Event Highlights IoT Security, Privacy Concerns

As an ever-increasing number of connected devices expands the Internet of things (IoT) there needs to be a focus on security and privacy by manufacturers and consumers, new FTC Commissioner Rebecca Kelly Slaughter and panelists said today during a New America event.

“It’s important that consumers have meaningful, accurate information about their device security, as well as data sharing, to make informed decisions,” Commissioner Slaughter said during a speech. “We are at a critical point in the IoT era in terms of getting privacy and security right. At the precipice of exponential growth, we have the opportunity both to thoughtfully develop products that start and stay secure and to educate consumers early on about how to assess the risks of connected devices, how to choose brands that take privacy and security seriously, and how to maintain device security with patches over the lifespan of the product. I cannot overstate the importance of getting this right, now.”

Consumer trust can be fostered by “ensuring that the devices are reasonably secure” and “ensuring consumers have a clear and accurate picture” of what data their devices collect and how that data is stored and used. “With all of this cutting edge and truly transformative technology comes legitimate concern about the potential risks these devices pose to our safety, our autonomy, and our privacy,” she said. “The many benefits of IoT devices may be delayed or foreclosed if consumers cannot trust them.” Continue reading

Gabbard, Hanabusa Offer Bill to Address False Emergency Alerts

Reps. Tulsi Gabbard (D., Hawaii) and Colleen Hanabusa (D., Hawaii) have introduced a bill that would require the Federal Emergency Management Agency to create best practices for state, tribal, and local governments to use for issuing emergency alerts, avoiding false alerts, and retracting false alerts if they occur.

The proposed Reliable Emergency Alert Distribution Improvement (READI) Act (HR 6427), which was introduced July 18 and which was referred to the Transportation and Infrastructure Committee’s subcommittee on economic development, public buildings, and emergency management, would also direct FEMA to create best practices for alert origination training and to develop plans for officials to contact each other and federal officials during emergencies, according to a press release issued by Rep. Gabbard’s office today.

A false ballistic missile alert was sent in Hawaii in January over the Emergency Alert System (EAS) and by wireless emergency alert (WEA) by a shift warning officer at the Hawaii Emergency Management Agency (HI-EMA) who thought the alert was real instead of only a test. It took the agency 38 minutes to send a corrected alert, although authorities used social media and the news media to get the word out earlier that the alert was not correct.

The READI Act would also “[e]stablish a reporting system for false alerts so the FCC can track when they occur and examine their causes,” according to the press release.

It would also “[e]nsure more people receive emergency alerts by eliminating the option to opt out of receiving certain critical federal alerts, including missile alerts, on mobile phones; [r]equire active alerts issued by the President or FEMA to be repeated. Currently, alerts on TV or radio may only be played once; [e]xplore establishing a system to offer emergency alerts to audio and video online streaming services, such as Netflix and Spotify; [and e]ncourage State Emergency Communications Committees to periodically review and update their State Emergency Alert System Plans, which are often out of date.”

The bill would amend the Warning, Alert, and Response Network (WARN) Act.

Sen. Brian Schatz (D., Hawaii) has introduced companion legislation in the Senate, according to the press release. —Lynn Stanton, lynn.stanton@wolterskluwer.com

Courtesy TRDaily


Report: Encryption Not Biggest Digital Evidence Challenge

While encryption is frequently cited as an obstacle to law enforcement agencies using digital evidence, the inability to access unencrypted data is a larger problem, according to a report published today by the Center for Strategic and International Studies.

“Our survey of federal, state, and local law enforcement officials suggests that challenges in accessing data from service providers — much of which is not encrypted — is the biggest problem that they currently face in terms of their ability to use digital evidence in their cases,” said the report, titled “Low-Hanging Fruit:  Evidence-Based Solutions to the Digital Evidence Challenge.”

“Specifically, the inability to effectively identify which service providers have access to relevant data was ranked as the number-one obstacle in being able to effectively use digital evidence in particular cases,” the report said.

The report notes that efforts to teach law enforcement officials how to effectively gather digital evidence are disjointed and underfunded.  It calls for the establishment of a National Digital Evidence Office that would work with law enforcement and tech companies to make it simpler to fulfill lawful requests for electronic data.

“There is much work that can and should be done to facilitate law enforcement access to data that is unencrypted or otherwise available in a way that is consistent with privacy and civil liberties, even as the policy discussions about potential decryption mandates, lawful hacking, and data retention continue,” the report said.

The report’s authors — William Carter, deputy director of the Technology Policy Program at CSIS, Jennifer Daskal, a senior associate in the Technology Policy Program, and William Crumpler, a research assistant with the Technology Policy Program — interviewed law enforcement officials, tech company representatives, and members of civil society and reviewed budget and training documents. —Tom Leithauser, tom.leithauser@wolterskluwer.com

Courtesy TRDaily


House Appropriators OK $1.1B for DHS Cyber Programs

Legislation that would provide $1.1 billion for cybersecurity programs at the Department of Homeland Security was approved today by the House Appropriations Committee by a vote of 29-22.  Democrats opposed the bill because it contains $5 billion for “physical barriers and associated technology” on the border between the U.S. and Mexico, which they say is unnecessary.

The DHS appropriations bill for fiscal year 2019 would allow DHS to spend $1.1 billion “to help secure civilian (dot-gov) networks and to detect and prevent cyber attacks and foreign espionage,” the committee said. “Funds are also included to enhance and modernize emergency communications capabilities and to continue the modernization of the biometric identity management.”

The $1.1 billion is part of $1.9 billion for DHS’s National Protection and Programs Directorate. The bill would provide $2.2 billion for the Secret Service, an increase of $160.7 million above the fiscal year 2018 enacted level, and would include more money than DHS requested for cyber crime investigations by the Secret Service.

Federal Emergency Management Agency (FEMA) disaster response and recovery efforts would receive $7.2 billion, and $3.1 billion would be provided for FEMA grant programs, including $538 million for the State Homeland Security Grant Program — an increase of $31 million above fiscal year 2018 — and $661 million for the Urban Area Security Initiative — an increase of $31 million above fiscal year 2018. — Tom Leithauser, tom.leithauser@wolterskluwer.com

Courtesy TRDaily

AFCEA Reports: DHS Bolsters Social Media Influence With a Twist, July 1, 2018, by George Seffers

A first-responder working group is poised to grow. While many government organizations are seeking to expand their social media influence, one social media group is expanding its influence within government.

The Social Media Working Group for Emergency Services and Disaster Management operates as a subcommittee under the U.S. Department of Homeland Security’s (DHS’) Science and Technology Advisory Committee, but it is on its way to becoming a full-fledged federal advisory committee.

Such committees help shape public policy by providing objective advice on an array of issues, including space exploration and stem cell research. Hundreds of advisory committees perform peer reviews of scientific research; offer recommendations on policy matters; identify long-range concerns; and evaluate grant proposals, among other functions, explains a 2004 Government Accountability Office (GAO) report.

“Once we become an advisory committee, the membership at the federal level will broaden to some degree. It will include many more components of DHS and probably even go a little outside of DHS to include other federal agencies as well,” says Denis Gusty, a program manager in the department’s Science and Technology Directorate (S&T). “The mission will stay the same, but the membership will broaden a bit. I think it does give us a little more influence.”

Gusty cannot estimate when the transition to a full committee will be complete, but he indicates that such an evolution takes a great deal of work. “I don’t have an exact date. We’re hoping very soon, but there’s still some work left to go through,” he offers.

The working group includes federal, tribal, territorial, state and local responders from across the country who are subject matter experts. It provides guidance to the emergency preparedness and response community on the use of social media before, during and after disasters, whether natural or man-made, including terrorist attacks. “Our purpose is to provide a resource for first responders for how to best utilize social media in their day-to-day activities,” Gusty explains.

Hemant Purohit, assistant professor in the information sciences and technology department of George Mason University, has participated formally with the working group for about two years, informally even longer. Purohit touts the group’s ability to bring together emergency response workers and researchers to develop solutions with first-responder input rather than responders being blindsided by potentially unfamiliar technologies. “We need champions within the practitioner community willing to understand the technology. More and more practitioners are joining, and they’re seeing the value of understanding how the technologies work,” Purohit says.

Read complete article here: https://www.afcea.org/content/dhs-bolsters-social-media-influence-twist


AFCEA reports: NIST Takes Interoperability to New Heights, By Kimberly Underwood, July 1, 2018

Agency researchers are working to improve communications technology for first responders.

Amid broad federal, state and local efforts to improve public safety communications, the National Institute of Standards and Technology is leading research to establish interoperability among diverse government organizations that aid the public when it is most in peril. The agency’s goal is for legacy systems and new mobile technologies to exchange vital voice and data communications in a crisis.

The horrific attacks on 9/11 quickly illuminated the need for greater interoperability in communications among first responders. Since then, the requirement to share information and communicate effectively via radio during natural disasters, fires, crimes or catastrophes has only increased for police officers, firefighters and other public safety personnel.

Acting on recommendations from the 9/11 Commission, Congress passed the Middle Class Tax Relief and Job Creation Act of 2012 to establish the First Responder Network Authority, known as FirstNet. The law provided $7 billion and 20 megahertz of electromagnetic spectrum for the public-private partnership development of a nationwide first-responder broadband network. Last year, FirstNet awarded a 25-year, $6.5 billion contract to AT&T to build, operate and maintain the high-speed network. Section 6303 of the law also provided the National Institute of Standards and Technology (NIST) with $300 million through 2022 to support the transition to broadband and advance public safety communication technologies to operate on the new network.

The Public Safety Communications Research Division (PSCR), part of NIST’s Communications Technology Laboratory (CLT), is overseeing the related research and development (R&D) and programs as well developing corresponding requirements and standards used by 60,000 agencies and 5 million first responders, according to the laboratory. In addition, the PSCR conducts testing and evaluations, executes security research, and performs modeling and simulation.

While FirstNet received its congressional funding immediately through the law’s borrowing authority, NIST had to wait until the proceeds came in from the government’s spectrum auctions.

That level of windfall required careful planning, explains Dereck Orr, PSCR division chief, NIST. “Even though we didn’t have the money in 2012, we knew we needed to start planning for the day that we got it,” Orr says. At a 2013 summit of public safety, industry, academia and federal stakeholders and partner FirstNet, NIST identified several focus areas for the PSCR, “where we would use this once-in-a-lifetime injection of funding,” he says. “It is not only about the research that we are doing in-house. We are also putting out a lot of money in grants. So more than half of that [$300 million in congressional] money is going to outside partners through grants, cooperative agreements, prize challenges.”

The focus areas include developing location-based services; transitioning land mobile radio (LMR) to Long Term Evolution (LTE) devices; and developing mission-critical voice capabilities for LTE, user interface and user experience technologies, and data analytics. Two additional programmatic areas, security and resiliency, cut across all the focus areas. “We have to look at security concerns,” Orr emphasizes.

For the first round of research, the laboratory awarded $38.5 million last year to 33 entities under NIST’s Public Safety Innovation Accelerator Program. The first round of funding covers all focus areas except user interface and user experience research; last month the laboratory awarded grants for that research, Orr says.

For one of the main focus areas, the PSCR is helping to usher in the use of LTE radio devices from LMR devices—in operation since the 1920s. And for the time that the two radio technologies coexist, officials will make sure that the radios are interoperable. “So if someone shows up on the scene with just an LMR radio, they can talk to someone who shows up with a FirstNet radio,” Orr says.

Read complete article here: https://www.afcea.org/content/nist-takes-interoperability-new-heights


Committee OKs Bill to Codify DHS’s CDM Program

Legislation that would authorize and codify efforts by the Department of Homeland Security to deploy a network security system known as continuous diagnostics and mitigation (CDM) today cleared the House Homeland Security Committee.

The Advancing Cybersecurity Diagnostics and Mitigation Act (HR 6443), which was offered by Rep. John Ratcliffe (R., Texas), was approved by unanimous consent.  The bill is designed to encourage DHS to move quickly on CDM deployment and to guide the program’s implementation.

A fully deployed CDM system would enable DHS to keep watch over civilian agencies’ networks and identify threats as they arise.  DHS has completed the first implementation phase and is working on buying the components and services needed for the next phase.

“It is DHS’s CDM program that will help federal agencies and the whole of the federal government understand the threats they face and the risks vulnerabilities pose in real time,” Rep. Ratcliffe said at today’s markup.

The committee also approved the Securing the Homeland Security Supply Chain Act (HR 6430), which would authorize the DHS secretary to address threats to the department’s supply chain. —Tom Leithauser, tom.leithauser@wolterskluwer.com