Public-private partnerships are important to improving cybersecurity within the global information and communications technology (ICT) supply chain, said Joe Jarzombek, director-software assurance in the Department of Homeland Security’s (DHS) Office of Cybersecurity & Communications. Such partnerships, including DHS’s Software Assurance program, are critical when “you realize that those running our critical infrastructure have the same needs we have,” he said Thursday at a Brookings Institution event. The federal government has a responsibility to help critical infrastructure operators and owners address ICT vulnerabilities, but there needs to be “public will” to make it happen, Jarzombek said. DHS is working with the National Institute of Standards and Technology to foster an industry-led effort to develop the Cybersecurity Framework, a voluntary set of cybersecurity standards and best practices to protect critical infrastructure, as laid out in President Barack Obama’s February cybersecurity order (WID Feb 14 p1).
Public-private partnerships are important to improving cybersecurity within the global information and communications technology (ICT) supply chain, said Joe Jarzombek, director-software assurance in the Department of Homeland Security’s (DHS) Office of Cybersecurity & Communications. Such partnerships, including DHS’s Software Assurance program, are critical when “you realize that those running our critical infrastructure have the same needs we have,” he said Thursday at a Brookings Institution event. The federal government has a responsibility to help critical infrastructure operators and owners address ICT vulnerabilities, but there needs to be “public will” to make it happen, Jarzombek said. DHS is working with the National Institute of Standards and Technology to foster an industry-led effort to develop the Cybersecurity Framework, a voluntary set of cybersecurity standards and best practices to protect critical infrastructure, as laid out in President Barack Obama’s February cybersecurity order (CD Feb 14 p1).
The Application Privacy, Protection, and Security (APPS) Act would address “key transparency issues surrounding mobile app use,” said Hogan Lovells attorney Mark Brennan, who argues broadband deployment and mobile privacy issues before the FCC, FTC and other federal agencies. A draft version of the bill, which Rep. Hank Johnson, D-Ga., began circulating in January, would introduce new data privacy protections for app users, including requiring app developers to get users’ permission before obtaining personal data, Brennan said Tuesday during a Federal Communications Bar Association event.
The Application Privacy, Protection, and Security (APPS) Act would address “key transparency issues surrounding mobile app use,” said Hogan Lovells attorney Mark Brennan, who argues broadband deployment and mobile privacy issues before the FCC, FTC and other federal agencies. A draft version of the bill, which Rep. Hank Johnson, D-Ga., began circulating in January, would introduce new data privacy protections for app users, including requiring app developers to get users’ permission before obtaining personal data, Brennan said Tuesday during an FCBA event.
The FCC did not act within its discretion when it determined InterCall’s services were “telecommunications” service and required the company to pay into the USF, Arent Fox attorney Ross Buntrock argued for The Conference Group. The agency also did not act properly in issuing the order through adjudication, rather than through the notice-and-comment rulemaking procedures it must follow under the Administrative Procedure Act, Buntrock said.
Critics of Progeny’s proposed rollout of its E-911 location service told FCC Chairman Julius Genachowski that the agency should carefully consider the impact the service would have on fellow users of the 900 MHz Multilateration Location and Monitoring Service band before greenlighting it. The members of the Part 15 Coalition, a group of unlicensed Part 15 device users which occupy the 902-928 MHz band, said they're concerned the FCC was moving too quickly toward a decision on the Progeny 911 location service, which they said has the potential to cause “unacceptable levels” of interference. Coalition members and Progeny officials each said told us Friday that the other side was attempting to draw attention away from the technical record. The service would help locate wireless callers to 911.
Patent assertion entity (PAE) abuses should be countered by reforms to the patent system, rather than by going after the entire PAE business model, said Greg Sivinski, a senior attorney in Microsoft’s antitrust division, during an American Bar Association event Wednesday. The PAE business model does have “corresponding value in creating a liquid market for intellectual properties,” he said. “A lot of those PAEs are heavily staffed with really good engineers who can evaluate the true worth of these [patents] and actually create a market for them, which allows a lot of smaller innovators to take their patents and monetize them.” The problem with the PAE system is that because PAEs do not produce a product from the patents they own, they are not subject to a counterclaim, he said.
Patent assertion entity (PAE) abuses should be countered by reforms to the patent system, rather than by going after the entire PAE business model, said Greg Sivinski, a senior attorney in Microsoft’s antitrust division, during an American Bar Association event Wednesday.
The FTC and Department of Justice should encourage courts to “deter some of the [patent assertion entities'] worst practices,” Verizon Communications and USTelecom said in joint comments posted online Monday. The FTC and Justice had collected public comments through Friday in connection with a workshop they held in December to get industry input on the effects of PAEs and how the agencies could minimize the harms PAEs could cause.
The framework will need to take into account how government and industry typically view critical infrastructure cybersecurity, Microsoft said. The government “tends to look at critical infrastructure as a monolithic collection of systems and services,” while industry “looks at core elements within its direct control or its contractual obligations to deliver services,” Microsoft said. If the government focuses too much on high-impact -- but low probability -- threat scenarios, the framework could include “requirements and compliance obligations that may not necessarily improve cybersecurity for critical infrastructure or private sector enterprises,” Microsoft said. The framework should be based on six foundational principles, Microsoft said -- risk-based, outcome-focused, prioritized, practicable, “respectful of privacy and civil liberties” and globally relevant. It should also include a cohesive risk assessment and risk management structure, Microsoft said.