Blogs

Weekly WHAT: Brought to you by the letter "F" (no, not that F): Funding, FirstNet, Financial Services Data Breach Markup, FAA sUAS Rules and NIST Framework

By Yejin Jang posted Dec 11,2015 11:27 AM

  

Funding – let’s get it together, people

It’s been a busy few days in Washington, D.C. as legislators scramble to keep the federal government’s lights on.  On Thursday (12/10), the Senate voted and passed a 5-day extension of the Continuing Resolution (CR) which was set to expire today, December 11. The House will vote on the same measure today; it is expected to pass and be signed by the President. 

Policy sticking points like Syrian refugees, environmental and financial regulations, oil exports and other items have slowed the omnibus process and with the new extension legislators will have to reach a compromise by Wednesday, December 16 or pass another CR. States probably won’t feel the impact of this slow-moving omnibus process unless negotiations come to a standstill and funding for the government lapses. 

FirstNet will release RFP in January 2016

On December 9, the FirstNet board approved FirstNet’s RFP and plans to release in early January, no later than the second week. FirstNet CEO Mike Poth said that FirstNet will conduct a webinar detailing the RFP. Potential bidders will be given 3 weeks to ask questions and FirstNet plans to respond within 30 days. Proposals will be due in May 2016 followed by evaluation and awards.  Regarding evaluation of bids, FirstNet President TJ Kennedy said that offerors’ past performance, proposed network coverage and capacity, ability to build an ecosystem, and long-term sustainability will be the key criteria against which bids will be evaluated.  It is expected that evaluations will be completed at the end of 2016 but CEO Poth indicated it could be sooner, noting that the number of offers could dictate the amount of time it takes to evaluate.

After the winning partner is selected, FirstNet will then be able to craft and present state plans to each governor. Note, delivery of the state plan to the governor triggers the 90-day window during which he/she must make a decision on whether to opt-in to the FirstNet plan or opt-out and assume responsibility for building the state’s RAN.

FirstNet’s RFP totals 508 pages (339 pages are attachments) and follows the outcome/objectives based approach that FirstNet had assumed previously. NASCIO will continue to monitor the RFP process and report on meaningful impacts to State CIOs.

House Financial Services Committee marks up Data Security Act of 2015 (H.R. 2205)

On December 9, the House Financial Services Committee marked up and passed 46-9, H.R. 2205 the Data Security Act of 2015.  H.R. 2205 would set a national, uniform “ceiling” standard on how financial data should be protected and how/when breach notification should occur. H.R. 2205 would explicitly preempt current state law (47 states have laws on data breach notification) and prohibit states from imposing more stringent or protective measures to protect state consumers. 

But H.R. 2205 isn’t the only preemptive data breach game in town.

Back in April, the House Energy and Commerce committee passed H.R. 1770, the Data Security and Breach Notification Act of 2015 which again, would preempt state law and impose data security and notification requirements on “covered entities” which seemingly includes State governments.  H.R. 2205 explicitly excludes federal, state and local governments from the definition of a “covered entity.”  

In the Senate, there are several data breach proposals, last count at 4 (S. 117, S. 1027, S. 1158, S.961).  No significant movement has occurred on these measures but we are hearing rumors that a bipartisan group of senators are talking about a federal fix to data security and notification.  Stay tuned.  

FAA releases task force recommendations on hobby UAS registration

In October, the FAA signaled that it would be looking into a registration process for small UAS (sUAS) or hobby/recreational-use UAS. Since then, the FAA task force charged with developing recommendations has released its final report which gives us some insight as to what the FAA will ultimately require. Below is a summary of some of the high-level recommendations:

  • Registration through web or application
  • Immediate receipt of electronic certificate of registration and personal universal registration number for use on all sUAS owned by that person
  • Mark the registration number on all sUAS prior to operation

Further, the task force recommended that registration be free and that sUAS owners register with the FAA by entering their name and street address into the web-based system. Provision of email, phone number and serial number of the sUAS would be optional.  Information related to citizenship or residence status would not be required and a minimum age requirement of 13 is recommended to be imposed.

The FAA has indicated that they will be conducting education and awareness programs to make citizens aware of the registration requirements, especially as the holiday season approaches. They have partnered with stakeholder organizations and produced www.Knowbeforeyoufly.org.  

Framework Update?

On December 10, the National Institute of Standards and Technology (NIST) released a preview Request for Information (RFI) seeking information on how its voluntary Framework for Improving Critical Infrastructure Cybersecurity is being used, what changes are warranted and future management. The comment period opens today, December 11 and will close on February 9, 2016.

TechBytes

82% of federal orgs use NIST Cybersecurity Framework in some way

Who We Elect: The Demographics of State Legislatures – state lawmakers are less diverse than the country in general but reflect the wide variety of the people they serve more closely than before (new joint study by NCSL and Pew)    

FirstNet board approves final RFP for early-January release, bids due in May

FirstNet makes senior-leadership team permanent

0 comments
154 views

Related Content

Permalink