Hill Tech Happenings, Week of May 31

UPDATE (June 1) – The House Oversight and Government Reform Committee hearing scheduled for June 1 has been postponed.

While the Senate is not in session this week, the House is.

June 1

Hearing:

House Oversight and Government Reform Committee will hold a hearing on cybersecurity.
9:30 a.m., 2154 Rayburn Building

The Intellectual Property, Competition and the Internet Subcommittee of the House Judiciary Committee will hold a hearing on online commerce and intellectual property.
1:30 2:00 p.m., 2141 Rayburn Building

June 2

Hearing:

The Commerce, Manufacturing and Trade Subcommittee of the House Energy and Commerce Committee will hold a hearing on the Sony and Epsilon data breaches.
9 a.m., 2123 Rayburn Building

Hill Tech Happenings, Week of May 23

May 23

Hearing:

The Senate Homeland Security and Government Affairs Committee will hold a hearing on the Administration’s cybersecurity proposal.
10:30 a.m., 342 Dirksen Building

May 25

Hearing:

The Intellectual Property, Competition and the Internet Subcommittee and the Crime, Terrorism and Homeland Security Subcommittee of the House Judiciary Committee will hold a joint hearing on cybersecurity
10 a.m., 2141 Rayburn Building

The Subcommittee on National Security, Homeland Defense and Foreign Operations of the House Oversight and Government Reform Committee will hold a hearing on cybersecurity threat assessment.
1:30 p.m., 2154 Rayburn Building
Continue reading “Hill Tech Happenings, Week of May 23”

Hill Tech Happenings, Week of May 16

May 19

Meeting:
The President’s Council of Advisors on Science and Technology will meet. The meeting will be webcast.
9 a.m., Marriott Metro Center, 775 12th Street NW

Hearing:
The Senate Commerce, Science and Transportation Committee will hold a hearing on consumer protection and privacy in mobile devices.
10 a.m., 253 Russell Building

Meeting:
The Department of Homeland Security’s Data Privacy and Integrity Advisory Committee will meet via teleconference. Open to the public, but the number of lines is limited.
11 a.m.

Has the Cybersecurity Logjam Broke?

Congress has been making noise about passing comprehensive cybersecurity legislation for most of the last two years, prompted in part by the Obama Administration’s cyberspace policy review in 2009. Nearly two years later, the Administration has released a legislative proposal in cybersecurity that may help push legislation further along. Depending on how you count, there are nearly 50 different measures pending in Congress dealing with some aspect of cybersecurity, so a push should help.

The full Administration proposal is available online, as well as section-by-section analysis and a fact sheet. You can also look at specific parts of the proposal (see the May 12, 2011 entries), which are listed below:

  • Changes in criminal penalties for several computer-related or computer-enabled offenses
  • Data Breach Notification requirements
  • Codifies Department of Homeland Security responsibilities for civilian cybersecurity
  • Sets cybersecurity requirements for critical infrastructure systems
  • Updates the Federal Information Security Management Act
  • Some of these topics have been covered in current cybersecurity legislation or bills that were introduced in previous sessions of Congress. So in many cases, there isn’t a disagreement on whether or not a certain law is necessary, but there may be disagreement on exactly how that law should be written. And while the Administration has introduced this legislation in one large package, there is no way of knowing exactly how the package will be handled in Congress. The Senate has a placeholder bill ready to handle a single cybersecurity bill, but it’s just as possible that Congress will seek to move quickly on those bills that already have broad support ahead of new proposals or other proposals that still require negotiation.

    Sony-Prompted Hearing Features Testimony from USACM Chair

    Prompted by the massive data breaches of Sony’s networks, the Subcommittee on Commerce, Manufacturing and Trade of the House Energy and Commerce Committee held a hearing May 3 on data theft and its effects on consumers. One of the witnesses was USACM Chair Eugene Spafford. The committee has a webpage on the hearing, which includes links to an archived webcast and the written testimony of all four witnesses. You can also read Dr. Spafford’s testimony and the USACM press release covering it.

    While Sony and Epsilon (an email marketing company that recently suffered its own data breach) were invited to testify, they declined to appear. This presented an excellent political opportunity for the members of Congress at the hearing, and the subcommittee chair suggested in press reports she may again invite Sony to testify. The witnesses that attended were from two government agencies heavily involved in data breach prevention and investigation – the Federal Trade Commission and the Secret Service, and legal and technical experts that provided useful context to both the recent data breaches, and the longer-term problems in this area (publicly reported data breaches have affected at least 600 million records since 2005).

    The Energy and Commerce Committee has worked on data privacy and data breach legislation in the past, and may try to use the recent breaches to push their legislation further through Congress than they have been able to before. The witnesses all supported some form of data privacy legislation to address not only data breaches and notification, but also effective information security practices. The large majority of these breaches could be mitigated by better implementation of best practices in this area. Many of the questions and answers reflected the long work of this committee in the area, though their questions suggested that companies have not been effective in communicating why they may not be able to immediately notify consumers in the event of a breach.

    USACM Chair to Testify on Data Breaches

    Prompted by the recent data breaches of the PlayStation Network and the email marketing company Epsilon, the Commerce, Manufacturing and Trade Subcommittee of the House Energy and Commerce Committee will hold a hearing this Wednesday, May 4, on data breaches. They have invited USACM Chair Eugene Spafford to testify. His testimony will focus on the technical aspects of holding and managing consumer data securely, and the threats against such information. The hearing will be available online, via the House Energy and Commerce Committee website. A link should be available by the time of the hearing, 9:30 a.m. Eastern on Wednesday. While the Subcommittee has inquired with both Sony (the manufacturer of PlayStation) and Epsilon about their breaches, they are currently not going to attend Wednesdays hearing.

    Hill Tech Happenings, Week of May 2

    May 3

    Hearing:

    The House Oversight and Government Reform Committee will hold a hearing on updating the Presidential Records Act to better handle electronic records.
    9:30 a.m., 2154 Rayburn Building

    May 4

    Hearing:

    The Subcommittee on Commerce, Manufacturing, and Trade of the House Energy and Commerce Committee will hold a hearing on the threat of data thefts to American consumers. Recent Playstation and Epsilon breaches are likely to be a focus of the hearing.
    9:30 a.m., 2322 Rayburn Building

    The Subcommittee on Intellectual Property, Competition and the Internet of the House Judiciary Committee will hold a hearing on Internet domain name oversight.
    10 a.m., 2141 Rayburn Building

    May 5

    Hearing:

    The Senate Energy and Natural Resources Committee will hold a hearing on the economic impact of cyber attacks. The hearing will focus on a discussion draft of cybersecurity legislation focused on the power and electricity infrastructure.
    9:30 a.m., 366 Dirksen Building

    The Subcommittee on Intellectual Property, Competition and the Internet of the House Judiciary Committee will hold a hearing on Internet competition.
    10 a.m., 2141 Rayburn Building