Michael R. Pompeo, the U.S. Secretary of State, announced the “Clean Network Program” which aims to ban the so-called “untrusted” carriers, applications, mobile application stores, cloud service providers, operators of undersea cables connecting the United States and the global internet on August 5, 2020. Companies that are involved in these businesses, or entities that transact
DHS and DOC Report on Botnets and IoT Security Recommends Increased Collaboration between Stakeholders in Private Industry and Government
On Jan. 5, 2018, the Department of Homeland Security (DHS) and the Department of Commerce (DOC) released their joint draft report on “Enhancing the Resilience of the Internet and Communications Ecosystem against Botnets and Other Automated, Distributed Threats” for public comment. The report provides a series of recommendations for addressing the threats presented by botnets as well as improving security for Internet-connected devices or the Internet of Things (IoT).
Chief among these was a call to “build coalitions between the security, infrastructure, and operational technology communities domestically and around the world.” The report called upon a wide array of stakeholders spanning different industries and both the public and private sectors. Key stakeholders mentioned in the report, along with corresponding recommendations, encompassed the following:
- IoT Product Industry. The report calls for private sector organizations, such as IoT product developers, to take significant steps towards improving security. These include establishing standards for assessing and labeling IoT device security, which would allow consumers to make informed choices and would offer assurance for the use of IoT products in critical infrastructure. The report also recommends providing better interfaces in IoT products for user administration.
Continue Reading DHS and DOC Report on Botnets and IoT Security Recommends Increased Collaboration between Stakeholders in Private Industry and Government
President Trump Signs Executive Order on Cybersecurity Focusing on Critical Infrastructure, Federal Networks and Public Cybersecurity Policy
On Monday, May 11, 2017, President Donald Trump signed an Executive Order on “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.” The Executive Order comes after Trump had postponed signing a similar executive order on cybersecurity on Feb. 1, and another draft executive order had been circulated Feb. 10.
The final Executive…
NIST Cybersecurity Framework
This post was written by Timothy J. Nagle.
NIST published the “Preliminary Cybersecurity Framework,” comprised of a Core, a Profile, and Information Tiers, in October. Comments were due by December 13th, and many industries, sectors and organizations have provided input. There is general industry support for the purpose, content, and collaborative development of the Framework,…
Cybersecurity Standards in the Utility Industry: Mandatory or Voluntary?
This post was also written by Timothy J. Nagle.
“Electric Grid Vulnerability: Industry Responses Reveal Security Gaps,” by the staffs of U.S. Reps. Ed Markey (D-Mass.) and Henry Waxman (D-Cal.), resulted from a survey of more than 100 utilities. The report and the contemporaneous House Energy and Commerce Committee hearing on “Cyber Threats and…
Cybersecurity Executive Order and CISPA to Solve Cyber Threat?
On February 12, the executive order “Improving Critical Infrastructure Cybersecurity” was issued, accompanied by a Presidential Policy Directive as well as a mention from President Obama in the State of the Union address. Similar to the previously discussed November 2012 draft, the executive order addresses: improvements in information sharing between the public and private…
Cybersecurity Executive Order: A Shift to Implementation Over Participation
This post was written by Timothy J. Nagle.
An earlier blog post analyzed a draft Executive Order on critical infrastructure cybersecurity. A newer version of the order is similar to its predecessor, but the ultimate goals remain: using existing regulatory authority, improving information sharing, developing a “voluntary” framework of standards, incentivizing (or punishing?) owners and…