Saturday, August 22, 2015

:: NIST Hosts 2015 Cybersecurity Innovation Forum, Sept. 9-11 in D.C.

NIST Hosts 2015 Cybersecurity Innovation Forum, Sept. 9-11 in D.C.

From NIST Tech Beat: August 17, 2015


Contact: Evelyn Brown 
301-975-5661
"The National Institute of Standards and Technology (NIST) will host the 2015 Cybersecurity Innovation Forum on Sept. 9 to 11, 2015, at the Walter E. Washington Convention Center in Washington, D.C.
hacker
Credit: © ra2 studio/Fotolia.com
"At this annual meeting, government, industry and university representatives come together to focus on current, emerging and future challenges in areas such as trusted computing, security automation and information sharing. Leading cybersecurity researchers and executives from the cybersecurity industry will participate in the event.
"The forum’s four tracks—security automation, trusted computing, information sharing and cybersecurity research—will be interspersed with general sessions. Session topics include federal research and privacy, risk management and liability. The event will conclude with a review of the challenges and gaps discussed during the forum and next steps in collaborative efforts to resolve them.
"Presentations will cover Windows 10 security, cryptography, derived PIV credentials proof of concept, public safety cybersecurity, security and the Internet of Things, the NIST Privacy Risk Management Framework and augmenting Federal Information Security Management Act (FISMA) practices with the Cybersecurity Framework.
"The forum also will feature demonstrations and an industry expo on Sept. 9 and 10.
"The agenda is available online. Register for the 2015 Cybersecurity Innovation Forum at: https://www.fbcinc.com/e/cif/attendeereg.aspx.

:: NTIA / IANA Contract One Year Extension

August 17, 2015 by Assistant Secretary for Communications and Information and NTIA Administrator Lawrence E. Strickling
Assistant Secretary for Communications and Information and NTIA Administrator Lawrence E. Strickling
"The Internet’s global multistakeholder community has made tremendous progress in its work to develop a proposal to transition the historic stewardship role NTIA has played related to Internet’s domain name system (DNS).
"When we announced our intent in March 2014 to complete the privatization of the DNS, we noted that the base period of our contract with ICANN to perform technical functions related to the DNS, known as the IANA functions, expired on September 30, 2015. However, it has become increasingly apparent over the last few months that the community needs time to complete its work, have the plan reviewed by the U.S. Government and then implement it if it is approved.
"Accordingly, in May we asked the groups developing the transition documents how long it would take to finish and implement their proposals.  After factoring in time for public comment, U.S. Government evaluation and implementation of the proposals, the community estimated it could take until at least September 2016 to complete this process. In response to their feedback, we informed Congress on Friday that we plan to extend our IANA contract with ICANN for one year to September 30, 2016. Beyond 2016, we have options to extend the contract for up to three additional years if needed.
"This one-year extension will provide the community with the time it needs to finish its work. The groups are already far along in planning the IANA transition and are currently taking comments on their IANA transition proposals. As we indicated in a recent Federal Register notice, we encourage all interested stakeholders to engage and weigh in on the proposals.
"In preparation for the implementation phase of the IANA stewardship transition, NTIA also asked Verisign and ICANN to submit a proposal detailing how best to remove NTIA’s administrative role associated with root zone management, which the groups working on the transition were not asked to address. We asked Verisign and ICANN to submit a proposal detailing how best to do this in a manner that maintains the security, stability and resiliency of the DNS. Under the current root zone management system, Verisign edits and distributes the root zone file after it has received authorization to do so from NTIA. Verisign and ICANN have developed a proposal that outlines a technical plan and testing regime for phasing out the largely clerical role NTIA currently plays in this process. The testing will occur in a parallel environment that will not disrupt the current operation of the root zone management system.
"These developments will help ensure that the IANA transition will be done in a manner that preserves the security and stability of the DNS.

:: FTC Start with Security Conference San Francisco

FTC Start with Security Conference San Francisco

UNIVERSITY OF CALIFORNIA HASTINGS COLLEGE OF THE LAWAlumni Reception Center, 200 McAllister St., San Francisco, CA 94102 | Directions & Nearby

EVENT DESCRIPTION

"The FTC's first “Start With Security” conference is scheduled for September 9, 2015, in San Francisco, and is co-sponsored by the University of California Hastings College of the Law. It is part of a business education initiative designed to provide companies with practical resources to help them implement effective data security strategies.
"Aimed at start-ups and developers, this event will bring together experts to provide information on security by design, common security vulnerabilities, strategies for secure development, and vulnerability response. "Start with Security" will run from 10:00 AM to 4:00 PM. The event is free and open to the public. No pre-registration is necessary. Lunch is provided. This event will be webcast. Check this page on the day of the event for details.
"The conference series is part of the agency’s longstanding efforts to provide businesses with guidance about how to put effective security in place.

♪ Whether Smart City engaged in prohibited Wi-Fi blocking

In re Smart City Holdings, Dkt. EB-SED-15-00018248, Order (Aug. 18, 2015)

"The Enforcement Bureau (Bureau) of the Federal Communications Commission has entered into a Consent Decree to resolve its investigation into whether Smart City Holdings, LLC, and its wholly-owned subsidiaries, Smart City Networks, LP, and Smart City Solutions LLC (collectively, Smart City) engaged in prohibited Wi-Fi blocking by interfering with and disabling Wi-Fi networks established by consumers at several conference facilities where Smart City operates or manages the facility’s Wi-Fi network. To settle this matter, Smart City (i) admits that it prevented certain Wi-Fi users at these locations from establishing or maintaining a Wi-Fi network independent of Smart City’s network, (ii) will implement a compliance plan under which it commits to not engage in Wi-Fi blocking, and (iii) agrees to pay a $750,000 civil penalty."

"On June 24, 2014, the Commission received an informal complaint from a company that provides equipment that enabled users to establish hotspots, marketing its use as an alternative to paying forWi-Fi service that may otherwise be available to consumers at a venue. The complaint charged that its customers could not connect to the Internet using the complainant’s equipment at several venues where Smart City operates or manages the Wi-Fi access.2 In response to the Bureau’s investigation, Smart City provided information revealing that it automatically blocked certain Wi-Fi users at several venues where it managed or operated the Wi-Fi access to prevent such these users from establishing or maintaining a Wi-Fi network independent of Smart City’s network. No evidence exists that the Wi-Fi blocking occurred in response to a specifically identified threat to the security of the Smart City network or the network’s users."

"After reviewing the terms of the Consent Decree and evaluating the facts before us, we find that the public interest would be served by adopting the Consent Decree and terminating the referenced investigation regarding Smart City’s compliance with Section 333 of the Communications Act of 1934, as amended (Act)."

SMART CITY HOLDINGS, LLC, AND ITS WHOLLY-OWNED SUBSIDIARIES, SMART CITY NETWORKS, LP, AND SMART CITY SOLUTIONS LLC. Adopted a Consent Decree and terminated the investigation. Action by: Chief, Enforcement Bureau. Adopted: 08/17/2015 by Order/Consent Decree. (DA No. 15-917). EB   DA-15-917A1.docx  DA-15-917A1.pdf  

IGF-USA 2015 - Keynote Conversation with Vint Cerf and Steve Crocker (Video)

Monday, August 17, 2015

RFC NTIA :: Transitioning NTIA’s IANA Stewardship Role

Date: 
August 11, 2015
This notice announces the dates of a comment period during which the public is invited to provide input on two interrelated multistakeholder community proposals. Together, the proposals set forth a plan for transitioning NTIA’s stewardship role over the Internet Assigned Numbers Authority (IANA) functions. The purpose of this notice is to encourage interested parties to comment on the two connected proposals—the IANA Stewardship Transition Plan and the Enhancements to Internet Corporation for Assigned Names and Numbers (ICANN) Accountability Related to the IANA Stewardship Transition. NTIA will utilize the input provided in making its determination of whether the proposals have received broad community support and whether the plan satisfies the criteria required to transition its stewardship role.
Comments on the IANA Stewardship Transition Plan are due on or before September 8, 2015; comments on the Enhancements to ICANN Accountability are due on or before September 12, 2015. Written comments on the IANA Stewardship Transition Proposal should be submitted at https://www.ianacg.org/calls-for-input/combined-proposal-public-comment-period/. Written comments on the proposed Enhancements to ICANN’s Accountability should be submitted athttps://www.icann.org/public-comments/ccwg-accountability-2015-08-03-en.

IGF-USA 2015 Breakout - Global Solutions for an Ethical Internet of Things (Video)

Thursday, August 13, 2015

RFC :: Interagency Report Advocates Support for International Cybersecurity Standardization

"NIST seeks public comments on Draft NIST Interagency Report (NISTIR) 8074, which comprises two volumes, "Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity" (Vol. 1) and "Supplemental Information" (Vol. 2).

"Please send comments to nistir8074@nist.gov (Subject: “Comments on Draft NISTIR 8074”). The public comment period closes September 24, 2015. Those responding are encouraged to use the Comments Templates provided below.
Volume 1: Report
Comment Template for Volume 1
Volume 2: Supplemental Information for the Report
Comment Template for Volume 2


Interagency Report Advocates Support for International Cybersecurity Standardization From NIST Tech Beat: August 11, 2015

"A new draft report by an interagency working group lays out objectives and recommendations for enhancing the U.S. government's coordination and participation in the development and use of international standards for cybersecurity. The report recommends the government make greater effort to coordinate the participation of its employees in international cybersecurity standards development to promote the cybersecurity and resiliency of U.S. information and communications systems and supporting infrastructures. These efforts should include increased training, collaborating with private industry and working to minimize risks to privacy.
shutterstock_2156795_Norebbo_LR
Credit: Norebbo/Shutterstock
"The Cybersecurity Enhancement Act of 2014 directed the National Institute of Standards and Technology (NIST) to work with relevant federal agencies to ensure interagency coordination in "the development of international technical standards related to information system security" and to "ensure consultation with appropriate private sector stakeholders." It also called for NIST to within one year submit a plan to Congress for ensuring that coordination. The International Cybersecurity Standards Working Group, led by the Department of Commerce and NIST, was set up by the National Security Council's Cyber Interagency Policy Committee to draft this report, which will also serve as the basis of the required report to Congress. Public comments on the draft report are due by September 24, 2015.
The draft report outlines four U.S. government strategic objectives for the development and use of international standards for cybersecurity:
  • Enhancing national and economic security and public safety
  • Ensuring standards and assessment tools for the U.S. government are technically sound
  • Facilitating international trade
  • Promoting innovation and competitiveness
The draft report then lays out eight recommendations for how the federal government can achieve those objectives, including by ensuring coordination across the government and collaboration with the private sector and internationally, and promoting federal agency participation in international standards development and federal use of international standards and assessment schemes.
The U.S. standards system differs significantly from the government-driven, centrally coordinated systems common in many other countries. Under the U.S. system, hundreds of standards development organizations (SDOs) provide the infrastructure for the preparation of standards documents. While these organizations are overwhelmingly private sector, government personnel participate in standards development activities along with representatives from industry, academia, and other organizations and consumers.
A supplement to the draft report provides a summary of ongoing activities in critical international cybersecurity standardization and an inventory of U.S. government and private-sector engagement. It also provides guidance for agencies to plan and coordinate more effective participation in these activities.
The working group's draft report supports the 2010 United States Standards Strategy, which was developed through a public-private partnership and outlines the contribution of private-sector led standards development to overall competition and innovation in the U.S. economy and the imperative of public and private-sector participation and collaboration.
The full Report on Strategic U.S. Government Engagement in International Standardization to Achieve U.S. Objectives for Cybersecurity [NISTIR 8074 Volume 1 (Draft)] and supplement [NISTIR 8074 Volume 2 (Draft)] can be found on the NIST website.

Wednesday, August 12, 2015

The First Federal Radio Frequency Monitoring Station - and the Packard Radio Test Car

This is from a display in the lobby of the FCC.

Grand Island, Nebraska Monitoring Station
The First Frequency Monitoring Station
"Under the Radios Act of 1910 and 1912, the Department of Commerce received the authority to monitor and inspect shipboard radio equipment, license radio operators for that equipment and prevent interference between stations. Prior to 1930, there were few radio services. The primary users of the available frequencies were ships, coastal stations, point-to-point telegraph, AM broadcasting, and radio amateurs with the radio amateurs far outnumbering the other radio operations. The budding AM broadcasting segment of radio operations began to grow phenomenally after he start of KDKA in a basement in Pittsburgh, Pennsylvania in 1921. Licensed and unlicensed broadcast stations were in service, causing a need for a frequency monitoring facility.
Grand Island, Nebraska Monitoring Station v2"The Radio Division in the Department of Commerce in Chicago, Illinois used Packard radio-test cars and other equipment to determine the best location for a Cemtra; Frequency Monitoring Station. After an extensive search, the flat prairie region of central Nebraska, specifically, an area six miles west of Grand Island, Nebraska was selected because of its superb reception conditions, central geographic location, and freedom from nearby transmitting stations.
"The original track of land for the monitoring station was comprised of 50 acres, which was purchased in April 1929 for the sum of $1, from the estate of Fred Matthiesen, Jr. The 47th Legislature of Nebraska passed a bill in 1931 that allowed school land to be purchased by the Department of Commerce for the development of a radio monitoring station.
"The Packard radio test car replica in this exhibit or one like it would have been used to determine the location of the First Central Frequency Monitoring Station.
Packard Radio Test Car
Historical Note

Packard Radio Test Car v2
"At the Sesquicentennial Exposition honoring 150 years of the signing of the Declaration of Independence, which was held in Philadelphia in July of 1926, displays on the growth and greatness of our country were emphasized. The Radio Division, Department of Commerce had a varied exhibit of radio equipment which included a model of the latest Packard Radio Test Car. The task of building the model was quite an undertaking in both time and money. The finished model cost more than one of the original Packards. Every single part, both inside and out was hand made. The model Packard Radio Test Car was housed in the museum portion of the Grand Island Monitoring Station until 1994 when it was sent to FCC headquarters to be warehoused."


NB: This is (assumed to be) federal content and is in the public domain. The photographs are mine and are available under a creative commons license.

Wednesday, August 05, 2015

RFC IANA Function

NTIA Post by Larry Strickling

"Nearly 17 months ago, NTIA kicked off activities to complete the privatization of the Internet Domain Name System (DNS) as promised in 1998 by transitioning our stewardship role over  certain technical functions related to the DNS.

We have reached an important milestone in that process as the two working groups tasked with developing proposals related to the transition have released them for final comment.

These technical functions, known as the IANA functions, play an important but limited role in how the DNS and Internet operate. The DNS allows users to identify websites, mail servers, and other Internet destinations using easy-to-understand names (e.g., www.ntia.doc.gov) rather than the numeric network addresses (e.g., 170.110.225.163) necessary to retrieve information on the Internet.

The IANA transition will advance our commitment to ensuring that the Internet remains an engine for global economic growth, innovation and free speech.

Since March 2014, the Internet community – made up of technical experts, businesses and civil society – has spent hundreds of hours devising a transition proposal that aims to meet the principles we outlined, including preserving the openness, security and resiliency of the Internet.

The global Internet community also developed a proposal to enhance the accountability of the Internet Corporation for Assigned Names and Numbers (ICANN), which currently performs the IANA functions under a contract with NTIA, in advance of NTIA transitioning its stewardship role.

In recent days both the IANA Stewardship Transition Coordination Group (ICG) and the Cross Community Working Group (CCWG) on Enhancing ICANN Accountability have posted their proposals for review and final public comment.  Comments are due September 8, 2015, for the ICG's proposal and September 12, 2015, for the CCWG's proposal.

I urge all parties with an interest in the IANA transition to review these proposals and provide feedback to the working groups. This is the best way to make your voice heard and make a difference.  It is particularly important that stakeholders everywhere evaluate whether these plans meet the criteria that we have said must be part of the transition.

I greatly appreciate the time and effort the community has put into developing these proposals. With the participation of as many stakeholders as possible, I am confident that this transition will result in a stronger ICANN and an Internet that will continue to grow and thrive throughout the world."



Digital New England Broadband Summit Sept 28

Fed Reg Notice

ACTION

Notice Of Open Meeting.

SUMMARY

The National Telecommunications and Information Administration (NTIA), through the BroadbandUSA program, in conjunction with Next Century Cities will hold a one-day regional broadband summit, "Digital New England," to share information to help communities build their broadband capacity and utilization. The summit will present best practices and lessons learned from broadband network infrastructure build-outs and digital inclusion programs from Maine and surrounding states, including projects funded by NTIA's Broadband Technology Opportunities Program (BTOP) and State Broadband Initiative (SBI) grant programs funded by the American Recovery and Reinvestment Act of 2009.1 The summit will also explore effective business and partnership models.

1American Recovery and Reinvestment Act of 2009, Public Law 111-5, 123 Stat. 115 (2009).

 

TABLE OF CONTENTS 
Back to Top

DATES: 
Back to Top

The Digital New England Broadband Summit will be held on September 28, 2015, from 9:00 a.m. to 5:00 p.m., Eastern Daylight Time.

ADDRESSES:
Back to Top

The meeting will be held in the Holiday Inn by the Bay, Portland, Maine at 88 Spring Street, Portland, Maine 04101.

FOR FURTHER INFORMATION CONTACT: 
Back to Top

Barbara Brown, National Telecommunications and Information Administration, U.S. Department of Commerce, Room 4628, 1401 Constitution Avenue NW., Washington, DC 20230; telephone: (202) 482-4374; email: bbrown@ntia.doc.gov. Please direct media inquiries to NTIA's Office of Public Affairs, (202) 482-7002; email: press@ntia.doc.gov.

SUPPLEMENTARY INFORMATION: 
Back to Top

NTIA's BroadbandUSA initiative provides expert advice and field-proven tools for assessing broadband adoption, planning new infrastructure and engaging a wide range of partners in broadband projects. BroadbandUSA convenes workshops on a regular basis to bring stakeholders together to discuss ways to improve broadband policies, share best practices, and connect communities to other federal agencies and funding sources for the purpose of expanding broadband infrastructure and adoption throughout America's communities.

The Digital Broadband Summit will feature subject matter experts from NTIA's BroadbandUSA initiative and include NTIA presentations that discuss lessons learned through the implementation of the BTOP and SBI grants. A panel will explore key elements required for successful broadband projects using a mix of regional examples. Topics will include marketing/demand aggregation, outreach, coordination with government agencies, partnership strategies, construction and oversight. A second panel will explore why broadband matters in comprehensive communityplanning and will provide real-world examples of how broadband applications help communities improve economic development, workforce development, and educational opportunities. A third panel will examine business model options, including private networks, public/private partnerships, co-ops and municipal systems. Panelists will provide tips to communities on how to research funding options, make a compelling case to funders, and leverage multiple federal, state, and nonprofit funding streams. Community leaders interested in expanding economic development opportunities or commercial providers interested in expanding their markets, among others, should find the information presented at the summit valuable as they plan their broadband projects.

The summit will be open to the public and press. Pre-registration is required, and space is limited. Portions of the meeting will be webcast. Information on how to pre-register for the meeting, and how to access the free, live Webcast will be available on NTIA's Web site: http://www.ntia.doc.gov/other-publication/2015/NEsummit. NTIA will ask registrants to provide their first and last names and email addresses for both registration purposes and to receive any updates on the summit. If capacity for the meeting is reached, NTIA will maintain a waiting list and will inform those on the waiting list if space becomes available. Meeting updates, changes in the agenda, if any, and relevant documents will be also available on NTIA's Web site at http://www.ntia.doc.gov/other-publication/2015/NEsummit.

The public meeting is physically accessible to people with disabilities. Individuals requiring accommodations, such as language interpretation or other ancillary aids, are asked to notify Barbara Brown at the contact information listed above at least five (5) business days before the meeting.