ACM logo ACM motto image
Home | News & Activities | Weblog | About | Contact Us | Join ACM
USACM
is the U.S. Public Policy Council of the Association for Computing Machinery (ACM) ... (more)
 
Policy Resources
USACM News & Activities
Newsletter: Washington Update
Tech Policy Weblog
Policy Reports
-Globalization and Offshoring of Software
-Voter Registration Databases
Issue Areas
Copyright/IP
-DMCA
-DRM
-P2P
E-voting and Standards
Internet Governance
Open Government
Privacy
-Encryption
-National ID Systems
-Spam/UCE
Research and Development
-Access to Scientific Information
-Database Protection
-Reverse Engineering
-UCITA
Security
Web Accessibility
 
Search
USACM Policy Resources
ACM Portal

 
Archives
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
April 2004
February 2004
January 2004
June 2003
May 2003
February 2003
January 2003
December 2002
November 2002
August 2002
September 2001
August 2001
July 2001
May 2001
Older
2003
2002
2001
Misc. older News & Activities
 
RSS
RSS Link
 
About
About USACM
-USACM Members
-Policy Office FAQ
-Policy Office Staff
-Annual Reports
About ACM
-ACM Press Room
-Join ACM
 
Contact Us
ACM Public Policy Office
1100 17th Street, NW
Suite 507
Washington, DC 20036-4632
Tel: 202.659.9711
Fax: 202.667.1066

 


October 27, 2005

USACM Chair cautions against underfunding cybersecurity research

USACM Chair Gene Spafford testified today at a House Armed Services Committee hearing as part of a cybersecurity panel on “Asymmetric and Unconventional Threats.” He was joined on the panel by David Grawrock (Intel) and Paul Kurtz (Cyber Security Industry Alliance). Spafford’s written testimony can be found here. In his oral comments, Spafford stressed several points:

  • The interconnectedness of systems today, meaning that a vulnerability or attack in one system can lead to problems for other systems;

  • The fuzzy line now between civilian and military infrastructure (e.g., many military bases rely on civilian power grids, civilian networks, etc.)
  • The danger in underfunding and shortening the horizon for cybersecurity research; and
  • The need for more well-trained cybersecurity professionals.

We’ll have more on this hearing in our forthcoming October newsletter. Meanwhile, Peter Harsha (CRA) has an excellent post about the hearing and some of the background.

David posted this at 2:15 pm ET | Filed in Research, Security, ACM/USACM News, Testimony | Permanent Link | Trackback

 
October 24, 2005

Senate to Move Data Security Legislation

Update (10/25/05) – As promised below, click here to see an updated comparison of the four bills mentioned in the original post.

Last week we reported that the Senate Judiciary Committee – a major player in the effort to enact federal data security legislation – moved Senator Jeff Sessions’ (R-AL) legislation (S. 1326) intended to protect private electronic information. Today National Journal is reporting (subscription required) that key Senators will merge at least three bills into one and try to pass the package before the Senate leaves for Thanksgiving. Such an effort would require merging the products and priorities of three different committees – Judiciary, Senate Commerce, and Senate Banking – and then getting floor time.

The bills that would likely be merged are: Senator Arlen Specter’s legislation (S. 1332), Senator Sessions’ legislation, Senator Gordon Smith’s (R-WA) legislation (S. 1408) and Senator Richard Shelby’s (R-AL) legislation (S. 1461). (Here is a side-by-side comparing two of the bills. We will try to work up another side-by-side for the other bills.)

It is pretty hard to predict what parts will end up in the final bill. Our sense would be some new regulatory structure for all business modeled after the Gramm-Leach-Bliley Act, which partly governs the financial industry’s use of private data, with much of the specific detail left to the Federal Trade Commission to work out. It will probably also include some breach notification requirements and increased protection of information in government’s hands.

Any comprehensive regulatory bill will almost certainly contain provisions to preempt state law. Interestingly, the National Journal story notes that pressure to act isn’t coming from the public clamoring for protection of their private information, it is coming from the business community that fears 50 different state laws. In many ways this improves the chances for a new federal law, because while the onslaught of data breach stories has slowed, the pressure inside the Beltway for preemption of state laws from business groups isn’t likely to stop.

Cameron posted this at 7:24 pm ET | Filed in Privacy, Analysis | Permanent Link | Trackback

 
October 21, 2005

Senate committee approves privacy/data protection bill

Thursday the Senate Judiciary committee approved (by voice vote) Senator Jeff Sessions’ (R-AL) “Notification of Risk to Personal Data Act” (S. 1326). The bill calls for the creation of data protection programs, mandates security breach notifications, and provides for the preemption of similar state laws. It was one of a number of data protection bills before the committee.

Curiously, the committee did not act on Chairman Specter’s own “Personal Data Privacy and Security Act of 2005″ (S. 1789), which we have discussed in this space before. The status of that bill remains unclear.

David posted this at 2:49 pm ET | Filed in Privacy, Security | Permanent Link | Trackback

 
October 19, 2005

Little progress seen toward securing nation’s critical infrastructure

The House Homeland Security Committee yesterday heard testimony regarding the security of the nation’s supervisory control and data acquisition (SCADA) systems – the computer systems used to control such things as water flow through dams, the operation of power plants, and so on. The occassion was a joint hearing between the Subcommittee on Economic Security, Infrastructure Protection, and Cybersecurity and the Subcommittee on Emergency Preparedness, Science, and Technology. The news wasn’t very encouraging (from a related WaPo article):

Guarding the computer-based controls from terrorists gained attention after the attacks of Sept. 11, 2001.

“It’s four years later and we are no further down the line,” Rep. Bill Pascrell, D-N.J., said while questioning Andy Purdy Jr., acting director of the Homeland Security Department’s National Cyber Security Division. “We’re not prepared. You know it, I know it.”

Joining Purdy before the committee were (more…)

David posted this at 2:11 pm ET | Filed in Security, Homeland security | Permanent Link | Trackback

 
October 13, 2005

USACM and others criticize DOD export proposal

USACM and more than 100 other respondents recently filed comments with the Department of Defense criticizing its proposed changes to the Defense Federal Acquisition Regulation Supplement (DFARS). Among other things, the proposal mandates that all DOD contracts include a clause requiring contractors to

  1. Create and maintain unique badges for foreign nationals and foreign persons employed by the entity;

  2. Build segregated work areas for these persons; and,
  3. Prevent these individuals from gaining any access to export-controlled technology without first obtaining a specific license, authorization or exemption, even if these individuals may be working under the longstanding fundamental research exemption.

USACM’s comments express its concern that the proposal, among other things, would place a costly new burden on research, discriminate against foreign researchers, and jeopardize the fundamental research exemption that has long promoted an open and fertile research environment. USACM is also worried that DOD, in issuing this proposal, has not given enough consideration to a similar advanced notice of proposed rulemaking issued recently by the Department of Commerce’s Bureau of Industry and Security. USACM and others were critical of this proposal, as well.

USACM’s full statement on the DOD proposal is available here.
(more…)

David posted this at 10:15 am ET | Filed in Research, Security, ACM/USACM News | Permanent Link | Trackback

 
October 7, 2005

Spafford and Lazowska on cybersecurity R&D

There are a couple of interesting cybersecurity items currently worthy of your attention:

* USACM Chair Eugene Spafford makes comments on the Department of Defense’s approach to cybersecurity in a recent Federal Computer Week article:

[…] Spafford said incremental changes will not strengthen existing networks and a whole new approach [to DOD cybersecurity] is needed.

“Unfortunately, the government is not funding much research in cybersecurity and almost none in long-range research,” said Spafford, who is also executive director of Purdue’s Center for Education and Research in Information Assurance and Security […]

* Peter Harsha alerts us to former PITAC co-chair Ed Lazowska’s strong words about the administration’s handling of cybersecurity research and development in an interview with CIO Magazine:

[Worthen:] You feel strongly that the government’s treatment of cybersecurity R&D has been particularly neglectful.

[Lazowska:] PITAC found that the government is currently failing to fulfill this responsibility. (The word failing was edited out of our report, but it was the committee’s finding.)

David posted this at 7:23 am ET | Filed in Security | Permanent Link | Trackback

 
October 1, 2005

ACM Washington Update, Vol. 9.9 (September 30, 2005)

CONTENTS

[1] Newsletter Highlights
[2] Carter-Baker Commission Report a Mixed Bag
[3] Senate Judiciary Committee: Busy and in the Spotlight
[4] Secure Flight Working Group Against Live System Testing
[5] Cybercrime on the Rise
[6] Barbara Simons Presented with Lifetime Achievement Award
[7] Calling All Techies
[8] Events in October
[9] About USACM

[An archive of all previous editions of Washington Update is available here.]
(more…)

David posted this at 9:38 am ET | Filed in ACM/USACM News, Newsletter | Permanent Link | Trackback

 
October 2005
S M T W T F S
« Sep   Nov »
 1
2345678
9101112131415
16171819202122
23242526272829
3031  
 
Weblog Categories
Access to Information
Accessibility
ACM/USACM News
Analysis
Biometrics
DMCA
DRM
E-Goverment
E-voting
Education and Workforce
Encryption
Events
Funding
Healthcare
Hill Tech Happenings
Homeland security
Intellectual Property
International
Internet Governance
Letters
Miscellaneous
National IDs
Newsletter
Opinion
P2P
People
Polls
Privacy
Research
RFID
Sci/Tech Policy (General)
Security
Spam
Standards
State & Local
Surveillance
Telecommunications
Testimony
VoIP
 
Tech Policy Links
ACM Tech News
American Library Association (ALA)
-ALA Office Intellectual Freedom
Center for Democracy and Technology
Computer Science Teachers Association (CSTA)
Computing Research Association (CRA)
-CRA's Policy Weblog
Electronic Frontier Foundation (EFF)
-Deep Links: EFF's Weblog
Electronic Privacy Information Center (EPIC)
Freedom To Tinker
The National Academies
-CSTB
Nothing is as simple ... (Jim Horning's blog)
PolicyBeta (Digital Policy blog for the Center for Democracy & Technology)
Public Knowledge
Schneier on Security
THOMAS
ACM Privacy Policy | ACM Code of Ethics

Questions? Comments?
Email us