7/26. The Senate passed a motion to invoke cloture on the motion to proceed to S 3414 [LOC | WW | PDF], the "Cybersecurity Act of 2012", or "CSA", by a vote of 84-11. See, Roll Call No. 185.

Sen. Joe Lieberman (D-CT), Sen. Susan Collins (R-ME), Sen. Jay Rockefeller (D-WV), Sen. Dianne Feinstein (D-CA), and Sen. Tom Carper (D-DE) introduced S 3414 on July 19, 2012. It is a revised version of S 2105 [LOC | WW], also titled the "Cybersecurity Act of 2012", which introduced Sen. Lieberman, Sen. Collins, Sen. Rockefeller, Sen. Feinstein, and Sen. Sheldon Whitehouse (D-RI) introduced on February 14, 2012.

CISPA. The House passed a different cyber security bill on April 26, 2012. It is HR 3523 [LOC | WW], the "Cyber Intelligence Sharing and Protection Act of 2011" or "CISPA". It is a limited bill, directed at incenting cyber threat information sharing, in part by providing immunities. CISPA would not provide for the establishment of government enforced cyber security standards, as would the CSA.

For more on the CISPA, see:

• story titled "House Passes CISPA" and story titled "Amendment by Amendment Summary of House Consideration of CISPA" in TLJ Daily E-Mail Alert No. 2,380, April 25, 2012.
• stories titled "Sponsors Agree to Some Amendments to CISPA", "Obama EOP Opposes CISPA" and "Rep. Lofgren Announces Key Concerns with CISPA" in TLJ Daily E-Mail Alert No. 2,379, April 24, 2012.
• stories titled "House to Consider CISPA on April 26-27" and "Advocates of Limited Government Request Changes to CISPA" in TLJ Daily E-Mail Alert No. 2,377, April 21, 2012.
• story titled "House Committees to Mark Up Cyber Security Bills" in TLJ Daily E-Mail Alert No. 2,373, April 17, 2012.
• stories titled "Update on CISPA and Related Bills" and "Anonymous Launches DDOS Attack on Supporters of CISPA" in TLJ Daily E-Mail Alert No. 2,367, April 10, 2012.
• story titled "Representatives Introduce Cyber Threat Information Sharing Bill" in TLJ Daily E-Mail Alert No. 2,316, November 30, 2011.

Legislative Process. If the Senate does pass this bill before its August recess, it will have bypassed the committee system. There will have been no hearing in any committee on either S 2105 or S 3414. Nor will there have been any committee mark up.

S 3414 has not yet been assigned to any committee. S 2105 was assigned to the Senate Homeland Security and Governmental Affairs Committee (SHSGAC).

S 3414 contains matters that fall with the jurisdiction of the SHSGAC. However, since it also addresses Title 18 (crimes and surveillance), Title 50 (intelligence), and Title 15 (commerce), it also falls within the jurisdictions of the Senate Judiciary Committee (SJC), Senate Intelligence Committee (SIC), and Senate Commerce Committee (SCC).

The SCC will meet in executive session on Tuesday, July 31 at 2:30 PM to mark up numerous bills. However, the agenda does not include S 3414 or any other cyber security bill. The SJC will hold an executive business meeting on Thursday, August 2. The agenda does not include any cyber security bill. The SIC will also meet, but it does not disclose its agendas.

Sen. Lieberman, the sponsor, and Sen. Harry Reid (D-NV), the Senate majority leader, are trying to pass a 214 page bill less than two weeks after its introduction. The public and affected companies may not have sufficient time to understand the bill and communicate their views to Senators. Many Senators may vote on a bill which they have not had sufficient time to study and understand.

Highlights of S 3414. S 3414 is a huge bill. It provides for cyber security standards and enforcement. It provides incentives for information sharing, by authorizing sharing cyber security information, by providing limitations on liability, and by preempting state law. It addresses cyber security at federal agencies. It provides for federal cyber security research and development. It also pertains to education and training of cyber security workers.

See also, sponsors' July 19 summary [11 pages in PDF], and July 26 letter [4 pages in PDF] to other Senators explaining the bill.

It also has attributes of hastily drafted, unrevised legislation. The drafters appear to have attempted to include language to appease entities and groups with conflicting interests. And, as a consequence, it is sometimes vague, incomplete, or contradictory.

For example, the word "voluntary" appears 25 times in S 3414, mostly in the title on standards, but also in the title on information sharing. The bill often employs the term in a manner that is inconsistent with its common meaning in the English language, but that is consistent with its ironic use by regulators at agencies such as the FCC. On the one hand, the title on standards describes itself as a voluntary partnership between industry and government. On the other hand, it provides that standards will be imposed and enforced. This title lacks clarity regarding the extent of government authority. If this bill were enacted, much would depend upon the fiat of agencies in interpreting and implementing the bill.

As another example, the language limiting liability for doing things "authorized" by the bill, such as sharing "lawfully obtained" information, does not necessarily put entities on notice as to when the limitations of liability would apply. What is authorized by the bill is not always clear. Moreover, this section is littered with terms such as "reasonable", "good faith", and "negligence".

S 3414 [LOC | WW | PDF], the "Cybersecurity Act of 2012", or "CSA", introduced on July 19, 2012, is too long and complex to summarize in a story. Nevertheless, the following touches on some of the more important provisions.

Federal Cyber Security Standards. Title I of the CSA is titled "Public-Private Partnership to Protect Critical Infrastructure". This is the standards section. It provides for a less regulatory system than the first version of the CSA, S 2105 [LOC | WW]

First, it creates a National Cybersecurity Council, comprised of government officials from numerous federal agencies, including the Department of Justice (DOJ) and intelligence agencies.

This bill requires the Council to designate (the bill uses the word "identify") "categories of critical cyber infrastructure", "categories of critical cyber infrastructure within each sector of critical infrastructure", and "owners of critical infrastructure within each category of critical cyber infrastructure".

These government designations are key. If a company or category of cyber infrastructure is so designed, it is subject to the standards regime.

The bill also requires the Council to "conduct sector-by-sector risk assessments".

The bill provides for "private sector coordinating councils" (PSCC), which would be "comprised of representatives of owners and operators within a particular sector of critical infrastructure established by the National Infrastructure Protection Plan". The bill does not say if the government would appoint its members.

The bill mandates that these PSCCs write "voluntary" cyber security "standards". Moreover, if a PSCC does not draft such standards with 180 days, the Council "shall adopt" standards.

And then, "A Federal agency with responsibilities for regulating the security of critical infrastructure may adopt the cybersecurity practices as mandatory requirements".

Next, the bill provides that the Council "shall establish the Voluntary Cybersecurity Program for Critical Infrastructure". Under this program, the government provides certification to an "owner of critical cyber infrastructure or an owner of critical infrastructure". To be so certified, such owner must, among other things, must comply the the above referenced cyber security standards.

If, and only if, such an owner is certified, then:

(1) it qualifies for immunity from punitive damages in a civil action based upon "an incident related to a cyber risk" identified in the above referenced risk assessments.
(2) the government will provide it with "relevant real-time cyber threat information".
(3) it receives "receive prioritized technical assistance"

Title II of the bill pertains to cyber security at federal agencies, and amends the FISMA.

Title III pertains to federal cyber security research and development.

Title IV pertains to education and training of cyber security workers. It also requires numerous government reports. It also further expands the mission of the Securities and Exchange Commission (SEC) and federal securities regulation, from protecting the integrity of markets for publicly traded securities, to requiring further disclosures about cyber security.

Title V requires that the government maintain a federal acquisition risk management strategy, to protect against threats in the federal government's information technology supply chain. This strategy must also address protection of the intellectual property and trade secrets of suppliers.

Title VI pertains to international cooperation.

Title VII addresses information sharing.

Authority to Monitor and Share Information. First, Section 701 of the bill would enables monitoring and surveillance by companies.

It states, "Notwithstanding chapter 119, 121, or 206 of title 18, United States Code, the Foreign Intelligence Surveillance Act of 1978 (50 U.S.C. 1801 et seq.), and sections 222 and 705 of the Communications Act of 1934 (47 U.S.C. 222 and 605), any private entity may ... monitor its information systems and information that is stored on, processed by, or transiting such information systems for" cyber security purposes enumerated in the bill. (Parentheses in original.)

Chapter 119 pertains to intercepts, and contains the general ban on warrantless wiretaps. Chapter 121 is the Stored Communications Act.

Next, Section 702 of the bill would allow companies to share cyber security threat information. Section 703 would create "cybersecurity exchanges to receive and distribute cybersecurity threat" information. And, Section 704 would allow companies to give cyber security threat information to these cyber security exchanges.

Information given to an exchange would be exempt from production under the Freedom of Information Act.

Such information could be used, not only for cyber security purposes, but also for certain law enforcement purposes other than cyber crime.

Section 705 specifies which entities would be entitled to receive classified cyber security threat information.

Limitations on Liability. Section 706 contains the critical language for incenting monitoring and sharing of information by companies, by limiting various types of actions.

First, it provides that "No civil or criminal cause of action shall lie or be maintained in any Federal or State court against any entity acting as authorized by this title, and any such action shall be dismissed promptly for activities authorized by this title consisting of ... the cybersecurity monitoring activities authorized" by this bill, or "the voluntary disclosure of a lawfully obtained cybersecurity threat" information under circumstances enumerated by the bill.

Second, this section provides that federal regulatory agencies cannot use cyber security threat information "as evidence in a regulatory enforcement action against the entity that lawfully shared" it with a cybersecurity exchange.

Third, "No civil or criminal cause of action shall lie or be maintained in any Federal or State court against any entity, and any such action shall be dismissed promptly, for a failure to disclose a cybersecurity threat" information, if either the DOJ determines that disclosure would "impede a civil or criminal investigation", or the DOJ, DHS or DNI determines that disclosure would "would threaten national or homeland security".

Fourth, "No civil or criminal cause of action shall lie or be maintained in any Federal or State court against any private entity, or any officer, employee, or agent of such an entity, and any such action shall be dismissed promptly, for the reasonable failure to act on information received under this title."

Fifth, "Compliance with lawful restrictions placed on the disclosure or use of cybersecurity threat indicators is a complete defense to any tort or breach of contract claim originating in a failure to disclose cybersecurity threat indicators to a third party."

But, "Any person who, knowingly or acting in gross negligence, violates a provision of this title or a regulation promulgated under this title shall ... not receive the protections of this title" and "be subject to any criminal or civil cause of action that may arise under any other State or Federal law prohibiting the conduct in question".

Preemption. Section 707 provides for federal preemption of state law. "This title supersedes any law or requirement of a State or political subdivision of a State that restricts or otherwise expressly regulates the provision of cybersecurity services or the acquisition, interception, retention, use or disclosure of communications, records, or other information by private entities to the extent such law contains requirements inconsistent with this title."

So, for example, the bill provides that companies could violate state wiretap and intercept laws in fulfilling requirements of this bill, such as complying with cyber security standards.

7/23. Sen. John McCain (R-AZ) spoke in the Senate on July 23 regarding the "Fiscal Year 2013 National Defense Authorization Act" or "NDAA", and S 3414 [LOC | WW | PDF], the "Cybersecurity Act of 2012", or "CSA".

He said that the CSA is a "controversial and flawed bill on cybersecurity" that has "languished for over five months at the Homeland Security and Government Affairs Committee, with no committee markup or normal committee process". See, transcript.

Sen. McCain (at right) continued that "Based on the procedures the Senate has been following over the past few years -- with little or no opportunity for debate and amendments -- the Majority Leader apparently intends to rush through the Senate a flawed piece of legislation. The cybersecurity bill that he intends to call up later this week is greatly in need of improvement, both in the area of information-sharing among all Federal agencies and the appropriate approach to ensuring critical infrastructure protection."

He added that "Without significant amendment, the current bill the Majority Leader intends to push through the Senate has zero chance of passing in the House or ever being signed into law."

The House passed HR 3523 [LOC | WW], the "Cyber Intelligence Sharing and Protection Act of 2011" or "CISPA", in April. It is an information sharing bill, but not a standards bill. It passed by a vote of 248-168. Voting correlated with party affiliation. Republicans voted 206-28. Democrats voted 42-140.

In contrast, S 3414 is a standards bill. It also has information sharing provisions, but the incentives are not as strong as in the House bill.

Sen. McCain concluded that "When there are less than 27 days of possible legislative session before the election recess, I find it difficult to understand why the Majority Leader would be willing to tie up the Senate's time on this flawed bill."

He argued that the Senate should instead take up the NDAA.

Sen. McCain also has his own cyber security bill, S 2151 [LOC | WW, the "Secure IT Act", introduced on March 1, 2012. It provides for more information sharing, and greater incentives to share information, than S 3414. It also has provisions pertaining to cyber security research and development. It would not impose standards.

7/19. The Wall Street Journal (WSJ) published a vaguely worded opinion piece by President Obama titled "Taking the Cyberattack Threat Seriously".

Obama stated that "Congress must pass comprehensive cybersecurity legislation". He did not specifically reference S 3414 [LOC | WW | PDF], the "Cybersecurity Act of 2012", or "CSA", which the Senate may take up before the August recess.

He said that "We need to make it easier for the government to share threat information so critical-infrastructure companies are better prepared. We need to make it easier for these companies—with reasonable liability protection -- to share data and information with government when they're attacked. And we need to make it easier for government, if asked, to help these companies prevent and recover from attacks."

"Yet simply sharing more information is not enough", wrote the President. There also need to be "cybersecurity standards".

He continued that "Cybersecurity standards would be developed in partnership between government and industry. For the majority of critical infrastructure companies already meeting these standards, nothing more would be expected. Companies needing to upgrade their security would have the flexibility to decide how best to do so using the wide range of innovative products and services available in the marketplace. Moreover, our approach protects the privacy and civil liberties of the American people. Indeed, I will veto any bill that lacks strong privacy and civil-liberties protections."

He concluded, "I urge the Senate to pass the Cybersecurity Act of 2012 and Congress to send me comprehensive legislation so I can sign it into law."

The House will meet at 2:00 PM in pro forma session only. See, Rep. Cantor's schedule for the week.

The Senate will meet at 2:00 PM. The Senate will consider the nomination of Robert Bacharach to be a Judge of the U.S. Court of Appeals (10thCir). The schedule for the week may include consideration of S 3414 [LOC | WW], the "Cybersecurity Act of 2012".

Deadline to submit comments to the National Institute of Standards and Technology's (NIST) Computer Security Division (CSD) regarding its its draft SP 800-130 [112 pages in PDF] titled "A Framework for Designing Cryptographic Key Management Systems".

Deadline to submit reply comments to the Federal Communications Commission (FCC) in response to its Public Notice [MS Word], DA 12-818, regarding the privacy and data security practices of mobile wireless services providers with respect to customer information stored on their users' mobile communications devices. See also, notice in the Federal Register, Vol. 77, No. 114, Wednesday, June 13, 2012, at Pages 35336-35338.

The House will meet at 12:00 NOON for morning hour, and at 2:00 PM for legislative business. The House will consider numerous items under suspension of the rules, including HR 3120 [LOC | WW], the "Student Visa Reform Act", HR 6029 [LOC | WW], the "Foreign and Economic Espionage Penalty Enhancement Act of 2012", HR 6063 [LOC | WW], the "Child Protection Act of 2012", and HR 4362 [LOC | WW], the "STOP Identity Theft Act of 2012". Votes will be postponed until 6:30 PM. See, Rep. Cantor's schedule for the week.

10:00 AM. The Senate Homeland Security and Governmental Affairs Committee's (SHSGAC) Subcommittee on Oversight of Government Management will hold a hearing titled "State of Federal Privacy and Data Security Law: Lagging Behind the Times?". The witnesses will be Mary Ellen Callahan (DHS Chief Privacy Officer), Greg Long (Federal Retirement Thrift Investment Board), Greg Wilshusen (Government Accountability Office), Peter Swire (Ohio State University law school), Chris Calabrese (ACLU), and Paul Rosenzweig (Heritage Foundation). See, notice. Location: Room 628, Dirksen Building.

DATE AND TIME CHANGE. 12:00 NOON - 1:30 PM. The Information Technology and Innovation Foundation (ITIF) will host a panel discussion titled "Powering the Mobile Revolution: Principles of Spectrum Allocation". The speakers will be Richard Bennett (ITIF), Christopher McCabe (CTIA), Morgan Reed (Association for Competitive Technology), John Liebovitz (FCC), David Redl (House Commerce Committee staff) and Thomas Power (OSTP). See, notice. Location: Room B-318, Rayburn Building.

2:30 PM. The Senate Commerce Committee (SCC) will meet in executive session. The agenda includes consideration of S 3410 [LOC | WW], a bill to extend the "Undertaking Spam, Spyware, And Fraud Enforcement with Enforcers beyond Borders Act of 2006", which is also known as the "SAFE WEB Act". The agenda also includes consideration of the nomination of Patricia Falcone to be Associate Director of the Executive Office of the President's (EOP) Office of Science and Technology Policy (OSTP). See, notice. Location: Room 253, Russell Building.

2:30 PM. The Senate Intelligence Committee (SIC) will hold a closed hearing on undisclosed matters. See, notice. Location: Room 219, Hart Building.

4:00 PM. The House Commerce Committee (HCC) will begin its mark up of four bills, including HR 6131 [LOC | WW], a bill to extend the "Undertaking Spam, Spyware, And Fraud Enforcement With Enforcers Beyond Borders Act of 2006" or "SAFE WEB Act". The HCC will hear opening statements of members on July 31. See, notice. Location: Room 2123, Rayburn Building.

The House will meet at 10:00 AM for morning hour and at 2:00 PM for legislative business. See, Rep. Cantor's schedule for the week.

9:30 AM. Two Subcommittees of the House Ways and Means Committee (HWMC) will hold a hearing on removing social security numbers from Medicare cards. See, notice. Location: Room 1100, Longworth Building.

10:00 AM. The House Commerce Committee (HCC) will meet to mark four bills. The fourth item on the agenda is HR 6131 [LOC | WW], a bill to extend the "Undertaking Spam, Spyware, And Fraud Enforcement With Enforcers Beyond Borders Act of 2006" or "SAFE WEB Act". See, notice. Location: Room 2123, Rayburn Building.

10:00 AM. The House Judiciary Committee (HJC) will meet to mark up numerous bills. The first item on the agenda is HR 6215 [LOC | WW], an untitled bill to amend the Trademark Act regarding remedies for dilution. See, notice. Location: Room 2141, Rayburn Building.

10:00 AM - 12:00 NOON. The House Science Committee's (HSC) Subcommittee on Research and Science Education will hold a hearing titled "The Relationship Between Business and Research Universities: Collaborations Fueling American Innovation and Job Creation". The witnesses will be William Green (Accenture), Ray Johnson (Lockheed Martin Corporation), John Hickman (Deere and Company), and Jilda Garton (Georgia Tech Research Corporation). The HSC will webcast this event. See, notice. Location: Room 2318, Rayburn Building.

2:30 PM. The House Judiciary Committee's (HJC) Subcommittee on Intellectual Property, Competition and the Internet will hold a hearing on HR 3889 [LOC | WW], the "Promoting Automotive Repair, Trade, and Sales Act", or "PARTS Act". This bill, sponsored by Rep. Darrell Issa (R-CA) and Rep. Zoe Lofgren (D-CA), would amend the Patent Act to provide an exemption from infringement for certain component parts of motor vehicles. See, notice. Location: Room 2141, Rayburn Building.

2:30 PM. The Senate Commerce Committee (SCC) will hold a hearing on legislation that would give states authority to impose and collect sales taxes from distant internet sellers. See, notice. Location: Room 253, Russell Building.

The House will meet at 10:00 AM for morning hour and at 2:00 PM for legislative business. See, Rep. Cantor's schedule for the week.

9:30 - 11:00 AM. Sen. Rand Paul (R-KY) will give a speech titled "Will the Real Internet Freedom Please Stand Up". See, notice. Location: Heritage Foundation, 214 Massachusetts Ave., NE.

10:00 AM. The Senate Judiciary Committee (SJC) will hold an executive business meeting. The agenda again includes consideration of S 225 [LOC | WW], the "Access to Information About Missing Children Act of 2011". The agenda also again includes consideration of three U.S. District Court nominees: Jon Tigar (USDC/NDCal), William Orrick (USDC/NDCal), and Thomas Durkin (USDC/NDIll). The SJC will webcast this event. Location: Room 226, Dirksen Building.

1:00 - 2:30 PM. The Information Technology and Innovation Foundation (ITIF) will host a panel discussion titled "New Age of Discovery: Government’s Role in Transformative Innovation". The speakers will include former Rep. Bart Gordon (D-TN), Kathleen Kingscott (IBM), Eric Toone (ARPA-E), and Arun Majumdar (ARPA-E). See, notice. Location: ITIF/ITIC, Suite 610A, 1101 K St., NW.

2:30 PM. The Senate Intelligence Committee (SIC) will hold a closed hearing on undisclosed matters. See, notice. Location: Room 219, Hart Building.

The House will meet at 9:00 AM for legislative business. See, Rep. Cantor's schedule for the week.

The House will not meet on the weeks of Monday, August 6, through Friday, August 10, Monday, August 13, through Friday, August 17, Monday, August 20, through Friday, August 24, Monday, August 27, through Friday, August 31, or Monday, September 3, through Friday, August 7.

The Senate will not meet on the weeks of Monday, August 6, through Friday, August 10, Monday, August 13, through Friday, August 17, Monday, August 20, through Friday, August 24, Monday, August 27, through Friday, August 31, or Monday, September 3, through Friday, August 7.

10:00 AM. The U.S. Court of Appeals (FedCir) will hear oral argument in Accenture Global Services v. Guidewire Software, App. Ct. No. 2011-1486, an appeal from the U.S. District Court (NDCal) in a patent infringement case. Location: Courtroom 201.

Deadline to submit reply comments to the Federal Communications Commission (FCC) in response to its Further Notice of Proposed Rulemaking (NPRM) [182 pages in PDF] regarding its collection of universal service taxes. The FCC adopted this item on April 27, 2012, and released the text on April 30. It is FCC 12-46 in WC Docket Nos. 06-122 and GN Docket No. 09-51. See, notice in the Federal Register, Vol. 77, No. 110, Thursday, June 7, 2012, at Pages 33896-33944.

Deadline to submit reply comments to the Federal Communications Commission (FCC) in response to its Notice of Proposed Rulemaking (NPRM) [22 pages in PDF] regarding creating a Do-Not-Call registry for public safety answering points (PSAPs). The FCC adopted this item on May 21, 2012, and released the text on May 22. It is FCC 12-56 in CG Docket No. 12-129. See, notice in the Federal Register, Vol. 77, No. 120, Thursday, June 21, 2012, Pages 37362-37367.

7/27. Sen. Joe Lieberman (D-CT) and others introduced S 3414 [LOC | WW | PDF], the "Cybersecurity Act of 2012", or "CSA" on July 19, 2012. It is 214 pages long, but some groups and companies have been involved in negotiatioins, and/or studied the bill, and offered comments.

Leslie Harris, head of the Center for Democracy and Technology (CDT) stated in a July 19 release that "The amendments address key civil liberties concerns that have dogged the cybersecurity debate. In terms of privacy, these changes make the Lieberman-Collins bill far superior to both the McCain bill and the House-passed CISPA".

The CDT's Greg Nojeim added that "The amendments advance the principle that information shared for cybersecurity reasons should be used for cybersecurity reasons, and not other unrelated governmental goals ... While more work needs to be done on the Senate floor to secure CDT’s support for this legislation, these changes are very important to privacy on the Internet."

Microsoft's Fred Humphries stated in a release on July 26 that "Microsoft believes S. 3414 provides an appropriate framework to improve the security of government and critical infrastructure systems to address current threats. The framework is flexible enough to permit future improvements to security -- an important point since cyber threats evolve over time. The current bill as it stands seeks to advance these priorities and we continue to work to help ensure that any legislation is optimized to meet cybersecurity challenges while protecting civil liberties and privacy."

Cisco Systems' Blair Christie and Oracle's Kenneth Glueck wrote in a joint letter dated July 26 that "cybersecurity must be driven by an IT industry that is free to drive innovation and security and maintain world leadership in the creation of secure systems" and that legislation should maintain and protect "industry's ability and opportunity to drive innovation and security in technologies across global networks".

They continued that the provisions in S 3414 "regarding the designation of critical cyber infrastructure, the specifics of cybersecurity practices, and the treatment of the security of the supply chain demonstrate your continued recognition of these core principles, and we support them."

They added, "We also note the shift toward a voluntary framework for critical cyber infrastructure in the new bill, and commend and support the great strides you have made toward that goal".

The Information Technology Industry Council's (ITIC) Dean Garfield stated in a release on July 26 that S 3414 "represents substantial progress toward better cybersecurity protections for the United States", but "Additional work is needed to improve the voluntary performance requirements, provide effective liability coverage, and facilitate timely, actionable information sharing."

The Telecommunications Industry Association (TIA) released a report on July 25 titled "Securing the Network: Cybersecurity Recommendations for Critical Infrastructure and the Global Supply Chain". It states that "a mandatory regulatory regime for critical infrastructure would not serve the nation's cybersecurity needs well."

It explains that "industry's primary concern ... is that imposing rigid regulatory requirements -- requirements that by their nature will be unable to keep up with rapidly evolving technologies and threats -- would require industry to focus on obsolete security requirements rather than facing the actual threat at hand, effectively making systems less secure. Instead, the key to improving the cybersecurity of critical infrastructure is to strengthen the broader cyber ecosystem that enables rapid information sharing, enhances public private partnerships, and provides sufficient investment to address current and emerging threats."

7/27. The Federal Communications Commission (FCC) released an agenda for its event on August 3 titled "Open Meeting". The FCC is scheduled to adopt a Notice of Proposed Rulemaking (NPRM) regarding amending the FCC's cable television technical and operational rules. Second, the FCC is scheduled to adopt a Second Report and Order, Second Further NPRM, Second Notice of Inquiry, Order on Reconsideration, and Memorandum Opinion and Order regarding Part 101 of the FCC's rules, which pertain to fixed microwave services. The FCC agenda states that this is intended to "to reduce operational costs and facilitate the use of wireless backhaul in rural areas". This meeting will be held at, or about, 10:30 AM, on Friday, August 3, 2012, in the FCC's Commission Meeting Room, 445 12th St., SW.

7/23. Federal Reserve Board (FRB) Governor Sarah Raskin gave a speech in Boulder, Colorado. She stated that "technology is revolutionizing banking". She added that "Going back to the automated teller machine and continuing through telephone banking, internet banking, and now mobile banking, the banking industry has strived to deploy technology to be more cost-efficient while meeting customer needs."

Tech Law Journal publishes a free access web site and a subscription e-mail alert. The basic rate for a subscription to the TLJ Daily E-Mail Alert is $250 per year for a single recipient. There are discounts for subscribers with multiple recipients.

Free one month trial subscriptions are available. Also, free subscriptions are available for federal elected officials, and employees of the Congress, courts, and executive branch. The TLJ web site is free access. However, copies of the TLJ Daily E-Mail Alert are not published in the web site until two months after writing.

For information about subscriptions, see subscription information page.

Tech Law Journal now accepts credit card payments. See, TLJ credit card payments page.

TLJ is published by David Carney
Contact: 202-364-8882.
carney at techlawjournal dot com
3034 Newark St. NW, Washington DC, 20008.

Privacy Policy
Notices & Disclaimers
Copyright 1998-2012 David Carney. All rights reserved.