If there's been a lack of Washington Headlines And Technology (WHAT) posts from me, it is not for a lack of activity. Quite the contrary, we're keeping too busy with our outreach and advocacy--and facilitating discussions among our members regarding their impact on the states--to provide more public updates through the blogs. Hence this supersized-TECHPLOSION Edition of the NASCIO WHAT.
Key Takeaway: Policymakers Get Religion on Cybersecurity
Information Sharing: As promised during the President’s State of the Union, the White House and administration took several actions on cybersecurity over the course of the past month, culminating in the signing of Executive Order “Promoting Private Sector Information Sharing.” While the thrust of the Executive Order is focused on improving and facilitating information sharing among private sector entities, it does allow for a role and a benefit to public sector counterparts beyond federal partners. The Executive Order hopes to increase the diversity of information sharing among the private sector through promoting liability protections for those that participate in Information Sharing and Analysis Organizations (ISAOs), a relatively unknown part of the Homeland Security Act of 2002 that provides for formal and informal organizations to share threat information. NASCIO is working with Department of Homeland Security (DHS) to determine how states, who often facilitate such information sharing on a regional basis, fit in to the new order.
Just down Pennsylvania Avenue, Congress is interested in building on their efforts at the end of the last Congress. Over the last week, we've seen the Senate Committee on Intelligence mark up and approve the Cybersecurity Information Sharing Act (S.754), known as CISA, which extends liability protection to private sector organizations that voluntarily share threat information with the federal government. While the new legislation provides additional privacy and civil protections, including that companies "can only share cyber-threat information and the government may only use shared data for cybersecurity purposes," privacy advocates have concerns that it will increase spying on american citizens. In the House, Homeland Security Chairman McCaul (R-TX) is preparing a bill increase threat information sharing through liability protections for the private sector, as well. However, McCaul's bill will utilize the DHS National Cybersecurity and Communications Integration Center (NCCIC). McCaul and others believe since the NCICC has no regulatory role and no role in enforcement, it can be better trusted by the private sector to serve as a facilitator of information sharing. You can watch McCaul's announcement and outline of the bill at Center for Strategic and International Studies this week here. McCaul has previously said he is determined to get something on the President’s desk.
Data Breach Notification: "Forty-seven states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted legislation requiring private or government entities to notify individuals of security breaches of information involving personally identifiable information," according to the National Conference of State Legislatures. Congress is looking at bills that would preempt these state laws and create national standards for data breach notifications. Yesterday, the House Energy and Commerce Committee held a hearing on a draft bill to do just that (you can watch it here). In addition, Senate Commerce, Science, and Transportation held a hearing on Ranking Member Bill Nelson's data breach bill in January with similar goals (available here). Beyond the obvious preemption, there may be other issues for states--particularly those who outsource certain public sector data, e-outreach, and transaction functions. NASCIO is reviewing the legislation and seeking to analyze potential issues for our members.
Insurance: You know Congress has found religion on cybersecurity when the Senate Commerce, Science, and Transportation Committee is holding a hearing entitled, "Examining the Evolving Cyber Insurance Marketplace." Many experts, including leaders in states, see cyber insurance as a great opportunity for public and private entities to get a sense of their level of risk and make measured improvements that provide notable benefit (a reduction in risk and in insurance costs). This follows the data breach hearing and a review of the National Institute of Standards and Technology (NIST) cybersecurity framework, making cyber squarely in CST's vision for the year.
FirstNet Taking Some Big Steps Forward Towards Network
If all goes as planned, 2015 will be a big year for the First Responder Network Authority (FirstNet) in its quest to build a nationwide public safety broadband network. In testimony last week, FirstNet Chair Sue Swenson stated the goal of issuing a final RFP by the end of the year, with a draft RFP out very soon. You can watch the entire hearing here.
Perhaps of even more importance to states, the First Responder Network Authority (FirstNet) put more texture to their next steps on Friday when they published a Public Notice in the federal register seeking comments on a wide variety of key issues surrounding the planning and deployment of a nationwide public safety broadband network. NASCIO is still reviewing the public notice as of publication, but it includes significant questions regarding the technical aspects of the network, as well as the policies and procedures that will lead to state plans and build-out of the network nationwide. The public notice is available here. In addition, NTIA will be releasing recommended data collection activities for the states in anticipation of the second round of the State and Local Implementation Grant Program (SLIGP) activities in the near future. All told, there is a great deal of movement happening for the three-year-old organization that was accused of being slow off the blocks in its infancy.
FCC Takes Votes On Net Neutrality and Publicly Funded Broadband, Congress Takes Note
If you've been out of the country, you may have not heard that the Federal Communications Commission made significant decisions on some thorny telecommunications issues--and got Congress' attention. On February 26, the Federal Communications Commission (FCC) voted to classify Internet Service Providers (ISP) as “common carriers,” subject to Title II regulation by the FCC. The new rules will allow the commission to intervene in cases where ISPs seem to be blocking, slowing (“throttling”), or providing paid prioritization of internet traffic. Unlike many FCC Title II entities, ISPs will not be subject to tariffing, rate regulation, and “unbundling” requirements. The FCC also says they will not set rates or regulate retail prices. It also does not impact data that does not go over the public internet, such as specialized or managed services. Unlike with traditional telecommunications services, the FCC has ruled that all broadband is inherently interstate commerce, thus prohibiting state regulation of ISPs under the current framework. FCC will take up on a case-by-case basis preemption of any state laws that conflict with FCC policy. There are also new transparency requirements regarding ISP data on speed and price that may be of interest to states who are examining broadband accessibility. More information is available at www.fcc.org/openinternet.
In a separate decision, the FCC also preempted state laws that prevented the city of Wilson, N.C., and the Electric Power Board of Chattanooga, Tennessee from expanding their local, publicly-owned ISP to additional consumers in neighboring jurisdictions. It was clear the ruling was specific to these two state examples, but may encourage other public entities or public-private-partnerships to challenge state laws that prohibit public broadband infrastructure investment that competes with private sector incumbents. The memorandum opinion and order may be found here.
As a result of these rulings, FCC Chairman Wheeler is a very popular witness on Capitol Hill. Today marks the third day in a row that the Chairman will be in front of congressional committees, facing questions regarding the FCC's authority and process to come to the decision. You can find those hearings here: House Energy and Commerce; Senate Commerce, Science, and Transportation; and, House Oversight and Government Reform.
Nominations for NASCIO's State IT Recognition Awards are open
NASCIO Publication: Building Successful Relationships - State CIO Advice for IT Partners
Don't forget our NASCIO Cybersecurity Newsbrief for the latest going on in the states
Check out Analytics.usa.gov!
E-Rate Funding Requests Booming; Application Deadline Extended
States Use Big Data to Nab Tax Fraudsters
Maine Launches $57.4 Million State-of-the-Art Radio Network
Video streaming app Meerkat seems ridiculous, but so did Twitter
White House Announces Tech Job Training and Hiring Initiative
Where the states $1.7 billion in total revenue comes from
Expect Open Data and Transparency Legislation in 2015
Bipartisan Drone Privacy Bill Announced