Day two of the 2014 D.C. Fly-In kicked off at the Cannon House Office Building with speakers who delved into data breach, broadband spectrum and cybersecurity. These included Senator Mark Pryor (D-Ark.); FCC Commissioner Jessica Rosenworcel; Adam Sedgewick, senior information technology policy advisor at the National Institute of Standards Technology; and Rep. Lee Terry (R-Neb.).
Pryor discussed cybersecurity and data breach issues currently being considered within their committees, including the recently introduced “Data Security and Breach Notification Act.” He noted three parts of the bill:
- Companies will need to implement a reasonable protocol to safeguard personal information.
- Companies will need to notify customers of a breach.
- Companies will need to notify law enforcement of a breach.
He said it was important for government and the private sector to work together, and stressed that data security should not only be driven by the private sector.
Rosenworcel discussed licensed and unlicensed spectrum, stating that the demands of airwaves are going up while the bands of airwaves are going down, and that licensed spectrum is for exclusive use and is the foundation of wireless networks. She explained that licensed spectrum is awarded via spectrum auctions and that so far, there have been 80 auctions for 36,000 licenses, which have raised more than $50 billion of revenue for the government.
She explained that unlicensed spectrum are blocks of radio spectrum that are open to use by any technology and do not require formal FCC licensing, and that major wireless technologies such as Wi-Fi and Bluetooth currently operate in such spaces. America spends more on unlicensed spectrum use (Wi-Fi) than on milk and bread each year, according to Rosenworcel.
In 2015, incentive auctions will be introduced into spectrum policy. Rosenworcel explained that incentive auctions are voluntary, and a market-based means of repurposing spectrum by encouraging existing broadcast television licensees to voluntary relinquish spectrum usage rights in exchange for a share of the proceeds from an auction. In addition, part of the revenue for incentive auctions will help fund a nationwide first responder’s network.
Rosenworcel also spoke passionately about the FCC’s E-rate program – the nation’s largest technology program helping schools and libraries obtain affordable telecommunications services, broadband Internet access and internal network connections. She said that the E-rate program brings us one step closer to finding the next generation of STEM entrepreneurs.
Sedgewick provided a preview of the NIST Cybersecurity Framework standards being released this week. One year ago, President Obama issued an executive order to improve critical infrastructure. Over the last year, NIST has convened with owners and operators to develop the NIST cybersecurity framework. He described the process of working with over 500 industry stakeholders and holding workshops over a several day period to develop the initial cybersecurity roadmap.
He discussed the challenge of applying the standard to a diverse group of organizations, as well as several things NIST learned during the year-long process of developing the cybersecurity framework, including the role of cybersecurity should play within an organization – that’s it’s not about creating a checklist but rather the importance of it being driven into an organization.
Sedgewick said the NIST Framework being unveiled this week is risk-based, flexible and speaks to all parts of the organization. He stressed that NIST will continue to work on privacy and with IT service providers in order to support the standard with commercial off-the-shelf products. He said NIST welcomes comments and will hold future workshops on the cybersecurity framework.
Terry discussed a recent Senate hearing in which executives from Target and Neiman Marcus testified detailing their responses to recent data breaches. He said he learned that with data, you will have crime; it’s a reality today and it will continue. He also said he learned a one-size-fits-all data security standard can’t happen.
Data security has Congress’ attention. A data security bill is in the works. Lee said it is bipartisan and focuses on breach notification and data security.