SVP, Regulatory Intervention - Center for Regulatory Effectiveness
Joined on November 17, 2003 – United States
Total Post Views: 354,461
| About |
Information about this member is not available yet.
The possibility of unauthorized access to EPA information raises an array of concerns since EPA-held data includes various types of Confidential Business Information, scientific research data, environmental databases, agency plans for responding to "incidents of national significance" and other security-related matters, and environmental monitoring data used in regulatory enforcement actions. more»
Cybersecurity regulation is coming. Whether regulations intended to enhance critical infrastructure protection will be based on existing statutory authority, new legislation, an Executive Order or a combination of legal authorities, however, is still unknown. Other aspects of the coming federal oversight of critical infrastructure cybersecurity that remain undetermined include the extent to which governance system will include voluntary characteristics and the time frame for initiation of new cybersecurity regulation. more»
The President and Congress are deliberating how best to ensure appropriate cybersecurity protection for private sector critical infrastructure. Legislative action and Executive Order are both under consideration. It is possible, however, that the White House Office of Management and Budget (OMB) already has sufficient statutory authority to enact new cybersecurity regulations through the normal notice-and-comment rulemaking process. more»
While Congress and the White House deliberate possible actions on FISMA reform and increased oversight of critical infrastructure, relatively little attention is being given to the government-wide cybersecurity regulation already in place, the Data Quality Act (DQA). Unlike FISMA, which primarily governs the government's internal cybersecurity processes, and contemplated legislation and/or Executive Order(s), which would likely also include a focus on critical infrastructure protection, the DQA contains a unique mandate. more»
Don't worry about the bad guys turning out the lights. Worry about everything they're stealing while the lights are still on. The theft of intellectual property ranging from Hollywood films to defense secrets is underway by cyber-criminals of various stripes. Maintaining control over intellectual property may be the single most important challenge to American economic security. Implementing a cyber-reliant infrastructure is a national challenge which crosses the traditional boundaries between economic sectors and between public and private domains. more»
Cybersecurity regulation will take its place alongside environmental regulation, health and safety regulation and financial regulation as a major federal activity. What is not yet clear is what form the regulations will take. FISMA controls, performance standards, consensus standards and industry-specific consortia standards are all possible regulatory approaches. What is not likely is an extended continuation of the current situation in which federal authorities have only limited, informal oversight of private sector cyberdefenses (or lack thereof). more»
Studies have found only limited, insufficient agency adherence with FISMA's (Federal Information Security Management Act) continuous monitoring mandates. One survey found almost half of federal IT professionals were unaware of continuous monitoring requirements. A recent GAO report found that two-thirds of agencies "did not adequately monitor networks" to protect them "from intentional or unintentional harm." more»
In September 2009, the Obama Administration announced the Federal Cloud Computing Initiative. As the government's CIO explained, cloud computing "has the potential to greatly reduce waste, increase data center efficiency and utilization rates, and lower operating costs." The Federal Risk and Authorization Management Program (FedRAMP) addresses the key elements of a cloud computing framework for federal agencies. more»
NIST has released a revised FIMSA Implementation Schedule that omits a previously planned Second Public Draft of SP 800-137: Information Security Continuous Monitoring for Federal Information Systems and Organizations. Instead, NIST plans to proceed directly to a Final Public Draft, now expected in May 2011. more»
The public is taking an increasing interest in ensuring that IT assets of federal agencies are protected from cybersecurity attacks. FISMA is addressing this concern, in part, by initiating a standard setting process for continuous monitoring. The actions taken by NIST for the federal sector could have a very significant impact on the private sector because pending legislation would provide the federal government with the authority to mandate cybesecurity measures on the private sector. more»
NIST's release of their initial public draft of SP 800-137, Guide for Continuous Monitoring of Information Systems and Organizations will create a set of challenges for the federal cybersecurity community. Agencies and contractors will need to shape the document through the multi-stage revision process while continuing to implement their own continuous monitoring measures. more»
It didn't take long for criticism of the Verizon/Google net neutrality proposal to start pouring in. "[I]nterest groups, bloggers, and even Google fanboys [have started] discrediting the plan" according to one trade publication. Although most of the commentary simply echoes various groups' long-held positions, the Electronic Frontier Foundation, the nation's foremost cyber-rights watchdog, provided a crucial insight about the plan that goes to the core of the net neutrality issue. more»
Should Google's provision of information services be regulated? Yes, if the decision is based on Google's own standards for determining whether to regulate tele-information companies. In recent comments to the FCC, Google described "broadband openness" rules, aka net neutrality, as a "fundamental necessity." Without such rules, the search engine giant, aka Big Search, fears that broadband providers would "promote only their own pecuniary interests over the far broader interests of Internet users..." As the Wall Street Journal noted last year, however, Google engages in the same type of discriminatory service practices they want the federal government to prohibit... more»
United Nations Secretary General Kofi Annan, writing in The Washington Post, declared that it is a "mistaken notion" that the U.N. "wants to 'take over,' police or otherwise control the Internet." Unfortunately, neither the World Summit on the Information Society (WSIS), the WSIS' Working Group on Internet Governance (WGIG) or the Secretary General's column give comfort to those committed to cyber-freedom. more»
The House Committee on Science recently held a hearing to "examine the extent of U.S. vulnerability to cyber attacks on critical infrastructure such as utility systems, and what the federal government and private sector are doing, and should be doing, to prevent and prepare for such attacks." Specific issues addressed at the hearing included whether: 1) the U.S. is able to detect, respond to, and recover from cyber-attacks on critical infrastructure; and 2) is there a clear line of responsibility within the federal government to deal with cybersecurity... more»
Hurricane Katrina will lead the endless finger pointing about what should have been done to strengthen the levees before the storm. However, as a former senior FEMA official under the Clinton Administration explained, "There's only two kinds of levees. Ones that have failed and those that will fail." The same is true for cyber-levees. more»
The United States is under cyber-attack. An article in Time magazine titled "The Invasion of the Chinese Cyberspies" discusses a computer-network security official for Sandia National Laboratories who had been "tirelessly pursuing a group of suspected Chinese cyberspies all over the world." The article notes that the cyberespionage ring, known to US investigators as Titan Rain, has been "penetrating secure computer networks at the country's most sensitive military bases, defense contractors and aerospace companies." more»
The Congressional Research Service (CRS) recently released a major new study examining cybersecurity. The report, "Creating a National Framework for Cybersecurity: An Analysis of Issues and Options" discusses a variety of significant public and private cybersecurity concerns. The CRS analysis lists several broad options for addressing cybersecurity weaknesses ranging from adopting standards and certification to promulgating best practices and guidelines and use of audits among other measures. more»
Blogging is not only a well-established element of pop culture, it has become a tremendously influential communications mechanism. As early as March 2002, an article in Wired discussed the blogging "revolution" and declared that blogging "could be to words what Napster was to music - except this time, it'll really work." more»
If anyone needs another reason why the UN should not be in charge of the internet, they need look no further than the upcoming UNESCO conference on "Freedom of Expression in Cyberspace." The United Nations Education Scientific and Cultural Organization conference will discuss "whether universal free expression standards should be applied to the Internet and how free expression can be protected while respecting individual privacy, national laws and cultural differences." The conference is being held in preparation for the second phase of the UN's World Summit on the Information Society (WSIS)." more»
Ensuring federal cybersecurity is essential to protecting national security. According to some media reports, recommendations have been made to the Bush Administration to "create a distinct administrative cybersecurity position within the Homeland Security Department to oversee progress in the federal government and act as a liaison with private industry." However, before new bureaucracy is created, it is important to recognize the practical cybersecurity policies and projects that are already being undertaken by the Administration. more»
Former CIA Director George Tenet recently gave a speech highlighting the need for federal action on internet management in order to protect national security. As reported by the online edition of Government Executive, Mr. Tenet explained that, "greater government regulation of the Internet and telecommunications networks is needed in order to guard against terrorist attacks." more»
The MOU between the Department of Commerce and ICANN includes a series of specific milestones that the corporation is required to accomplish by certain specified dates. One of the specific requirements placed on ICANN by the agency is to define "a predictable strategy for selecting new TLDs using straightforward, transparent, and objective procedures that preserve the stability of the Internet...." The MOU goes on to state that "(strategy development to be completed by September 30, 2004 and implementation to commence by December 31, 2004)." more»
A coalition of over 50 domain Registrars from around the world have recommended an alternative to ICANN's proposed 2004-2005 budget. The alternative proposal from the ICANNBudget.org Registrars would cap Registrar contributions at $11 million per year for the next three years. Although this proposal represents a significant expansion beyond ICANN's 2003-2004 budget of $8.6 million budget, it is still slim compared with ICANN's own $15.8 million budget proposal. Of potentially greater importance, the alternative budget differs significantly from ICANN's proposal in the structure of the Registrar fees. more»
Is the internet on the verge of a meltdown? A non-profit organization, People For Internet Responsibility (PFIR), is concerned that there is the risk of "imminent disruption, degradation, unfair manipulation, and other negative impacts on critical Internet services..." PFIR believes that the "red flag" warning signs of a potential meltdown include "attempts to manipulate key network infrastructures such as the domain name system; lawsuits over Internet regulatory issues... ever-increasing spam, virus, and related problems..." more»
Despite the stated commitment to meeting their obligations to the government, ICANN's proposed budget may potentially breach the MoU. Specifically, the MoU commits ICANN to "perform as an organization founded on the principles of competition..." However, an alliance of at least 50 Registrars claims that the new Registrar fee structure contained in the proposed budget would significantly harm competition. more»
A recent ICANNfocus article discussed the magnitude of ICANN's legal fees. Specifically, ICANNfocus questioned whether the extent of ICANN's legal fees, about 20% of their total revenues, was related to the organization functioning as a regulator instead of simply as a technical manager of the internet. more»
Unlike ICANN, the National Telecommunications and Information Administration (NTIA) responded graciously, promptly and substantively to inquiries from the Center for Regulatory Effectiveness (CRE) regarding governance of the internet. CRE sent a letter to NTIA in mid-March asking about public access to documents prepared by ICANN under Memorandum of Understanding (MOU) with NTIA. NTIA provided a quick and clear response to CRE's questions. NTIA also reiterated its commitment to achieving transparency and accountability in ICANN's processes. NTIA's response to CRE, although clear and comprehensive, raised a number of important questions about ICANN and their governance of the internet. more»
ICANN has made great strides in implementing steps to improve the organization's transparency, accountability, openness - according to their most recent Status Report [PDF]. The report describes the requirements of their MOU with the Department of Commerce and what the organization has done to toward achieving these goals. However, even though the Report makes it sound as if ICANN is on the right track, some troubling issues lay underneath the surface of the Report. more»
National Telecommunications and Information Administration (NTIA) has made a long term commitment to taking the actions necessary to reform ICANN. Specifically, the Department of Commerce's Strategic Plan for FY 2004-2009 discusses the need for NTIA to take action to reform ICANN. The Strategic Plan details three Strategic Goals for the Department to achieve over the next five years. The second goal is to "Foster science and technological leadership by protecting intellectual property, enhancing technical standards, and advancing measurement science." more»
This is the sixth part of a multi-part series reported by ICANNfocus. This part focuses on ICANN's Strategic Plan. Read previous parts: Part I, Part II, Part III, Part IV, Part V. "The requirement that ICANN develop a Strategic Plan offers an important opportunity for achieving meaningful reform of the organization. The Strategic Plan is one of the key new ICANN duties contained in the most recent amendment to their Memorandum of Understanding (MOU) with the Department of Commerce. The MOU specifies in considerable detail the elements that ICANN is to include in the Plan including issues ranging from executive compensation to mechanisms for ICANN accountability..." more»
This is the fifth part of a multi-part series reported by ICANNfocus. This part focuses on Securing the Quality of WHOIS Data. "Information for which ICANN has responsibility includes the WHOIS databases. ICANN has been given specific responsibilities for these databases under: 1) their contract with the U.S. government's Department of Commerce to perform the technical management of the Internet; and 2) their Memorandum of Understanding with the Department of Commerce." more»
This is the fourth part of a multi-part series reported by ICANNfocus. This part focuses on the Information Correction Process. "The Data Quality Act provides affected persons the right "to seek and obtain correction of information maintained and disseminated by the agency that does not comply" with the Data Quality Act and implementing guidelines. ...The Department of Commerce's National Telecommunications and Information Administration (NTIA) provides detailed instructions on how to request correction of information not meeting their Data Quality guidelines. NTIA is the operating unit of the Department of Commerce that is responsible for ICANN." more»
This is the third part of a multi-part series reported by ICANNfocus. In this part, the focus is on how ICANN implementation of the Data Quality Act would address congressional concerns. "Congress is deeply concerned by ICANN's management and is demanding meaningful change in how the organization governs the internet. Congressional concerns regarding ICANN and Congressional oversight activities were detailed in Part II of this series." more»
This is the second part of a multi-part series reported by ICANNfocus. This part discusses the congressional concerns regarding ICANN's governance of the Internet. "Since 1999 Congress has repeatedly expressed serious concerns regarding ICANN's governance of the internet. Congress has substantial responsibility for overseeing the key aspects of internet governance. Among its specific responsibilities, Congress has the duty to oversee implementation of the Department of Commerce's Memorandum of Understanding (MOU) and contract with ICANN." more»
The first part of a multi-part series report by ICANNfocus. This part discusses the history of the data quality act. "The Center for Regulatory Effectiveness (CRE) has determined that ICANN is subject to the Data Quality Act. Specifically, because ICANN carries out the technical management of the internet, including the IANA function and the implementation of new top level domains, under agreement with the U.S. Department of Commerce, ICANN's information disseminations are "sponsored" by the Department and thus subject to the Act." more»
CRE notified Dr. Twomey, President and Chief Executive Officer of ICANN, of the applicability of the Data Quality Act to ICANN in a detailed letter of October 29th. CRE asked ICANN for a meeting to discuss the issue of the applicability of the Data Quality Act to ICANN since CRE received no communication in response to the letter. In mid-December ICANN agreed to a January 23rd meeting with CRE. Notwithstanding CRE's trip to ICANN's headquarters in California for the scheduled meeting, the organization refused at the last moment to meet with CRE. CRE now knows how Dr. Twomey felt when he was expelled from an ICANN-related planning meeting in Geneva. more»
The National Academy of Sciences (NAS) has been studying the issue of Internet navigation and the DNS. The study was undertaken at the request of Congress to "provide analysis and advice for consideration by agencies of the U.S. Government, interested international institutions, and other stakeholders." In addition to examining technological issues, the study is also considering "relevant legal, economic, political, and social issues...because technologies related to the DNS and Internet navigation do not operate in isolation, but must be deployed within a complex and challenging national and international context." more»
Harvard Law School's distinguished Berkman Center for Internet & Society has published a preliminary study, "Public Participation In ICANN." ...The problem with the preliminary study is that it fundamentally misunderstands the role of ICANN in Internet governance. Specifically, ICANN's duty is not and should not be to simply carry out the will of the "Internet user community." Instead, ICANN's duty is to carry out the responsibilities the organization agreed to in its Memorandum of Understanding (MOU) and contract with the Department of Commerce. This does not mean that ICANN should exclude stakeholder views. more»
An organization which purports to be "the voice of world business" is proposing a de facto U.N. takeover of ICANN. The proposal by a senior official of the International Chamber of Commerce (ICC) would place ICANN under the U.N. umbrella and give a strong role to U.N. agencies and to various national governments, including those that suppress free speech and free enterprise. In a move of breathtaking arrogance, the ICC refused to even invite ICANN or U.S. government representatives to the meeting at which they are presenting their proposal. more»