The Department of Homeland Security (DHS) endorsed Tuesday a cyber-risk oversight handbook for corporate board of directors jointly published by AIG, the Internet Security Alliance (ISA) the National Association of Corporate Directors (NACD). DHS is incorporating the handbook into its Critical Infrastructure Cyber Community (C3) Volunteer Program, the program the department is using to encourage use of the National Institute of Standards and Technology-facilitated Cybersecurity Framework, said DHS Assistant Secretary Andy Ozment, head of the National Protection and Programs Directorate’s (NPPD) Office of Cybersecurity and Communications, during a news conference announcing DHS’s adoption of the handbook. DHS will also make the handbook available through the U.S. Computer Emergency Readiness Team’s website, said Ozment. The handbook, originally released last month, says corporate boards of directors should handle cybersecurity using a set of five principles, including an understanding that cybersecurity is “an enterprise-wide management issue,” rather than just an IT issue. Boards also need to understand the legal implications of cyber risks and should have adequate access to cybersecurity expertise to evaluate policies, the handbook said. They should also expect management to create an enterprise-wide cyber risk framework that is adequately funded, and should identify which risks to “avoid, accept, mitigate or transfer through insurance,” the handbook said (http://bit.ly/1mbVuut). Directors are “very much aware of cybersecurity,” but need guidance on how to confront it, said NACD President and CEO Ken Daly during the news conference. ISA President Larry Clinton said the handbook could help corporate board and cybersecurity experts “connect the dots,” noting that both sides need to understand each others’ lexicons.
Jimm Phillips
Jimm Phillips, Associate Editor, covers telecommunications policymaking in Congress for Communications Daily. He joined Warren Communications News in 2012 after stints at the Washington Post and the American Independent News Network. Phillips is a Maryland native who graduated from American University. You can follow him on Twitter: @JLPhillipsDC
A set of four cybersecurity bills the House was set to vote on Monday night appeared likely to pass with strong bipartisan support, industry lawyers and lobbyists told us in interviews before the vote. Debate on the bills had not begun at our deadline. The major bill of the four was the National Cybersecurity and Critical Infrastructure Protection Act (HR-3696), which would codify the Department of Homeland Security’s (DHS) existing role in dealing with cybersecurity issues, but would not extend the department’s powers (CD Feb 6 p7). HR-3696 also deals with DHS’ role in information sharing, but lawyers and lobbyists we spoke with said the information sharing aspect of the bill has not stirred up controversy as did the House-passed Cyber Intelligence Sharing and Protection Act (HR-624) or the Senate’s Cybersecurity Information Sharing Act (S-2588).
The petitions that Chattanooga’s Electric Power Board (EPB) and the city of Wilson, North Carolina, filed Thursday seeking FCC pre-emption of state laws restricting municipal broadband deployments (CD July 25 p18) give FCC Chairman Tom Wheeler a definitive reason to examine pre-emption, industry participants and observers told us in interviews. Industry is likely to closely watch the FCC’s examination of the Chattanooga (http://bit.ly/1kZ4lM6) and Wilson petitions (http://bit.ly/1kZ54gc), and those petitions will likely have implications for the limits of the FCC’s authority under Communications Act Section 706, observers said. The FCC has been deciding how to pursue pre-emption after Judge Laurence Silberman of the U.S. Court of Appeals for the D.C. Circuit said in a separate opinion in Verizon v. FCC that Section 706 could allow the commission to examine state municipal broadband laws as a barrier to competition. Industry observers have been split on the pre-emption issue (CD Feb 24 p1).
The House Homeland Security Committee reported to the House Wednesday an amended version of the National Cybersecurity and Critical Infrastructure Protection Act (HR-3696) after the House Oversight and Science committees agreed to waive their jurisdiction over the bill (http://1.usa.gov/1rebvQx). Neither the Oversight nor Science committees had taken action on the bill, while House Homeland Security cleared it in February (CD Feb 6 p7). The bill would codify the Department of Homeland Security’s existing role in dealing with cybersecurity issues, but would not extend the department’s powers. HR-3696’s supporters have been pushing behind the scenes for the bill to get a House vote before the upcoming recess, an industry lobbyist said. The version of HR-3696 reported to the House Wednesday included the removal of a section that would have dealt with federal civilian networks, which sponsors agreed to remove because of a “jurisdictional issue” with House Oversight, along with other minor changes, a House Homeland Security aide told us. House leaders are considering the bill for floor action “in the near future,” the aide said.
Several states’ attorneys general and utility regulators endorsed FCC action on net neutrality, with most urging the commission to use its authority under Title II of the Communications Act to reclassify broadband as a common carrier service. Three major groups connected with state telecom regulation also endorsed new FCC net neutrality rules, though of the three only the National Association of State Utility Consumer Advocates (NASUCA) endorsed Title II reclassification as its top preference. Cities of Los Angeles and Philadelphia also weighed in on the FCC’s proposed NPRM. Comments on the net neutrality NPRM were due at the FCC Friday.
NARUC planned Friday to comment on the FCC net neutrality NPRM, adding to the more than 1 million comments already filed on the NPRM. (See separate report in this issue.) NARUC General Counsel Brad Ramsay told us Friday he was still writing the group’s comments but said he anticipated they would “undoubtedly quote” a net neutrality resolution NARUC’s board passed Wednesday at its meeting in Dallas (CD July 17 p17).
DALLAS -- NARUC’s Telecom Committee unanimously passed Tuesday an amended version of a resolution encouraging the FCC to craft its new net neutrality rules using Communications Act Section 706 as its main legal justification. NARUC’s board is set to vote on the resolution Wednesday. Public Service Board member John Burke, the resolution’s original sponsor, introduced an amended version of the resolution at the committee meeting that would encourage the FCC to use Section 706 as its main jurisdictional base for drafting the new net neutrality rules, while encouraging the use of Title II authority as a backup. A draft resolution had equally encouraged Title II and Section 706 as jurisdictional bases for the rules (CD July 14 p6).
Expectations remained unclear Monday for the outcome of the NARUC Telecom Committee’s expected vote on a net neutrality resolution. The resolution, introduced by committee member and Vermont Public Service Board member John Burke, would encourage the FCC to use the Telecom Act’s Title II and Section 706 as the jurisdictional basis as it creates new net neutrality rules (CD July 14 p6). Burke told us Monday the staff subcommittee on telecom had given a positive reception to the resolution over the weekend, but he was unsure how the full Telecom Committee would act. NARUC General Counsel Brad Ramsay said industry representatives could comment Tuesday, before the committee votes. Burke told us he expects opposition from many of those representatives. Several Telecom Committee members told us Monday they were undecided on their position. Pennsylvania Public Utility Commissioner James Cawley said he was “genuinely not sure” how he would vote. District of Columbia Public Service Commission Chairwoman Betty Ann Kane said she needed to review revisions to the original resolution before she decided. Telecom Committee Vice Chairwoman Catherine Sandoval, a member of the California Public Utilities Commission, declined to comment on her position.
DALLAS -- Parties within state utility commissions and elsewhere opposed to the 10th U.S. Circuit Court of Appeals’ decision upholding the FCC 2011 USF/intercarrier compensation order (CD May 27 p1 ) should continue exploring options for appealing that decision even though available options have a low probability of succeeding, industry panelists said at the NARUC meeting. Those options include requesting an en banc review by the entire 10th Circuit or an appeal to the Supreme Court, said NARUC Counsel Brad Ramsay.
NARUC is set to wade into the net neutrality debate at its meeting this week in Dallas, where its board will consider a resolution that would encourage the FCC to use the Telecom Act Title II and Section 706 as jurisdictional bases as it creates new net neutrality rules. The resolution would also lend NARUC support to the FCC’s proposed expansion of the transparency rule, said a draft of the resolution released in advance of the meeting (http://bit.ly/1sI9XiF).