Multistakeholder Process on Internet of Things Security Upgradability and Patching, 29845-29846 [2017-13775]
Download as PDF
<![CDATA[
Federal Register / Vol. 82, No. 125 / Friday, June 30, 2017 / Notices
Council made a decision to change the
terminal year for the data used on the
stock assessment for the South Atlantic
black sea bass stock. The decision
affects the schedule for the stock
assessment and consequently, the
scheduled webinars as previously
published in the Federal Register. An
updated schedule will be published
once the details are available.
Dated: June 26, 2017.
Jeffrey N. Lonergan,
Acting Deputy Director, Office of Sustainable
Fisheries, National marine Fisheries Service.
[FR Doc. 2017–13662 Filed 6–29–17; 8:45 am]
BILLING CODE 3510–22–P
DEPARTMENT OF COMMERCE
National Telecommunications and
Information Administration
Multistakeholder Process on Internet
of Things Security Upgradability and
Patching
National Telecommunications
and Information Administration, U.S.
Department of Commerce.
ACTION: Notice of open meeting.
AGENCY:
The National
Telecommunications and Information
Administration (NTIA) will convene a
virtual meeting of a multistakeholder
process on Internet of Things Security
Upgradability and Patching on July 18,
2017. This is the fourth in a series of
meetings. For information on prior
meetings, see Web site address below.
DATES: The virtual meeting will be held
on July 18, 2017, from 2:00 p.m. to 4:30
p.m., Eastern Time. See SUPPLEMENTARY
INFORMATION for details.
SUMMARY:
This is a virtual meeting.
NTIA will post links to online content
and dial-in information on the
multistakeholder process Web site at
https://www.ntia.doc.gov/otherpublication/2016/multistakeholderprocess-iot-security.
FOR FURTHER INFORMATION CONTACT:
Allan Friedman, National
Telecommunications and Information
Administration, U.S. Department of
Commerce, 1401 Constitution Avenue
NW., Room 4725, Washington, DC
20230; telephone: (202) 482–4281;
email: afriedman@ntia.doc.gov. Please
direct media inquiries to NTIA’s Office
of Public Affairs: (202) 482–7002; email:
press@ntia.doc.gov.
SUPPLEMENTARY INFORMATION:
Background: In March of 2015 the
National Telecommunications and
Information Administration issued a
Request for Comment to ‘‘identify
mstockstill on DSK30JT082PROD with NOTICES
ADDRESSES:
VerDate Sep<11>2014
17:32 Jun 29, 2017
Jkt 241001
substantive cybersecurity issues that
affect the digital ecosystem and digital
economic growth where broad
consensus, coordinated action, and the
development of best practices could
substantially improve security for
organizations and consumers.’’ 1 We
received comments from a range of
stakeholders, including trade
associations, large companies,
cybersecurity startups, civil society
organizations and independent
computer security experts.2 The
comments recommended a diverse set of
issues that might be addressed through
the multistakeholder process, including
cybersecurity policy and practice in the
emerging area of Internet of Things
(IoT).
In a separate but related matter in
April 2016, NTIA, the Department’s
Internet Policy Task Force, and its
Digital Economy Leadership Team
sought comments on the benefits,
challenges, and potential roles for the
government in fostering the
advancement of the Internet of
Things.’’ 3 Over 130 stakeholders
responded with comments addressing
many substantive issues and
opportunities related to IoT.4 Security
was one of the most common topics
raised. Many commenters emphasized
the need for a secure lifecycle approach
to IoT devices that considers the
development, maintenance, and end-oflife phases and decisions for a device.
After reviewing these comments,
NTIA announced that the next
multistakeholder process on
cybersecurity would be on IoT security
upgradability and patching.5 The first
meeting of a multistakeholder process
on this topic was held on October 19,
1 U.S. Department of Commerce, Internet Policy
Task Force, Request for Public Comment,
Stakeholder Engagement on Cybersecurity in the
Digital Ecosystem, 80 FR 14360, Docket No.
150312253–5253–01 (Mar. 19, 2015), available at:
https://www.ntia.doc.gov/files/ntia/publications/
cybersecurity_rfc_03192015.pdf.
2 NTIA has posted the public comments received
at https://www.ntia.doc.gov/federal-register-notice/
2015/comments-stakeholder-engagementcybersecurity-digital-ecosystem.
3 U.S. Department of Commerce, Internet Policy
Task Force, Request for Public Comment, Benefits,
Challenges, and Potential Roles for the Government
in Fostering the Advancement of the Internet of
Things, 81 FR 19956, Docket No 160331306–6306–
01 (April 5, 2016), available at: https://
www.ntia.doc.gov/federal-register-notice/2016/rfcpotential-roles-government-fostering-advancementinternet-of-things.
4 NTIA has posted the public comments received
at https://www.ntia.doc.gov/federal-register-notice/
2016/comments-potential-roles-governmentfostering-advancement-internet-of-things.
5 NTIA, Increasing the Potential of IoT through
Security and Transparency (Aug. 2, 2016), available
at: https://www.ntia.doc.gov/blog/2016/increasingpotential-iot-through-security-and-transparency.
PO 00000
Frm 00025
Fmt 4703
Sfmt 4703
29845
2016.6 A second, virtual meeting of this
process was held on January 31, 2017,7
and a third meeting was held on April
26, 2017.8
The matter of patching vulnerable
systems is now an accepted part of
cybersecurity.9 Unaddressed technical
flaws in systems leave the users of
software and systems at risk. The nature
of these risks varies, and mitigating
these risks requires various efforts from
the developers and owners of these
systems. One of the more common
means of mitigation is for the developer
or other maintaining party to issue a
security patch to address the
vulnerability. Patching has become
more commonly accepted, even for
consumers, as more operating systems
and applications shift to visible
reminders and automated updates. Yet
as one security expert notes, this
evolution of the software industry has
yet to become the dominant model in
IoT.10
To help realize the full innovative
potential of IoT, users need reasonable
assurance that connected devices,
embedded systems, and their
applications will be secure. A key part
of that security is the mitigation of
potential security vulnerabilities in IoT
devices or applications through
patching and security upgrades.
The ultimate objective of the
multistakeholder process is to foster a
market offering more devices and
systems that support security upgrades
through increased consumer awareness
and understanding. Enabling a thriving
market for patchable IoT requires
common definitions so that
manufacturers and solution providers
6 NTIA, Notice of Multistakeholder Process on
Internet of Things Security Upgradability and
Patching Open Meeting (Sept. 15, 2016), available
at: https://www.ntia.doc.gov/federal-register-notice/
2016/10192016-meeting-notice-msp-iot-securityupgradability-patching.
7 NTIA, Notice of Multistakeholder Process on
Internet of Things Security Upgradability and
Patching Open Meeting (April 11, 2017), available
at https://www.ntia.doc.gov/federal-register-notice/
2017/notice-04262017-meeting-multistakeholderprocess-internet-things.
8 NTIA, Notice of Multistakeholder Process on
Internet of Things Security Upgradability and
Patching Open Meeting (Sept. 15, 2016), available
at: https://www.ntia.doc.gov/federal-register-notice/
2016/10192016-meeting-notice-msp-iot-securityupgradability-patching.
9 See, e.g., Murugiah Souppaya and Karen
Scarfone, Guide to Enterprise Patch Management
Technologies, Special Publication 800–40 Revision
3, National Institute of Standards and Technology,
NIST SP 800–40 (2013) available at: https://
nvlpubs.nist.gov/nistpubs/SpecialPublications/
NIST.SP.800-40r3.pdf.
10 Bruce Schneier, The Internet of Things Is
Wildly Insecure—And Often Unpatchable, Wired
(Jan. 6, 2014), available at: https://
www.schneier.com/blog/archives/2014/01/security_
risks_9.html.
E:\FR\FM\30JNN1.SGM
30JNN1
mstockstill on DSK30JT082PROD with NOTICES
29846
Federal Register / Vol. 82, No. 125 / Friday, June 30, 2017 / Notices
have shared visions for security, and
consumers know what they are
purchasing. Currently, no such
common, widely accepted definitions
exist, so many manufacturers struggle to
effectively communicate to consumers
the security features of their devices.
This is detrimental to the digital
ecosystem as a whole, as it does not
reward companies that invest in
patching and it prevents consumers
from making informed purchasing
choices.
Stakeholders have identified four
distinct work streams that could help
foster better security across the
ecosystem, and focused their efforts in
four working groups addressing both
technical and policy issues.11 The main
objectives of the July 18, 2017, meeting
are to share progress from the working
groups and hear feedback from the
broader stakeholder community.
Stakeholders will also discuss how the
outputs of the different work streams
can complement each other. More
information about stakeholders’ work is
available at: https://www.ntia.doc.gov/
other-publication/2016/
multistakeholder-process-iot-security.
Time and Date: NTIA will convene a
virtual meeting of the multistakeholder
process on Internet of Things Security
Upgradability and Patching on July 18,
2017, from 2:00 p.m. to 4:30 p.m.,
Eastern Time. The meeting date and
time are subject to change. Please refer
to NTIA’s Web site, https://
www.ntia.doc.gov/other-publication/
2016/multistakeholder-process-iotsecurity, for the most current
information.
Place: This is a virtual meeting. NTIA
will post links to online content and
dial-in information on the
multistakeholder process Web site at
https://www.ntia.doc.gov/otherpublication/2016/multistakeholderprocess-iot-security.
Other Information: The meeting is
open to the public and the press. There
will be an opportunity for stakeholders
viewing the webcast to participate
remotely in the meeting through a
moderated conference bridge, including
polling functionality. Access details for
the meeting are subject to change.
Requests for a transcript of the meeting
or other auxiliary aids should be
directed to Allan Friedman at (202)
482–4281 or afriedman@ntia.doc.gov at
least seven (7) business days prior to
each meeting. Please refer to NTIA’s
Web site, https://www.ntia.doc.gov/
11 Documents shared by working group
stakeholders are available at: https://
www.ntia.doc.gov/other-publication/2016/
multistakeholder-process-iot-security.
VerDate Sep<11>2014
17:32 Jun 29, 2017
Jkt 241001
other-publication/2016/
multistakeholder-process-iot-security,
for the most current information.
Dated: June 27, 2017.
Kathy D. Smith,
Chief Counsel, National Telecommunications
and Information Administration.
[FR Doc. 2017–13775 Filed 6–29–17; 8:45 am]
BILLING CODE 3510–60–P
DEPARTMENT OF COMMERCE
National Telecommunications and
Information Administration
Community Broadband Workshop
National Telecommunications
and Information Administration, U.S.
Department of Commerce.
ACTION: Notice of Open Meeting.
AGENCY:
The National
Telecommunications and Information
Administration (NTIA), through the
BroadbandUSA program, will hold a
Technical Assistance Workshop to share
information and help communities
build their broadband capacity and
utilization. The workshop will present
in-depth sessions on planning and
funding broadband infrastructure
projects. The session on planning will
explore effective business and
partnership models. The session on
funding will explore available funding
options and models, including federal
funding.
SUMMARY:
The Technical Assistance
Workshop will be held on August 21,
2017, from 8:30 a.m. to 12:30 p.m.,
Central Daylight Time.
ADDRESSES: The meeting will be held in
Des Moines, Iowa at the Des Moines
Public Library, 1000 Grand Avenue, Des
Moines, IA 50309.
FOR FURTHER INFORMATION CONTACT:
Giselle Sanders, National
Telecommunications and Information
Administration, U.S. Department of
Commerce, Room 4889, 1401
Constitution Avenue NW., Washington,
DC 20230; telephone: (202) 482–7971;
email: gsanders@ntia.doc.gov. Please
direct media inquiries to NTIA’s Office
of Public Affairs, (202) 482–7002; email:
press@ntia.doc.gov.
SUPPLEMENTARY INFORMATION: NTIA’s
BroadbandUSA program provides
expert advice and field-proven tools for
assessing broadband adoption, planning
new infrastructure, and engaging a wide
range of partners in broadband projects.
BroadbandUSA convenes workshops on
a regular basis to bring stakeholders
together to discuss ways to improve
broadband policies, share best practices,
DATES:
PO 00000
Frm 00026
Fmt 4703
Sfmt 4703
and connect communities to other
federal agencies and funding sources for
the purpose of expanding broadband
infrastructure and adoption throughout
America’s communities. The Des
Moines workshop will explore two
specific topics for broadband
infrastructure: Planning and funding.
The Des Moines workshop will
feature subject matter experts from
NTIA’s BroadbandUSA broadband
program. The first session will explore
key elements required for planning
successful broadband projects. The
second session will explore funding
models, including federal programs that
fund broadband infrastructure projects.
The Des Moines workshop will be
open to the public. Pre-registration is
requested, and space is limited. NTIA
will ask registrants to provide their first
and last names and email addresses for
both registration purposes and to
receive any updates on the workshop. If
capacity for the meeting is reached,
NTIA will maintain a waiting list and
will inform those on the waiting list if
space becomes available. Meeting
updates, changes in the agenda, if any,
and relevant documents will also be
available on NTIA’s Web site at https://
www2.ntia.doc.gov/notice-08212017workshop.
The public meeting is physically
accessible to people with disabilities.
Individuals requiring accommodations,
such as language interpretation or other
ancillary aids, are asked to notify Giselle
Sanders at the contact information listed
above at least five (5) business days
before the meeting.
Dated: June 27, 2017.
Kathy D. Smith,
Chief Counsel, National Telecommunications
and Information Administration.
[FR Doc. 2017–13777 Filed 6–29–17; 8:45 am]
BILLING CODE 3510–60–P
DEPARTMENT OF COMMERCE
National Telecommunications and
Information Administration
Commerce Spectrum Management
Advisory Committee Meeting
National Telecommunications
and Information Administration, U.S.
Department of Commerce.
ACTION: Notice of Open Meeting.
AGENCY:
This notice announces a
public meeting of the Commerce
Spectrum Management Advisory
Committee (Committee). The Committee
provides advice to the Assistant
Secretary of Commerce for
Communications and Information and
SUMMARY:
E:\FR\FM\30JNN1.SGM
30JNN1
]]>Agencies
[Federal Register Volume 82, Number 125 (Friday, June 30, 2017)]
[Notices]
[Pages 29845-29846]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-13775]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Telecommunications and Information Administration
Multistakeholder Process on Internet of Things Security
Upgradability and Patching
AGENCY: National Telecommunications and Information Administration,
U.S. Department of Commerce.
ACTION: Notice of open meeting.
-----------------------------------------------------------------------
SUMMARY: The National Telecommunications and Information Administration
(NTIA) will convene a virtual meeting of a multistakeholder process on
Internet of Things Security Upgradability and Patching on July 18,
2017. This is the fourth in a series of meetings. For information on
prior meetings, see Web site address below.
DATES: The virtual meeting will be held on July 18, 2017, from 2:00
p.m. to 4:30 p.m., Eastern Time. See SUPPLEMENTARY INFORMATION for
details.
ADDRESSES: This is a virtual meeting. NTIA will post links to online
content and dial-in information on the multistakeholder process Web
site at https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security.
FOR FURTHER INFORMATION CONTACT: Allan Friedman, National
Telecommunications and Information Administration, U.S. Department of
Commerce, 1401 Constitution Avenue NW., Room 4725, Washington, DC
20230; telephone: (202) 482-4281; email: afriedman@ntia.doc.gov. Please
direct media inquiries to NTIA's Office of Public Affairs: (202) 482-
7002; email: press@ntia.doc.gov.
SUPPLEMENTARY INFORMATION:
Background: In March of 2015 the National Telecommunications and
Information Administration issued a Request for Comment to ``identify
substantive cybersecurity issues that affect the digital ecosystem and
digital economic growth where broad consensus, coordinated action, and
the development of best practices could substantially improve security
for organizations and consumers.'' \1\ We received comments from a
range of stakeholders, including trade associations, large companies,
cybersecurity startups, civil society organizations and independent
computer security experts.\2\ The comments recommended a diverse set of
issues that might be addressed through the multistakeholder process,
including cybersecurity policy and practice in the emerging area of
Internet of Things (IoT).
---------------------------------------------------------------------------
\1\ U.S. Department of Commerce, Internet Policy Task Force,
Request for Public Comment, Stakeholder Engagement on Cybersecurity
in the Digital Ecosystem, 80 FR 14360, Docket No. 150312253-5253-01
(Mar. 19, 2015), available at: https://www.ntia.doc.gov/files/ntia/publications/cybersecurity_rfc_03192015.pdf.
\2\ NTIA has posted the public comments received at https://www.ntia.doc.gov/federal-register-notice/2015/comments-stakeholder-engagement-cybersecurity-digital-ecosystem.
---------------------------------------------------------------------------
In a separate but related matter in April 2016, NTIA, the
Department's Internet Policy Task Force, and its Digital Economy
Leadership Team sought comments on the benefits, challenges, and
potential roles for the government in fostering the advancement of the
Internet of Things.'' \3\ Over 130 stakeholders responded with comments
addressing many substantive issues and opportunities related to IoT.\4\
Security was one of the most common topics raised. Many commenters
emphasized the need for a secure lifecycle approach to IoT devices that
considers the development, maintenance, and end-of-life phases and
decisions for a device.
---------------------------------------------------------------------------
\3\ U.S. Department of Commerce, Internet Policy Task Force,
Request for Public Comment, Benefits, Challenges, and Potential
Roles for the Government in Fostering the Advancement of the
Internet of Things, 81 FR 19956, Docket No 160331306-6306-01 (April
5, 2016), available at: https://www.ntia.doc.gov/federal-register-notice/2016/rfc-potential-roles-government-fostering-advancement-internet-of-things.
\4\ NTIA has posted the public comments received at https://www.ntia.doc.gov/federal-register-notice/2016/comments-potential-roles-government-fostering-advancement-internet-of-things.
---------------------------------------------------------------------------
After reviewing these comments, NTIA announced that the next
multistakeholder process on cybersecurity would be on IoT security
upgradability and patching.\5\ The first meeting of a multistakeholder
process on this topic was held on October 19, 2016.\6\ A second,
virtual meeting of this process was held on January 31, 2017,\7\ and a
third meeting was held on April 26, 2017.\8\
---------------------------------------------------------------------------
\5\ NTIA, Increasing the Potential of IoT through Security and
Transparency (Aug. 2, 2016), available at: https://www.ntia.doc.gov/blog/2016/increasing-potential-iot-through-security-and-transparency.
\6\ NTIA, Notice of Multistakeholder Process on Internet of
Things Security Upgradability and Patching Open Meeting (Sept. 15,
2016), available at: https://www.ntia.doc.gov/federal-register-notice/2016/10192016-meeting-notice-msp-iot-security-upgradability-patching.
\7\ NTIA, Notice of Multistakeholder Process on Internet of
Things Security Upgradability and Patching Open Meeting (April 11,
2017), available at https://www.ntia.doc.gov/federal-register-notice/2017/notice-04262017-meeting-multistakeholder-process-internet-things.
\8\ NTIA, Notice of Multistakeholder Process on Internet of
Things Security Upgradability and Patching Open Meeting (Sept. 15,
2016), available at: https://www.ntia.doc.gov/federal-register-notice/2016/10192016-meeting-notice-msp-iot-security-upgradability-patching.
---------------------------------------------------------------------------
The matter of patching vulnerable systems is now an accepted part
of cybersecurity.\9\ Unaddressed technical flaws in systems leave the
users of software and systems at risk. The nature of these risks
varies, and mitigating these risks requires various efforts from the
developers and owners of these systems. One of the more common means of
mitigation is for the developer or other maintaining party to issue a
security patch to address the vulnerability. Patching has become more
commonly accepted, even for consumers, as more operating systems and
applications shift to visible reminders and automated updates. Yet as
one security expert notes, this evolution of the software industry has
yet to become the dominant model in IoT.\10\
---------------------------------------------------------------------------
\9\ See, e.g., Murugiah Souppaya and Karen Scarfone, Guide to
Enterprise Patch Management Technologies, Special Publication 800-40
Revision 3, National Institute of Standards and Technology, NIST SP
800-40 (2013) available at: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r3.pdf.
\10\ Bruce Schneier, The Internet of Things Is Wildly Insecure--
And Often Unpatchable, Wired (Jan. 6, 2014), available at: https://www.schneier.com/blog/archives/2014/01/security_risks_9.html.
---------------------------------------------------------------------------
To help realize the full innovative potential of IoT, users need
reasonable assurance that connected devices, embedded systems, and
their applications will be secure. A key part of that security is the
mitigation of potential security vulnerabilities in IoT devices or
applications through patching and security upgrades.
The ultimate objective of the multistakeholder process is to foster
a market offering more devices and systems that support security
upgrades through increased consumer awareness and understanding.
Enabling a thriving market for patchable IoT requires common
definitions so that manufacturers and solution providers
[[Page 29846]]
have shared visions for security, and consumers know what they are
purchasing. Currently, no such common, widely accepted definitions
exist, so many manufacturers struggle to effectively communicate to
consumers the security features of their devices. This is detrimental
to the digital ecosystem as a whole, as it does not reward companies
that invest in patching and it prevents consumers from making informed
purchasing choices.
Stakeholders have identified four distinct work streams that could
help foster better security across the ecosystem, and focused their
efforts in four working groups addressing both technical and policy
issues.\11\ The main objectives of the July 18, 2017, meeting are to
share progress from the working groups and hear feedback from the
broader stakeholder community. Stakeholders will also discuss how the
outputs of the different work streams can complement each other. More
information about stakeholders' work is available at: https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security.
---------------------------------------------------------------------------
\11\ Documents shared by working group stakeholders are
available at: https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security.
---------------------------------------------------------------------------
Time and Date: NTIA will convene a virtual meeting of the
multistakeholder process on Internet of Things Security Upgradability
and Patching on July 18, 2017, from 2:00 p.m. to 4:30 p.m., Eastern
Time. The meeting date and time are subject to change. Please refer to
NTIA's Web site, https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security, for the most current
information.
Place: This is a virtual meeting. NTIA will post links to online
content and dial-in information on the multistakeholder process Web
site at https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security.
Other Information: The meeting is open to the public and the press.
There will be an opportunity for stakeholders viewing the webcast to
participate remotely in the meeting through a moderated conference
bridge, including polling functionality. Access details for the meeting
are subject to change. Requests for a transcript of the meeting or
other auxiliary aids should be directed to Allan Friedman at (202) 482-
4281 or afriedman@ntia.doc.gov at least seven (7) business days prior
to each meeting. Please refer to NTIA's Web site, https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security, for the most current information.
Dated: June 27, 2017.
Kathy D. Smith,
Chief Counsel, National Telecommunications and Information
Administration.
[FR Doc. 2017-13775 Filed 6-29-17; 8:45 am]
BILLING CODE 3510-60-P
