RecordOfSuccess Grows with DOTCOM Approval (House Commerce Committee)
Wednesday, June 24, 2015
RecordOfSuccess Grows with DOTCOM Approval (House Commerce Committee)
Tuesday, June 16, 2015
Monday, June 08, 2015
Thursday, June 04, 2015
Secure and Trustworthy Cyberspace (SaTC)
Synopsis of Program:
Cyberspace has transformed the daily lives of people for the better. The rush to adopt cyberspace, however, has exposed its fragility and vulnerabilities: corporations, agencies, national infrastructure and individuals have been victims of cyber-attacks. In December 2011, the National Science and Technology Council (NSTC) with the cooperation of NSF issued a broad, coordinated Federal strategic plan for cybersecurity research and development to "change the game," minimize the misuses of cyber technology, bolster education and training in cybersecurity, establish a science of cybersecurity, and transition promising cybersecurity research into practice. This challenge requires a dedicated approach to research, development, and education that leverages the disciplines of mathematics and statistics, the social sciences, and engineering together with the computing, communications and information sciences.
The Secure and Trustworthy Cyberspace (SaTC) program welcomes proposals that address cybersecurity from:
- a Trustworthy Computing Systems (TWC) perspective and/or a Social, Behavioral and Economic Sciences (SBE) perspective;
- the Secure, Trustworthy, Assured and Resilient Semiconductors and Systems (STARSS) perspective; or
- the Transition to Practice (TTP) perspective.
In addition, we welcome proposals that integrate research addressing all of these perspectives (see the Program Description below). Proposals may be submitted in one of the following three project classes (plus Cybersecurity Education; see below):
- Small projects: up to $500,000 in total budget, with durations of up to three years;
- Medium projects: $500,001 to $1,200,000 in total budget, with durations of up to four years; or
- Large projects: $1,200,001 to $3,000,000 in total budget, with durations of up to five years.
For Small hardware security proposals, the Secure, Trustworthy, Assured and Resilient Semiconductors and Systems (STARSS) perspective is focused specifically on hardware research innovation that addresses SaTC goals, and includes the opportunity to collaborate closely with industry. STARSS proposals may not include the TWC, SBE, or TTP perspectives. The STARSS perspective may not be used for Medium or Large proposals.
The Transition to Practice (TTP) perspective is focused exclusively on transitioning existing research to practice. TTP proposals may not include the TWC, SBE, or STARSS perspective. The TTP perspective may be used for Small and Medium proposals, but may not be used for Large proposals.
In addition, the SaTC program seeks proposals focusing entirely on Cybersecurity Education with total budgets limited to $300,000 and durations of up to two years. These cybersecurity education projects may not include any of the perspectives named above.
Wednesday, June 03, 2015
Request for Comment on Stakeholder Engagement on Cybersecurity in the Digital Ecosystem
May 28, 2015
NIST IR 8062
DRAFT Privacy Risk Management for Federal Information Systems
NIST requests comments on the draft report NISTIR 8062, Privacy Risk Management for Federal Information Systems, which describes a privacy risk management framework for federal information systems. The framework provides the basis for establishing a common vocabulary to facilitate better understanding of - and communication about - privacy risks and the effective implementation of privacy principles in federal information systems.
Please send comments to email@example.com by July 13, 2015 at 5:00pm EDT using the comment matrix provided (link provided below).
Expanding opportunities in cloud computing, big data, and cyber-physical systems are bringing dramatic changes to how we use information technology. While these technologies bring advancements to U.S. national and economic security and our quality of life, they also pose risks to individuals' privacy.
Privacy Risk Management for Federal Information Systems (NISTIR 8062) introduces a privacy risk management framework for anticipating and addressing risks to individuals' privacy. In particular, it focuses on three privacy engineering objectives and a privacy risk model. To develop this document, NIST conducted significant public outreach and research. We are soliciting public comments on this draft to obtain further input on the proposed privacy risk management framework, and we expect to publish a final report based on this additional feedback.
Note to Reviewers:
To facilitate public review, we have compiled a number of topics of interest to which we would like reviewers to respond. Please keep in mind that it is not necessary to respond to all topics listed below, Reviewers should also feel free to suggest other areas of revision or enhancement to the document.
• Privacy Risk Management Framework: Does the framework provide a process that will help organizations make more informed system development decisions with respect to privacy? Does the framework seem likely to help bridge the communication gap between technical and non-technical personnel? Are there any gaps in the framework?
• Privacy Engineering Objectives: Do these objectives seem likely to assist system designers and engineers in building information systems that are capable of supporting agencies' privacy goals and requirements? Are there properties or capabilities that systems should have that these objectives do not cover?
• Privacy Risk Model:
o Does the equation seem likely to be effective in helping agencies to distinguish between cybersecurity and privacy risks?
o Can data actions be evaluated as the document proposes? Is the approach of identifying and assessing problematic data actions usable and actionable?
o Should context be a key input to the privacy risk model? If not, why not? If so, does this model incorporate context appropriately? Would more guidance on the consideration of context be helpful?
o The NISTIR describes the difficulty of assessing the impact of problematic data actions on individuals alone, and incorporates organizational impact into the risk assessment. Is this appropriate or should impact be assessed for individuals alone? If so, what would be the factors in such an assessment
Comment Matrix Form for Draft NISTIR 8062
Thursday, April 30, 2015
NSFNET gave us the early commercial topology of the Internet, with Tier 1 backbones, Tier 2 regional networks, and Tier 3 local networks. NSFNET gave us our first dedicated backbone and the first mbps backbone. It also gave us the crucial Network Access Points, known today as Internet eXchange Points. The contractors that bid for the opportunity to build and operate NSF's network learned from their experience and launched into the information economy as the leading commercial Internet networks. A government investment of millions of dollars had a Return on Investment of an entire new economy.
In 1995, MERIT published the NSFNET Final Report, in which it was stated:
"Infrastructures, for purposes such as transportation and communication, have long been vital to national welfare. They knit together a country's economy by facilitating the movement of people, products, services, and ideas, and play important roles in national security." p. 4.The report concluded:
"Since the earliest days of the telegraph and the telephone, history tells us that the arrival of each new communications medium has been accompanied by grandiose claims of its potential benefits to society. In order to take advantage of the exciting opportunities afforded by today's technology, it is imperative that policy makers examine the development of the NSFNET and the Internet. We are still far away from a truly open, interoperable, and ubiquitous global information infrastructure accessible to all, "from everyone in every place to everyone in every other place, a system as universal and as extensive as the highway system of the country which extends from every man's door to every other man's door," in the words of Theodore Vail, president of AT&T in 1907. However, the Internet has brought us a giant step closer to realizing the promise of high-speed networking, one of the most revolutionary communications technologies ever created. As part of this phenomenon, the NSFNET backbone service provided a model for future partnerships as well as a legacy of technology for the world." p. 43.
Sunday, April 26, 2015
FCC Chairman Tom Wheeler issued the following statement today after Comcast announced its decision to abandon its $45 billion dollar bid to acquire Time Warner Cable. Comcast's announcement comes after the Federal Communications Commission staff informed the companies of their serious concerns that the merger risks outweighed the benefits to the public interest.
"Comcast and Time Warner Cable’s decision to end Comcast’s proposed acquisition of Time Warner Cable is in the best interests of consumers. The proposed transaction would have created a company with the most broadband and video subscribers in the nation alongside the ownership of significant programming interests.
"Today, an online video market is emerging that offers new business models and greater consumer choice. The proposed merger would have posed an unacceptable risk to competition and innovation especially given the growing importance of high-speed broadband to online video and innovative new services.
I am proud of our close working relationship throughout the review process with the Antitrust Division of the Department of Justice. Our collaboration provided both agencies with a deeper understanding of the important issues of innovation and competition that the proposed transaction raised.”