slight increase of 1.3 percent from the previous year. Imports added up to $355 billion in 2012, a 3.2 percent increase from the year before.

 

ON TAP

The Office of the United States Trade Representative will release its Notorious Market report on Wednesday. The annual report includes sections on other countries’ efforts to combat intellectual property theft.

All five members of the Privacy and Civil Liberties Oversight Board will testify before the Senate Judiciary Committee at 10:00 a.m.

Sen. Sheldon Whitehouse (D-R.I.) will deliver remarks on cybersecurity at the Center for National Policy.

 

IN CASE YOU MISSED IT

An Internet-based protest against the National Security Agency came to Capitol Hill on Tuesday.

The Federal Trade Commission announced that it has settled with a children’s online gaming company that falsely claimed to be a certified participant in an online privacy agreement between the U.S. and EU.

Government regulations and a scarcity of bandwidth are two of the biggest problems that small businesses run into when trying to take advantage of new technology, executives and analysts told House lawmakers.

Sen. Charles Schumer (D-N.Y.) applauded the Obama administration’s recent commitments to update and expand a federal program aimed at connecting students to the Internet.

The Senate won’t be following the House’s lead this year to overhaul the sweeping law regulating TV, radio and other communications services, Sen. Mark Pryor (R-Ark.) said.

The House Transportation and Infrastructure Committee approved a bill that would ban cellphone calls during flights.

Google is pushing Congress to adopt multiple reforms to government surveillance.

Future data breaches at major retailers like Target are inevitable, according to a top Democratic senator.

A bill in Maryland’s state legislature would cut off state services like water and power at the National Security Agency’s headquarters.

Former National Security Agency chief Michael Hayden on Monday downplayed the possibility that the Obama administration might offer a plea bargain to Edward Snowden. 

 

Please send tips and comments to Kate Tummarello, katet@thehill.com, and Julian Hattem, jhattem@thehill.com

Follow Hillicon Valley on Twitter: @HilliconValley, @ktummarello, @jmhattem 

More in Overnight Technology

OVERNIGHT TECH: Obama signs cyber bills

Read more »