Res Communis Blog RSS

Category Archives: Cyber

State Department: U.S.-India Science and Technology, Innovation, and Health Cooperation

Source – U.S. State Department:

U.S.-India Science and Technology, Innovation, and Health Cooperation

Fact Sheet
Office of the Spokesperson
Washington, DC
July 31, 2014
Share
Science and technology cooperation between the United States and India strengthens our bilateral relationship, promotes economic growth, and allows us to develop new and innovative technologies and products to address shared challenges. The United States and India believe that science, technology, and innovation are key tools that will help us address global challenges such as climate change, health, education, food, water, and energy security. Both countries support cutting edge research and are building public-private partnerships that promote science and technology-based innovation and entrepreneurship. The United States and India also recognize the importance of gender equality in the scientific workforce, and have conducted numerous exchanges to encourage increased participation of women and girls in science. Over the past year, two bilateral endowments – the Indo-U.S. Science and Technology Forum (IUSSTF) and U.S.-India Science and Technology Endowment Fund – have provided roughly $3 million to fund hundreds of exchange visits and support technology commercialization through U.S.-India joint ventures. . . .

. . . Civil Space Cooperation: The U.S. and India continue to carry out and expand upon cooperation taking place under the U.S.-India Civil Space Joint Working Group (CSJWG). NASA and Indian Space Research Organization (ISRO) continue to make progress on the NASA-ISRO Synthetic Aperture Radar (NISAR) mission. This mission is intended to generate a vast bank of earth observation data for use in novel applications by researchers to benefit global food security, freshwater availability, human health, disaster prediction and hazard response, climate risks and adaptation, and urban management and planning. NASA is providing deep space navigation and tracking support to ISRO’s Mars Orbiter Mission (MOM) as it continues its journey in space and prepares for its arrival at the Red Planet in late September 2014, just two days after NASA’s Mars Atmosphere and Volatile Evolution (MAVEN) mission completes its journey. NASA and ISRO look forward to discussing ways to collaborate on these two Mars missions to take advantage of their complementary observations. NASA and ISRO, along with the National Oceanographic and Atmospheric Administration (NOAA) as a Global Precipitation Measurement (GPM) Mission partner continue productive cooperation on the ISRO-French Space Agency (CNES) Megha Tropiques mission. NASA, NOAA, and ISRO also continue effective cooperation in the calibration, validation, and application of ocean color observation data, and until recently, of ocean surface vector wind data, on ISRO’s Oceansat-2 mission. NOAA looks forward to collaborating with ISRO on future follow-on ocean surface vector wind missions. NASA and ISRO have initiated a professional engineer and scientist exchange program. The United States and India also look forward to continued discussion regarding the development of India’s regional navigation satellite system in a manner that is compatible and interoperable with GPS.

FacebookTwitterGoogle+TumblrLinkedInEvernoteDiggSlashdotEmailShare

ITU: ICT Regulators review role in the networked society

Source -ITU:

ICT Regulators review role in the networked society
Asia-Pacific Regulators meet in Sydney, Australia
Geneva, 22 July 2014 – Regulators from more than 20 countries of the Asia-Pacific region met from 21 to 22 July in Sydney, Australia, to exchange experiences and discuss potential areas of collaboration to embrace the networked society. Under the theme “Beyond Convergence – the Networked Society”, the Asia-Pacific Regulators’ Round Table is co-organized by ITU and the Australian Communications and Media Authority (ACMA), with support from the Department of Communications of the Government of Australia.
ITU Secretary-General Hamadoun I. Touré called for close collaboration amongst regulators and ‘smart’ partnerships across sectors at the international, regional and national levels. “In an ICT embedded society, the efficiency, productivity and security of citizens necessitate cross-sectoral collaboration mechanisms to reap the full benefits of ICTs in areas such as health, education, agriculture, electricity, and transport,” Dr Touré said.
“Continued growth in participation reflects the benefits we are gaining from the exchange of views and information,” said Mr Chris Chapman, Chairman of ACMA. “The creation of the Asia-Pacific Regulator’s Round Table is a particular accomplishment of ITU in the region, particularly with the excellent innovation of rotating the Forum and the associated ITU / ACMA International Training Programme (ITP) throughout the Asia-Pacific region.”
This high-level Regulators’ Round Table, organized by ITU since 2011, provides a unique opportunity for strategic discussions on emerging regulatory issues and challenges faced in the rapidly evolving and converging ICT sector.
The Regulators’ meeting is followed by a three-day ACMA-ITU International Training Programme titled “Convergent Regulation through First Principles Thinking”. The training focuses on the policy and regulatory issues of the era beyond convergence of telecommunications, information technology and broadcasting. Around 60 participants from more than 25 countries are expected to attend the training programme.
For more information, please see www.itu.int/ITU-D/asp/CMS/Events/2013/RR-ITP-2013/index.asp

UK: Data Retention and Investigatory Powers Act 2014

Source – UK Parliament:

Data Retention and Investigatory Powers Act 2014

2014 CHAPTER 27

An Act to make provision, in consequence of a declaration of invalidity made by the Court of Justice of the European Union in relation to Directive 2006/24/EC, about the retention of certain communications data; to amend the grounds for issuing interception warrants, or granting or giving certain authorisations or notices, under Part 1 of the Regulation of Investigatory Powers Act 2000; to make provision about the extra-territorial application of that Part and about the meaning of “telecommunications service” for the purposes of that Act; to make provision about additional reports by the Interception of Communications Commissioner; to make provision about a review of the operation and regulation of investigatory powers; and for connected purposes.
[17th July 2014]

Be it enacted by the Queen’s most Excellent Majesty, by and with the advice and consent of the Lords Spiritual and Temporal, and Commons, in this present Parliament assembled, and by the authority of the same, as follows:—

Retention of relevant communications data

1Powers for retention of relevant communications data subject to safeguards

(1)The Secretary of State may by notice (a “retention notice”) require a public telecommunications operator to retain relevant communications data if the Secretary of State considers that the requirement is necessary and proportionate for one or more of the purposes falling within paragraphs (a) to (h) of section 22(2) of the Regulation of Investigatory Powers Act 2000 (purposes for which communications data may be obtained).

(2)A retention notice may—

(a)relate to a particular operator or any description of operators,

(b)require the retention of all data or any description of data,

(c)specify the period or periods for which data is to be retained,

(d)contain other requirements, or restrictions, in relation to the retention of data,

(e)make different provision for different purposes,

(f)relate to data whether or not in existence at the time of the giving, or coming into force, of the notice.

(3)The Secretary of State may by regulations make further provision about the retention of relevant communications data.

(4)Such provision may, in particular, include provision about—

(a)requirements before giving a retention notice,

(b)the maximum period for which data is to be retained under a retention notice,

(c)the content, giving, coming into force, review, variation or revocation of a retention notice,

(d)the integrity, security or protection of, access to, or the disclosure or destruction of, data retained by virtue of this section,

(e)the enforcement of, or auditing compliance with, relevant requirements or restrictions,

(f)a code of practice in relation to relevant requirements or restrictions or relevant powers,

(g)the reimbursement by the Secretary of State (with or without conditions) of expenses incurred by public telecommunications operators in complying with relevant requirements or restrictions,

(h)the 2009 Regulations ceasing to have effect and the transition to the retention of data by virtue of this section.

(5)The maximum period provided for by virtue of subsection (4)(b) must not exceed 12 months beginning with such day as is specified in relation to the data concerned by regulations under subsection (3).

(6)A public telecommunications operator who retains relevant communications data by virtue of this section must not disclose the data except—

(a)in accordance with—

(i)Chapter 2 of Part 1 of the Regulation of Investigatory Powers Act 2000 (acquisition and disclosure of communications data), or

(ii)a court order or other judicial authorisation or warrant, or

(b)as provided by regulations under subsection (3).

(7)The Secretary of State may by regulations make provision, which corresponds to any provision made (or capable of being made) by virtue of subsection (4)(d) to (g) or (6), in relation to communications data which is retained by telecommunications service providers by virtue of a code of practice under section 102 of the Anti-terrorism, Crime and Security Act 2001.

2Section 1: supplementary

(1)In this section and section 1—

“communications data” has the meaning given by section 21(4) of the Regulation of Investigatory Powers Act 2000 so far as that meaning applies in relation to telecommunications services and telecommunication systems;
“functions” includes powers and duties;
“notice” means notice in writing;
“public telecommunications operator” means a person who—
(a)controls or provides a public telecommunication system, or
(b)provides a public telecommunications service;
“public telecommunications service” and “public telecommunication system” have the meanings given by section 2(1) of the Regulation of Investigatory Powers Act 2000;
“relevant communications data” means communications data of the kind mentioned in the Schedule to the 2009 Regulations so far as such data is generated or processed in the United Kingdom by public telecommunications operators in the process of supplying the telecommunications services concerned;
“relevant powers” means any powers conferred by virtue of section 1(1) to (6);
“relevant requirements or restrictions” means any requirements or restrictions imposed by virtue of section 1(1) to (6);
“retention notice” has the meaning given by section 1(1);
“specify” means specify or describe (and “specified” is to be read accordingly);
“telecommunications service” and “telecommunication system” have the meanings given by section 2(1) of the Regulation of Investigatory Powers Act 2000;
“telecommunications service provider” means a person who provides a telecommunications service;
“unsuccessful call attempt” means a communication where a telephone call has been successfully connected but not answered or there has been a network management intervention;
“the 2009 Regulations” means the provisions known as the Data Retention (EC Directive) Regulations 2009 (S.I. 2009/859).
(2)“Relevant communications data” includes (so far as it otherwise falls within the definition) communications data relating to unsuccessful call attempts that—

(a)in the case of telephony data, is stored in the United Kingdom, or

(b)in the case of internet data, is logged in the United Kingdom,

but does not include data relating to unconnected calls or data revealing the content of a communication.
(3)Regulations under section 1(3) may specify the communications data that is of the kind mentioned in the Schedule to the 2009 Regulations and, where they do so, the reference in the definition of “relevant communications data” to communications data of that kind is to be read as a reference to communications data so specified.

(4)Any power to make regulations under section 1—

(a)is exercisable by statutory instrument,

(b)includes power to—

(i)confer or impose functions (including those involving the exercise of a discretion) on any person (including the Secretary of State),

(ii)make supplementary, incidental, consequential, transitional, transitory or saving provision,

(iii)make different provision for different purposes,

(c)may, so far as relating to provision about codes of practice, be exercised in particular by modifying the effect of sections 71 and 72 of the Regulation of Investigatory Powers Act 2000 (codes of practice in relation to certain powers and duties).

(5)A statutory instrument containing regulations under section 1 is not to be made unless a draft of the instrument has been laid before, and approved by a resolution of, each House of Parliament.

Investigatory powers

3Grounds for issuing warrants and obtaining data

(1)Section 5 of the Regulation of Investigatory Powers Act 2000 (power to issue necessary and proportionate interception warrants in interests of national security, to prevent or detect serious crime or to safeguard the UK’s economic well-being) is amended as set out in subsection (2).

(2)In subsection (3)(c) (economic well-being of the UK), after “purpose” insert “, in circumstances appearing to the Secretary of State to be relevant to the interests of national security,”.

(3)Section 22 of that Act (power to obtain communications data in interests of national security, to prevent or detect serious crime, in interests of the UK’s economic well-being and for other specified purposes) is amended as set out in subsection (4).

(4)In subsection (2)(c) (economic well-being of the UK), after “United Kingdom” insert “so far as those interests are also relevant to the interests of national security”.

4Extra-territoriality in Part 1 of RIPA

(1)Part 1 of the Regulation of Investigatory Powers Act 2000 (communications) is amended as follows.

(2)In section 11 (implementation of interception warrants), after subsection (2) insert—

“(2A)A copy of a warrant may be served under subsection (2) on a person outside the United Kingdom (and may relate to conduct outside the United Kingdom).

(2B)Service under subsection (2) of a copy of a warrant on a person outside the United Kingdom may (in addition to electronic or other means of service) be effected in any of the following ways—

(a)by serving it at the person’s principal office within the United Kingdom or, if the person has no such office in the United Kingdom, at any place in the United Kingdom where the person carries on business or conducts activities;

(b)if the person has specified an address in the United Kingdom as one at which the person, or someone on the person’s behalf, will accept service of documents of the same description as a copy of a warrant, by serving it at that address;

(c)by making it available for inspection (whether to the person or to someone acting on the person’s behalf) at a place in the United Kingdom (but this is subject to subsection (2C)).

(2C)Service under subsection (2) of a copy of a warrant on a person outside the United Kingdom may be effected in the way mentioned in paragraph (c) of subsection (2B) only if—

(a)it is not reasonably practicable for service to be effected by any other means (whether as mentioned in subsection (2B)(a) or (b) or otherwise), and

(b)the person to whom the warrant is addressed takes such steps as the person thinks appropriate for the purpose of bringing the contents of the warrant, and the availability of a copy for inspection, to the attention of the person outside the United Kingdom.

The steps mentioned in paragraph (b) must be taken as soon as reasonably practicable after the copy of the warrant is made available for inspection.”
(3)In subsection (4) of that section, after “that person” insert “(whether or not the person is in the United Kingdom)”.

(4)After subsection (5) of that section insert—

“(5A)Where a person outside the United Kingdom is under a duty by virtue of subsection (4) to take any steps in a country or territory outside the United Kingdom for giving effect to a warrant, in determining for the purposes of subsection (5) whether the steps are reasonably practicable for the person to take, regard is to be had (amongst other matters) to—

(a)any requirements or restrictions under the law of that country or territory relevant to the taking of those steps, and

(b)the extent to which it is reasonably practicable to give effect to the warrant in a way that does not breach any such requirements or restrictions.”

(5)In subsection (8) of that section, after “enforceable” insert “(including in the case of a person outside the United Kingdom)”.

(6)In section 12 (maintenance of interception capability), after subsection (3) insert—

“(3A)An obligation may be imposed in accordance with an order under this section on, and a notice under subsection (2) given to, persons outside the United Kingdom (and may be so imposed or given in relation to conduct outside the United Kingdom).

(3B)Where a notice under subsection (2) is to be given to a person outside the United Kingdom, the notice may (in addition to electronic or other means of giving a notice) be given to the person—

(a)by delivering it to the person’s principal office within the United Kingdom or, if the person has no such office in the United Kingdom, to any place in the United Kingdom where the person carries on business or conducts activities, or

(b)if the person has specified an address in the United Kingdom as one at which the person, or someone on the person’s behalf, will accept documents of the same description as a notice, by delivering it to that address.”

(7)In subsection (7) of that section—

(a)after “person” insert “(whether or not the person is in the United Kingdom)”, and

(b)after “enforceable” insert “(including in the case of a person outside the United Kingdom)”.

(8)In section 22 (obtaining and disclosing communications data), after subsection (5) insert—

“(5A)An authorisation under subsection (3) or (3B), or a requirement imposed in accordance with a notice under subsection (4), may relate to conduct outside the United Kingdom (and any such notice may be given to a person outside the United Kingdom).

(5B)Where a notice under subsection (4) is to be given to a person outside the United Kingdom, the notice may (in addition to electronic or other means of giving a notice) be given to the person in any of the following ways—

(a)by delivering it to the person’s principal office within the United Kingdom or, if the person has no such office in the United Kingdom, to any place in the United Kingdom where the person carries on business or conducts activities;

(b)if the person has specified an address in the United Kingdom as one at which the person, or someone on the person’s behalf, will accept documents of the same description as a notice, by delivering it to that address;

(c)by notifying the person of the requirements imposed by the notice by such other means as the person giving the notice thinks appropriate (which may include notifying the person orally, except where the notice is one to which section 23A applies).”

(9)In subsection (6) of that section, after “operator” insert “(whether or not the operator is in the United Kingdom)”.

(10)In subsection (8) of that section, after “enforceable” insert “(including in the case of a person outside the United Kingdom)”.

5Meaning of “telecommunications service”

In section 2 of the Regulation of Investigatory Powers Act 2000 (meaning of “interception” etc), after subsection (8) insert—
“(8A)For the purposes of the definition of “telecommunications service” in subsection (1), the cases in which a service is to be taken to consist in the provision of access to, and of facilities for making use of, a telecommunication system include any case where a service consists in or includes facilitating the creation, management or storage of communications transmitted, or that may be transmitted, by means of such a system.”

6Half-yearly reports by the Interception of Communications Commissioner

(1)Section 58 of the Regulation of Investigatory Powers Act 2000 (reports by the Interception of Communications Commissioner) is amended as follows.

(2)In subsection (4) (annual reports), after “calendar year” insert “and after the end of the period of six months beginning with the end of each calendar year”.

(3)In subsection (6) (duty to lay annual reports before Parliament), after “annual report” insert “, and every half-yearly report,”.

(4)In subsection (6A) (duty to send annual reports to the First Minister), after “annual report” insert “, and every half-yearly report,”.

(5)In subsection (7) (power to exclude matter from annual reports), after “annual report” insert “, or half-yearly report,”.

7Review of investigatory powers and their regulation

(1)The Secretary of State must appoint the independent reviewer of terrorism legislation to review the operation and regulation of investigatory powers.

(2)The independent reviewer must, in particular, consider—

(a)current and future threats to the United Kingdom,

(b)the capabilities needed to combat those threats,

(c)safeguards to protect privacy,

(d)the challenges of changing technologies,

(e)issues relating to transparency and oversight,

(f)the effectiveness of existing legislation (including its proportionality) and the case for new or amending legislation.

(3)The independent reviewer must, so far as reasonably practicable, complete the review before 1 May 2015.

(4)The independent reviewer must send to the Prime Minister a report on the outcome of the review as soon as reasonably practicable after completing the review.

(5)On receiving a report under subsection (4), the Prime Minister must lay a copy of it before Parliament together with a statement as to whether any matter has been excluded from that copy under subsection (6).

(6)If it appears to the Prime Minister that the publication of any matter in a report under subsection (4) would be contrary to the public interest or prejudicial to national security, the Prime Minister may exclude the matter from the copy of the report laid before Parliament.

(7)The Secretary of State may pay to the independent reviewer—

(a)expenses incurred in carrying out the functions of the independent reviewer under this section, and

(b)such allowances as the Secretary of State determines.

(8)In this section “the independent reviewer of terrorism legislation” means the person appointed under section 36(1) of the Terrorism Act 2006 (and “independent reviewer” is to be read accordingly).

Final provisions

8Commencement, duration, extent and short title

(1)Subject to subsection (2), this Act comes into force on the day on which it is passed.

(2)Section 1(6) comes into force on such day as the Secretary of State may by order made by statutory instrument appoint; and different days may be appointed for different purposes.

(3)Sections 1 to 7 (and the provisions inserted into the Regulation of Investigatory Powers Act 2000 by sections 3 to 6) are repealed on 31 December 2016.

(4)This Act extends to England and Wales, Scotland and Northern Ireland.

(5)This Act may be cited as the Data Retention and Investigatory Powers Act 2014.

S. 1681: Intelligence Authorization Act for Fiscal Year 2014 (signed into law)

Source – The White House:

The White House
Office of the Press Secretary

For Immediate Release July 07, 2014
Statement by the Press Secretary on S. 1681

On Monday, July 7, 2014, the President signed into law:

S. 1681, the “Intelligence Authorization Act for Fiscal Year 2014,” which authorizes fiscal year 2014 appropriations for U.S. intelligence-related activities and establishes and provides other authorities concerning U.S. intelligence and counter-terrorism activities.

H.R. 5099: To amend the National Institute of Standards and Technology Act to remove the National Security Agency from the list of the entities consulted during the development of information systems standards and guidelines

H.R. 5099: To amend the National Institute of Standards and Technology Act to remove the National Security Agency from the list of the entities consulted during the development of information systems standards and guidelines was introduced on July 14, 2014 by Alan Grayson:

H.R.5099 — To amend the National Institute of Standards and Technology Act to remove the National Security Agency from the list of the entities consulted during the development of information… (Introduced in House – IH)

HR 5099 IH

113th CONGRESS
2d Session

H. R. 5099
To amend the National Institute of Standards and Technology Act to remove the National Security Agency from the list of the entities consulted during the development of information systems standards and guidelines.

IN THE HOUSE OF REPRESENTATIVES
July 14, 2014

Mr. GRAYSON introduced the following bill; which was referred to the Committee on Science, Space, and Technology

A BILL
To amend the National Institute of Standards and Technology Act to remove the National Security Agency from the list of the entities consulted during the development of information systems standards and guidelines.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
SECTION 1. INFORMATION SYSTEMS STANDARDS CONSULTATION.

Section 20(c)(1) of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3(c)(1)) is amended by striking `the National Security Agency,’.

S. 2588: Cybersecurity Information Sharing Act of 2014

S. 2588: Cybersecurity Information Sharing Act of 2014 was introduced on July 10, 2014 by Sen. Dianne Feinstein. The table of contents reads:

S.2588 — Cybersecurity Information Sharing Act of 2014 (Placed on Calendar Senate – PCS)

Beginning
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
Sec. 1. Short title; table of contents.
SEC. 2. DEFINITIONS.
SEC. 3. SHARING OF INFORMATION BY THE FEDERAL GOVERNMENT.
SEC. 4. AUTHORIZATIONS FOR PREVENTING, DETECTING, ANALYZING, AND MITIGATING CYBERSECURITY THREATS.
SEC. 5. SHARING OF CYBER THREAT INDICATORS AND COUNTERMEASURES WITH THE FEDERAL GOVERNMENT.
SEC. 6. PROTECTION FROM LIABILITY.
SEC. 7. OVERSIGHT OF GOVERNMENT ACTIVITIES.
SEC. 8. CONSTRUCTION AND PREEMPTION.
SEC. 9. REPORT ON CYBERSECURITY THREATS.
SEC. 10. CONFORMING AMENDMENTS.
July 10, 2014

State Department: Joint Statement on U.S.-Germany Cyber Bilateral Meeting

Source – US State Department:

Joint Statement on U.S.-Germany Cyber Bilateral Meeting

Media Note
Office of the Spokesperson
Washington, DC
June 27, 2014
Share
The text of the following statement was issued jointly by the Governments of the United States of America and the Government of the Federal Republic of Germany on the occasion of the US-Germany Cyber Bilateral Meeting June 26, 2014.

Begin Text:

The Governments of the United States and Germany held a Cyber Bilateral Meeting in Berlin, Germany on June 26, 2014.

This third annual U.S.-Germany Cyber Bilateral Meeting reinforced our long-standing alliance by highlighting our pre-existing collaboration on many key cyber issues over the course of the last decade and identifying additional areas for awareness and alignment. The U.S.-Germany Cyber Bilateral Meeting continued and further expanded its “whole-of-government” approach, furthering cooperation on a wide range of cyber issues and our collaborative engagement on both strategic and operational objectives.

Strategic objectives include affirming common approaches in Internet governance, Internet freedom, and international cyber security; partnering with the private sector to protect critical infrastructure; and pursuing coordination efforts on cyber capacity building in third countries. The discussions of Internet governance issues focused on continued efforts to bolster support for the multi-stakeholder model for Internet governance, particularly after the successful conclusion of the NETmundial Conference in Sao Paulo, Brazil. The United States and Germany will continue their close cooperation on these issues as the preparations for Internet Governance Forum 9 in Istanbul, Turkey are underway, and as the Internet Corporation for Assigned Names and Numbers (ICANN) is convening the multistakeholder community to develop a proposal to transition the stewardship of the Internet Assigned Numbers Authority (IANA) function from the U.S. Government.

Discussions of the Information Society issues also included the preparations for the International Telecommunication Union (ITU) Plenipotentiary Conference in Busan, Korea in October and the United Nations General Assembly’s 10 year review of the World Summit on the Information Society (WSIS) focusing on development and continued efforts to realize a global, open, inclusive Internet for all. Additional strategic objectives included expanding the Freedom Online Coalition, and the application of norms and responsible state behavior in cyberspace, particularly as the UN Group of Governmental Experts is poised to start its next effort and building on the successful 2013 consensus report affirming the applicability of international law to state behavior in cyberspace.

Operational objectives comprise bilateral cybersecurity cooperation measures such as exchanging information on cyber issues of mutual concern such as critical information infrastructure protection and identifying greater cooperation measures on detecting and mitigating cyber incidents, raising awareness, combating cybercrime, and implementing the Organization for Security Cooperation in Europe (OSCE’s) confidence-building measures to reduce risk,

The bilateral meeting took place the day before the U.S.-Germany Cyber Dialogue, a multistakeholder event organized jointly by the German Foreign Office and the U.S. Department of State and focused on big data, privacy, security, economic innovation, and international cyber cooperation. The Cyber Dialogue will be hosted by German Foreign Minister Frank-Walter Steinmeier; John Podesta, Counselor to President Obama will also provide keynote remarks. A high level panel of both German and U.S. experts will discuss big data, privacy, security, economic innovation, and international cyber cooperation. Participants from government, industry, civil society and academia will have the chance to discuss these issues and provide input for potential solutions.

The U.S.-Germany Cyber Bilateral Meeting was hosted by Ambassador Dirk Brengelmann, Commissioner for International Cyber Policy and the German delegation included representatives from the Federal Foreign Office, the Federal Ministry of the Interior, the Federal Ministry of Defense, the Federal Chancellery, the Federal Ministry for Economics and Technology, and the Federal Office for Information Security. The U.S. delegation was led by Secretary of State’s Coordinator for Cyber Issues, Christopher Painter, and included representatives from the Department of State, the Department of Commerce, the Department of Homeland Security, the Department of Justice, the Department of Defense, the National Security Council and the Office of Science and Technology Policy in the Executive Office of the President.

Coordinator Painter and Ambassador Brengelmann agreed to hold the next annual Cyber Bilateral Meeting in Washington, DC in mid-2015 again in conjunction with a multistakeholder cyber dialogue.

H.Res. 643: Calling for further defense against the People’s Republic of China’s state-sponsored cyber-enabled theft of trade secrets, including by the People’s Liberation Army

H.Res. 643: Calling for further defense against the People’s Republic of China’s state-sponsored cyber-enabled theft of trade secrets, including by the People’s Liberation Army was introduced on June 25, 2014 by Rep. Steve Chabot:

H.RES.643 — Calling for further defense against the People’s Republic of China’s state-sponsored cyber-enabled theft of trade secrets, including by the People’s Liberation Army. (Introduced in House – IH)

HRES 643 IH

113th CONGRESS
2d Session

H. RES. 643
Calling for further defense against the People’s Republic of China’s state-sponsored cyber-enabled theft of trade secrets, including by the People’s Liberation Army.

IN THE HOUSE OF REPRESENTATIVES
June 25, 2014

Mr. CHABOT (for himself, Mr. BERA of California, Mr. COHEN, Mr. COLLINS of Georgia, and Mr. CONNOLLY) submitted the following resolution; which was referred to the Committee on the Judiciary, and in addition to the Select Committee on Intelligence (Permanent Select), Armed Services, Ways and Means, and Foreign Affairs, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned

RESOLUTION
Calling for further defense against the People’s Republic of China’s state-sponsored cyber-enabled theft of trade secrets, including by the People’s Liberation Army.

Whereas the People’s Republic of China (PRC) has been labeled by the United States Office of the National Counterintelligence Executive as the world’s most active and persistent perpetrator of economic espionage;

Whereas the Permanent Select Committee on Intelligence of the House of Representatives investigated the PRC’s major telecommunications companies and concluded in a bipartisan report released October 2012 that Chinese businesses Huawei Technologies’ and ZTE Incorporated’s provision of equipment to United States critical infrastructure could undermine core United States national security interests;

Whereas in February 2013, the President issued the Administration’s Strategy on Mitigating the Theft of United States Trade Secrets and stated, `We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and economy.’;

Whereas Mandiant, a United States cybersecurity firm, reported in February 2013 that a cyber-hacking group it labels as Advanced Persistent Threat 1 (APT1) is based in the PRC and is likely government-sponsored;

Whereas Mandiant found that APT1 is known as Unit 61398 and is the 2nd Bureau of the 3rd Department of the General Staff Department of the People’s Liberation Army (PLA) under the Communist Party of China;

Whereas Mandiant warned that APT1 is only one of more than 20 Advanced Persistent Threat groups originating in the PRC;

Whereas Mandiant concluded that APT1 has conducted a cyber espionage campaign since at least 2006, whereas since that time, APT1 systematically stole hundreds of terabytes of data from at least 141 companies in 20 major industries;

Whereas Mandiant detailed that APT1 focuses on compromising organizations in a broad range of industries in English-speaking countries and maintains an extensive infrastructure of computer systems around the world;

Whereas Director of National Intelligence James Clapper reported to Congress in March 2013 that the PRC remains one of the most capable and persistent intelligence threats;

Whereas in May 2013, the Secretary of Defense reported to Congress in a report entitled `Military and Security Developments Involving the People’s Republic of China’ that in 2012, numerous computer systems around the world, including those owned by the United States Government, were targeted for intrusions, some of which were attributable directly to the Government and military of the PRC;

Whereas the Secretary of Defense asserted that these intrusions carried out by the PRC were focused on exfiltrating information through computer network exploitation (CNE) capabilities to support state-sponsored intelligence collection of United States national defense programs;

Whereas Director of National Intelligence James Clapper reported to Congress in January 2014 that China seeks to revise the multi-stakeholder model of Internet governance while continuing its expansive worldwide program of network exploitation and intellectual property theft;

Whereas Attorney General Eric Holder announced on May 19, 2014, an indictment against five hackers affiliated with the PLA for serious cyber economic espionage that victimized United States entities and stole trade secrets;

Whereas these five hackers were identified as part of Unit 61398 of the PLA;

Whereas the indictment detailed the threat from Unit 61398 of the PLA based in Shanghai in the PRC; and

Whereas this indictment was the first time charges were brought against state actors for cyber infiltration of United States commercial entities: Now, therefore, be it;

Resolved, That the House of Representatives–
(1) calls on the President to aggressively implement and coordinate the Strategy on Mitigating the Theft of United States Trade Secrets;
(2) calls on the PRC to end the practice of cyber-enabled espionage against United States firms and individuals and to cooperate in cyber security efforts with the United States;
(3) calls on the Department of Justice to continue to advance investigations into cyber espionage by actors originating in the PRC;
(4) calls on the United States Government to continue to condemn cyber-enabled espionage for the purposes of stealing intellectual property and trade secrets, pursue counter intelligence capacities, and prosecute such individuals should they enter United States territory;
(5) calls on the United States Trade Representative to estimate the loss from cyber theft, compile a list of actors that cause the most damage to United States firms by intellectual property rights theft and pursue a dispute settlement case at the World Trade Organization;
(6) calls on the United States Office of the National Counterintelligence Executive to update the unclassified report to Congress on Foreign Economic Collection and Industrial Espionage in 2009-2011 with information that includes the cyber threat from the People’s Republic of China against United States companies and critical infrastructure;
(7) calls on the Department of Defense to restrict military-to-military contacts with the PLA in compliance with United States laws, including the National Defense Authorization Act for Fiscal Year 2000 (Public Law 106-65);
(8) calls on the Federal Bureau of Investigation and the Department of Homeland Security to expand warnings to United States companies about the broad scope of tools to illicit trade secrets used by actors originating in the PRC, including cyber theft, physical trespass of the factories or other facilities of United States firms, intrusion of computers, and use of Universal Serial Bus (USB) drives, money, travel, gifts, promises of employment, and social media;
(9) calls on the Department of Defense and the Department of State to provide briefings of the United States-China cyber-security working group meetings in 2013; and
(10) calls on Federal departments and agencies to expand cooperation with allies and partners to better coordinate defense against cyber threats.

S. 2519: National Cybersecurity and Communications Integration Center Act of 2014

S. 2519: National Cybersecurity and Communications Integration Center Act of 2014 was introduced on June 25, 2014 by Sen. Thomas Carper:

S.2519 — National Cybersecurity and Communications Integration Center Act of 2014 (Introduced in Senate – IS)

S 2519 IS

113th CONGRESS
2d Session

S. 2519
To codify an existing operations center for cybersecurity.

IN THE SENATE OF THE UNITED STATES
June 24, 2014

Mr. CARPER (for himself and Mr. COBURN) introduced the following bill; which was read twice and referred to the Committee on Homeland Security and Governmental Affairs

A BILL
To codify an existing operations center for cybersecurity.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.

This Act may be cited as the `National Cybersecurity and Communications Integration Center Act of 2014′.
SEC. 2. NATIONAL CYBERSECURITY AND COMMUNICATIONS INTEGRATION CENTER.

(a) In General- Subtitle A of title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended by adding at the end the following:
`SEC. 210G. OPERATIONS CENTER.

`(a) Functions- There is in the Department an operations center, which may carry out the responsibilities of the Under Secretary appointed under section 103(a)(1)(H) with respect to security and resilience, including by–
`(1) serving as a Federal civilian information sharing interface for cybersecurity;
`(2) providing shared situational awareness to enable real-time, integrated, and operational actions across the Federal Government;
`(3) sharing cybersecurity threat, vulnerability, impact, and incident information and analysis by and among Federal, State, and local government entities and private sector entities;
`(4) coordinating cybersecurity information sharing throughout the Federal Government;
`(5) conducting analysis of cybersecurity risks and incidents;
`(6) upon request, providing timely technical assistance to Federal and non-Federal entities with respect to cybersecurity threats and attribution, vulnerability mitigation, and incident response and remediation; and
`(7) providing recommendations on security and resilience measures to Federal and non-Federal entities.
`(b) Composition- The operations center shall be composed of–
`(1) personnel or other representatives of Federal agencies, including civilian and law enforcement agencies and elements of the intelligence community, as such term is defined under section 3(4) of the National Security Act of 1947 (50 U.S.C. 3003(4)); and
`(2) representatives from State and local governments and other non-Federal entities, including–
`(A) representatives from information sharing and analysis organizations; and
`(B) private sector owners and operators of critical information systems.
`(c) Annual Report- Not later than 1 year after the date of enactment of the National Cybersecurity and Communications Integration Center Act of 2014, and every year thereafter for 3 years, the Secretary shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security of the House of Representatives a report on the operations center, which shall include–
`(1) an analysis of the performance of the operations center in carrying out the functions under subsection (a);
`(2) information on the composition of the center, including–
`(A) the number of representatives from non-Federal entities that are participating in the operations center, including the number of representatives from States, nonprofit organizations, and private sector entities, respectively; and
`(B) the number of requests from non-Federal entities to participate in the operations center and the response to such requests, including–
`(i) the average length of time to fulfill such identified requests by the Federal agency responsible for fulfilling such requests; and
`(ii) a description of any obstacles or challenges to fulfilling such requests; and
`(3) the policies and procedures established by the operations center to safeguard privacy and civil liberties.
`(d) GAO Report- Not later than 1 year after the date of enactment of the National Cybersecurity and Communications Integration Center Act of 2014, the Comptroller General of the United States shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security of the House of Representatives a report on the effectiveness of the operations center.
`(e) No Right or Benefit- The provision of assistance or information to, and inclusion in the operations center of, governmental or private entities under this section shall be at the discretion of the Under Secretary appointed under section 103(a)(1)(H). The provision of certain assistance or information to, or inclusion in the operations center of, one governmental or private entity pursuant to this section shall not create a right or benefit, substantive or procedural, to similar assistance or information for any other governmental or private entity.’.
(b) Technical and Conforming Amendment- The table of contents in section 1(b) of the Homeland Security Act of 2002 (6 U.S.C. 101 note) is amended by inserting after the item relating to section 210F the following:
`Sec. 210G. Operations center.’.