Res Communis Blog RSS

Category Archives: Cyber Law

S. 1681: Intelligence Authorization Act for Fiscal Year 2014 (signed into law)

Source – The White House:

The White House
Office of the Press Secretary

For Immediate Release July 07, 2014
Statement by the Press Secretary on S. 1681

On Monday, July 7, 2014, the President signed into law:

S. 1681, the “Intelligence Authorization Act for Fiscal Year 2014,” which authorizes fiscal year 2014 appropriations for U.S. intelligence-related activities and establishes and provides other authorities concerning U.S. intelligence and counter-terrorism activities.

FacebookTwitterGoogle+TumblrLinkedInEvernoteDiggSlashdotEmailShare

H.R. 5099: To amend the National Institute of Standards and Technology Act to remove the National Security Agency from the list of the entities consulted during the development of information systems standards and guidelines

H.R. 5099: To amend the National Institute of Standards and Technology Act to remove the National Security Agency from the list of the entities consulted during the development of information systems standards and guidelines was introduced on July 14, 2014 by Alan Grayson:

H.R.5099 — To amend the National Institute of Standards and Technology Act to remove the National Security Agency from the list of the entities consulted during the development of information… (Introduced in House – IH)

HR 5099 IH

113th CONGRESS
2d Session

H. R. 5099
To amend the National Institute of Standards and Technology Act to remove the National Security Agency from the list of the entities consulted during the development of information systems standards and guidelines.

IN THE HOUSE OF REPRESENTATIVES
July 14, 2014

Mr. GRAYSON introduced the following bill; which was referred to the Committee on Science, Space, and Technology

A BILL
To amend the National Institute of Standards and Technology Act to remove the National Security Agency from the list of the entities consulted during the development of information systems standards and guidelines.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
SECTION 1. INFORMATION SYSTEMS STANDARDS CONSULTATION.

Section 20(c)(1) of the National Institute of Standards and Technology Act (15 U.S.C. 278g-3(c)(1)) is amended by striking `the National Security Agency,’.

S. 2588: Cybersecurity Information Sharing Act of 2014

S. 2588: Cybersecurity Information Sharing Act of 2014 was introduced on July 10, 2014 by Sen. Dianne Feinstein. The table of contents reads:

S.2588 — Cybersecurity Information Sharing Act of 2014 (Placed on Calendar Senate – PCS)

Beginning
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
Sec. 1. Short title; table of contents.
SEC. 2. DEFINITIONS.
SEC. 3. SHARING OF INFORMATION BY THE FEDERAL GOVERNMENT.
SEC. 4. AUTHORIZATIONS FOR PREVENTING, DETECTING, ANALYZING, AND MITIGATING CYBERSECURITY THREATS.
SEC. 5. SHARING OF CYBER THREAT INDICATORS AND COUNTERMEASURES WITH THE FEDERAL GOVERNMENT.
SEC. 6. PROTECTION FROM LIABILITY.
SEC. 7. OVERSIGHT OF GOVERNMENT ACTIVITIES.
SEC. 8. CONSTRUCTION AND PREEMPTION.
SEC. 9. REPORT ON CYBERSECURITY THREATS.
SEC. 10. CONFORMING AMENDMENTS.
July 10, 2014

State Department: Joint Statement on U.S.-Germany Cyber Bilateral Meeting

Source – US State Department:

Joint Statement on U.S.-Germany Cyber Bilateral Meeting

Media Note
Office of the Spokesperson
Washington, DC
June 27, 2014
Share
The text of the following statement was issued jointly by the Governments of the United States of America and the Government of the Federal Republic of Germany on the occasion of the US-Germany Cyber Bilateral Meeting June 26, 2014.

Begin Text:

The Governments of the United States and Germany held a Cyber Bilateral Meeting in Berlin, Germany on June 26, 2014.

This third annual U.S.-Germany Cyber Bilateral Meeting reinforced our long-standing alliance by highlighting our pre-existing collaboration on many key cyber issues over the course of the last decade and identifying additional areas for awareness and alignment. The U.S.-Germany Cyber Bilateral Meeting continued and further expanded its “whole-of-government” approach, furthering cooperation on a wide range of cyber issues and our collaborative engagement on both strategic and operational objectives.

Strategic objectives include affirming common approaches in Internet governance, Internet freedom, and international cyber security; partnering with the private sector to protect critical infrastructure; and pursuing coordination efforts on cyber capacity building in third countries. The discussions of Internet governance issues focused on continued efforts to bolster support for the multi-stakeholder model for Internet governance, particularly after the successful conclusion of the NETmundial Conference in Sao Paulo, Brazil. The United States and Germany will continue their close cooperation on these issues as the preparations for Internet Governance Forum 9 in Istanbul, Turkey are underway, and as the Internet Corporation for Assigned Names and Numbers (ICANN) is convening the multistakeholder community to develop a proposal to transition the stewardship of the Internet Assigned Numbers Authority (IANA) function from the U.S. Government.

Discussions of the Information Society issues also included the preparations for the International Telecommunication Union (ITU) Plenipotentiary Conference in Busan, Korea in October and the United Nations General Assembly’s 10 year review of the World Summit on the Information Society (WSIS) focusing on development and continued efforts to realize a global, open, inclusive Internet for all. Additional strategic objectives included expanding the Freedom Online Coalition, and the application of norms and responsible state behavior in cyberspace, particularly as the UN Group of Governmental Experts is poised to start its next effort and building on the successful 2013 consensus report affirming the applicability of international law to state behavior in cyberspace.

Operational objectives comprise bilateral cybersecurity cooperation measures such as exchanging information on cyber issues of mutual concern such as critical information infrastructure protection and identifying greater cooperation measures on detecting and mitigating cyber incidents, raising awareness, combating cybercrime, and implementing the Organization for Security Cooperation in Europe (OSCE’s) confidence-building measures to reduce risk,

The bilateral meeting took place the day before the U.S.-Germany Cyber Dialogue, a multistakeholder event organized jointly by the German Foreign Office and the U.S. Department of State and focused on big data, privacy, security, economic innovation, and international cyber cooperation. The Cyber Dialogue will be hosted by German Foreign Minister Frank-Walter Steinmeier; John Podesta, Counselor to President Obama will also provide keynote remarks. A high level panel of both German and U.S. experts will discuss big data, privacy, security, economic innovation, and international cyber cooperation. Participants from government, industry, civil society and academia will have the chance to discuss these issues and provide input for potential solutions.

The U.S.-Germany Cyber Bilateral Meeting was hosted by Ambassador Dirk Brengelmann, Commissioner for International Cyber Policy and the German delegation included representatives from the Federal Foreign Office, the Federal Ministry of the Interior, the Federal Ministry of Defense, the Federal Chancellery, the Federal Ministry for Economics and Technology, and the Federal Office for Information Security. The U.S. delegation was led by Secretary of State’s Coordinator for Cyber Issues, Christopher Painter, and included representatives from the Department of State, the Department of Commerce, the Department of Homeland Security, the Department of Justice, the Department of Defense, the National Security Council and the Office of Science and Technology Policy in the Executive Office of the President.

Coordinator Painter and Ambassador Brengelmann agreed to hold the next annual Cyber Bilateral Meeting in Washington, DC in mid-2015 again in conjunction with a multistakeholder cyber dialogue.

H.Res. 643: Calling for further defense against the People’s Republic of China’s state-sponsored cyber-enabled theft of trade secrets, including by the People’s Liberation Army

H.Res. 643: Calling for further defense against the People’s Republic of China’s state-sponsored cyber-enabled theft of trade secrets, including by the People’s Liberation Army was introduced on June 25, 2014 by Rep. Steve Chabot:

H.RES.643 — Calling for further defense against the People’s Republic of China’s state-sponsored cyber-enabled theft of trade secrets, including by the People’s Liberation Army. (Introduced in House – IH)

HRES 643 IH

113th CONGRESS
2d Session

H. RES. 643
Calling for further defense against the People’s Republic of China’s state-sponsored cyber-enabled theft of trade secrets, including by the People’s Liberation Army.

IN THE HOUSE OF REPRESENTATIVES
June 25, 2014

Mr. CHABOT (for himself, Mr. BERA of California, Mr. COHEN, Mr. COLLINS of Georgia, and Mr. CONNOLLY) submitted the following resolution; which was referred to the Committee on the Judiciary, and in addition to the Select Committee on Intelligence (Permanent Select), Armed Services, Ways and Means, and Foreign Affairs, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned

RESOLUTION
Calling for further defense against the People’s Republic of China’s state-sponsored cyber-enabled theft of trade secrets, including by the People’s Liberation Army.

Whereas the People’s Republic of China (PRC) has been labeled by the United States Office of the National Counterintelligence Executive as the world’s most active and persistent perpetrator of economic espionage;

Whereas the Permanent Select Committee on Intelligence of the House of Representatives investigated the PRC’s major telecommunications companies and concluded in a bipartisan report released October 2012 that Chinese businesses Huawei Technologies’ and ZTE Incorporated’s provision of equipment to United States critical infrastructure could undermine core United States national security interests;

Whereas in February 2013, the President issued the Administration’s Strategy on Mitigating the Theft of United States Trade Secrets and stated, `We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and economy.’;

Whereas Mandiant, a United States cybersecurity firm, reported in February 2013 that a cyber-hacking group it labels as Advanced Persistent Threat 1 (APT1) is based in the PRC and is likely government-sponsored;

Whereas Mandiant found that APT1 is known as Unit 61398 and is the 2nd Bureau of the 3rd Department of the General Staff Department of the People’s Liberation Army (PLA) under the Communist Party of China;

Whereas Mandiant warned that APT1 is only one of more than 20 Advanced Persistent Threat groups originating in the PRC;

Whereas Mandiant concluded that APT1 has conducted a cyber espionage campaign since at least 2006, whereas since that time, APT1 systematically stole hundreds of terabytes of data from at least 141 companies in 20 major industries;

Whereas Mandiant detailed that APT1 focuses on compromising organizations in a broad range of industries in English-speaking countries and maintains an extensive infrastructure of computer systems around the world;

Whereas Director of National Intelligence James Clapper reported to Congress in March 2013 that the PRC remains one of the most capable and persistent intelligence threats;

Whereas in May 2013, the Secretary of Defense reported to Congress in a report entitled `Military and Security Developments Involving the People’s Republic of China’ that in 2012, numerous computer systems around the world, including those owned by the United States Government, were targeted for intrusions, some of which were attributable directly to the Government and military of the PRC;

Whereas the Secretary of Defense asserted that these intrusions carried out by the PRC were focused on exfiltrating information through computer network exploitation (CNE) capabilities to support state-sponsored intelligence collection of United States national defense programs;

Whereas Director of National Intelligence James Clapper reported to Congress in January 2014 that China seeks to revise the multi-stakeholder model of Internet governance while continuing its expansive worldwide program of network exploitation and intellectual property theft;

Whereas Attorney General Eric Holder announced on May 19, 2014, an indictment against five hackers affiliated with the PLA for serious cyber economic espionage that victimized United States entities and stole trade secrets;

Whereas these five hackers were identified as part of Unit 61398 of the PLA;

Whereas the indictment detailed the threat from Unit 61398 of the PLA based in Shanghai in the PRC; and

Whereas this indictment was the first time charges were brought against state actors for cyber infiltration of United States commercial entities: Now, therefore, be it;

Resolved, That the House of Representatives–
(1) calls on the President to aggressively implement and coordinate the Strategy on Mitigating the Theft of United States Trade Secrets;
(2) calls on the PRC to end the practice of cyber-enabled espionage against United States firms and individuals and to cooperate in cyber security efforts with the United States;
(3) calls on the Department of Justice to continue to advance investigations into cyber espionage by actors originating in the PRC;
(4) calls on the United States Government to continue to condemn cyber-enabled espionage for the purposes of stealing intellectual property and trade secrets, pursue counter intelligence capacities, and prosecute such individuals should they enter United States territory;
(5) calls on the United States Trade Representative to estimate the loss from cyber theft, compile a list of actors that cause the most damage to United States firms by intellectual property rights theft and pursue a dispute settlement case at the World Trade Organization;
(6) calls on the United States Office of the National Counterintelligence Executive to update the unclassified report to Congress on Foreign Economic Collection and Industrial Espionage in 2009-2011 with information that includes the cyber threat from the People’s Republic of China against United States companies and critical infrastructure;
(7) calls on the Department of Defense to restrict military-to-military contacts with the PLA in compliance with United States laws, including the National Defense Authorization Act for Fiscal Year 2000 (Public Law 106-65);
(8) calls on the Federal Bureau of Investigation and the Department of Homeland Security to expand warnings to United States companies about the broad scope of tools to illicit trade secrets used by actors originating in the PRC, including cyber theft, physical trespass of the factories or other facilities of United States firms, intrusion of computers, and use of Universal Serial Bus (USB) drives, money, travel, gifts, promises of employment, and social media;
(9) calls on the Department of Defense and the Department of State to provide briefings of the United States-China cyber-security working group meetings in 2013; and
(10) calls on Federal departments and agencies to expand cooperation with allies and partners to better coordinate defense against cyber threats.

S. 2519: National Cybersecurity and Communications Integration Center Act of 2014

S. 2519: National Cybersecurity and Communications Integration Center Act of 2014 was introduced on June 25, 2014 by Sen. Thomas Carper:

S.2519 — National Cybersecurity and Communications Integration Center Act of 2014 (Introduced in Senate – IS)

S 2519 IS

113th CONGRESS
2d Session

S. 2519
To codify an existing operations center for cybersecurity.

IN THE SENATE OF THE UNITED STATES
June 24, 2014

Mr. CARPER (for himself and Mr. COBURN) introduced the following bill; which was read twice and referred to the Committee on Homeland Security and Governmental Affairs

A BILL
To codify an existing operations center for cybersecurity.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.

This Act may be cited as the `National Cybersecurity and Communications Integration Center Act of 2014′.
SEC. 2. NATIONAL CYBERSECURITY AND COMMUNICATIONS INTEGRATION CENTER.

(a) In General- Subtitle A of title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended by adding at the end the following:
`SEC. 210G. OPERATIONS CENTER.

`(a) Functions- There is in the Department an operations center, which may carry out the responsibilities of the Under Secretary appointed under section 103(a)(1)(H) with respect to security and resilience, including by–
`(1) serving as a Federal civilian information sharing interface for cybersecurity;
`(2) providing shared situational awareness to enable real-time, integrated, and operational actions across the Federal Government;
`(3) sharing cybersecurity threat, vulnerability, impact, and incident information and analysis by and among Federal, State, and local government entities and private sector entities;
`(4) coordinating cybersecurity information sharing throughout the Federal Government;
`(5) conducting analysis of cybersecurity risks and incidents;
`(6) upon request, providing timely technical assistance to Federal and non-Federal entities with respect to cybersecurity threats and attribution, vulnerability mitigation, and incident response and remediation; and
`(7) providing recommendations on security and resilience measures to Federal and non-Federal entities.
`(b) Composition- The operations center shall be composed of–
`(1) personnel or other representatives of Federal agencies, including civilian and law enforcement agencies and elements of the intelligence community, as such term is defined under section 3(4) of the National Security Act of 1947 (50 U.S.C. 3003(4)); and
`(2) representatives from State and local governments and other non-Federal entities, including–
`(A) representatives from information sharing and analysis organizations; and
`(B) private sector owners and operators of critical information systems.
`(c) Annual Report- Not later than 1 year after the date of enactment of the National Cybersecurity and Communications Integration Center Act of 2014, and every year thereafter for 3 years, the Secretary shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security of the House of Representatives a report on the operations center, which shall include–
`(1) an analysis of the performance of the operations center in carrying out the functions under subsection (a);
`(2) information on the composition of the center, including–
`(A) the number of representatives from non-Federal entities that are participating in the operations center, including the number of representatives from States, nonprofit organizations, and private sector entities, respectively; and
`(B) the number of requests from non-Federal entities to participate in the operations center and the response to such requests, including–
`(i) the average length of time to fulfill such identified requests by the Federal agency responsible for fulfilling such requests; and
`(ii) a description of any obstacles or challenges to fulfilling such requests; and
`(3) the policies and procedures established by the operations center to safeguard privacy and civil liberties.
`(d) GAO Report- Not later than 1 year after the date of enactment of the National Cybersecurity and Communications Integration Center Act of 2014, the Comptroller General of the United States shall submit to the Committee on Homeland Security and Governmental Affairs of the Senate and the Committee on Homeland Security of the House of Representatives a report on the effectiveness of the operations center.
`(e) No Right or Benefit- The provision of assistance or information to, and inclusion in the operations center of, governmental or private entities under this section shall be at the discretion of the Under Secretary appointed under section 103(a)(1)(H). The provision of certain assistance or information to, or inclusion in the operations center of, one governmental or private entity pursuant to this section shall not create a right or benefit, substantive or procedural, to similar assistance or information for any other governmental or private entity.’.
(b) Technical and Conforming Amendment- The table of contents in section 1(b) of the Homeland Security Act of 2002 (6 U.S.C. 101 note) is amended by inserting after the item relating to section 210F the following:
`Sec. 210G. Operations center.’.

S. 2473: Wireless Innovation Act of 2014

S. 2473: Wireless Innovation Act of 2014 was introduced on June 12, 2014 by Sen. Marco Rubio. The bills table of contents reads;

S.2473 — Wireless Innovation Act of 2014 (Introduced in Senate – IS)

Beginning
June 12, 2014
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
Sec. 1. Short title; table of contents.
SEC. 2. FINDINGS; STATEMENT OF POLICY.
SEC. 3. DEFINITIONS.
SEC. 4. REALLOCATION OF FEDERAL GOVERNMENT SPECTRUM.
SEC. 5. SPECTRUM PIPELINE.
SEC. 6. REALLOCATION INCENTIVE.
SEC. 7. EXPEDITING ROUTINE SECONDARY MARKET TRANSACTIONS.
SEC. 8. ANALYSIS OF SPECTRUM REQUIREMENTS.
SEC. 9. FEDERAL SPECTRUM TRANSPARENCY AND VALUE.

ITU: World Summit on the Information Society 10-year review sets vision for post-2015 development agenda

Source – ITU:

World Summit on the Information Society 10-year review sets
vision for post-2015 development agenda
WSIS+10 Outcome provides fresh priorities for global ICT ecosystem
Geneva, 12 June 2014 – More than 1600 participants including around 100 Government Ministers and leaders from international organizations, from business, civil society and academia are meeting in Geneva this week to review progress on the outcomes of the World Summit on the Information Society (WSIS) over the last ten years and to set priorities for the post-2015 development agenda.
“Information and communication technologies have long been recognized as key enablers for bridging the digital divide and achieving the three dimensions of sustainable development: economic growth, environmental balance and social inclusion,” said Mr Ban Ki-moon, Secretary-General of the United Nations. “We must do everything in our power to increase access to ICTs and broadband connectivity across the world, including reaching people in remote areas, land-locked countries, small island developing states and the least developed countries. This will empower millions of people and enable us to meet our development goals in the post-2015 era.”
With the rapid development of information and communication technologies (ICT) and the mainstreaming of ICTs into everyday life, the link between these technologies and human development has become increasingly important. It has therefore become necessary to consider the development of an inclusive information society in the broader context of the post-2015 development agenda, and this has been outlined in the WSIS+10 Vision for WSIS Beyond 2015 document, which will be endorsed today.
“The WSIS+10 Outcome Documents will provide a set of fresh priorities for joint action oriented towards the further development of the global ICT ecosystem, while focusing on the power of ICTs in facilitating development,” noted ITU Secretary-General Hamadoun I. Touré at a Press conference today. “We are now paving the way for ICTs to contribute productively in achieving the objectives of the post-2015 sustainable development agenda.”
The need to protect and reinforce human rights, both online and offline, and expanding access to ICTs to all, particularly to vulnerable and marginalized people has been emphasized along with the development and availability of simplified devices to facilitate digital inclusion.
Capacity building to keep pace with advancing technology, multilingualism in the use of ICTs, preserving cultural heritage in the digital age and addressing environmental challenges with green ICTs are considered priorities along with promoting a digital economy and e-commerce.
Governments are encouraged to implement appropriate national strategies and policies for the advancement of ICTs as enablers for social and economic development and to facilitate enabling regulatory, legal and investment environments to facilitate ICT for Development.
Building confidence and security in the use of ICTs, notably to protect personal data and privacy and to strengthen the security and robustness of networks has been emphasized along with enhancing national and regional capacity to address cybersecurity challenges by encouraging a culture of responsibility and joint efforts of all involved parties. Further strengthening cooperation between all stakeholders at the national, regional and international levels is required, the WSIS+10 Vision document notes.
The WSIS+10 Statement on Implementation of WSIS Outcomes reviews progress over the past ten years. The Statement reaffirmed the importance of ICTs in the further development of the information society, stimulating innovations, empowering different groups of people in developed and developing countries, providing access to information, and fostering economic and social growth. It invites UN system organizations and stakeholders to take full advantage of ICTs in addressing the development challenges of the 21st century and to recognize them as cross-cutting enablers for achieving the three pillars of sustainable development: economic growth, environmental balance and social inclusion.
The Final WSIS Targets Review was launched on 10 June indicating significant progress in ICT use, access and infrastructure development but with mixed results in bridging the digital divide.
The WSIS Stocktaking Report 2014 draws attention to key achievements by different stakeholders worldwide. WSIS Success Stories provides a key reference point to WSIS projects which were awarded the 2014 WSIS Project Prizes.
Editor’s Note:
The World Summit on the Information Society was held in two phases, in Geneva in 2003 and in Tunis in 2005. The WSIS+10 High-level Event has been coordinated and organized by ITU, and co-organized by ITU, UNESCO, UNCTAD, and UNDP.
UN Agencies FAO, ILO, ITC, UNDESA, UNODC, UPU, UN Women, WMO, WHO, WFP, WIPO and the UN Regional Commissions also played a key facilitating role. The WSIS High-level Event was supported by governments and the private sector, including the United Arab Emirates and Intel (as Strategic partners) as well as Japan, Kuwait, Mexico, Oman, Poland, Qatar, Rwanda, Saudi Arabia and Switzerland along with Côte d’Ivoire, Tunisia, IFIP, ISOC, and ICANN.