Multistakeholder Process on Internet of Things Security Upgradability and Patching, 35762-35764 [2017-16155]
Download as PDF
<![CDATA[
35762
Federal Register / Vol. 82, No. 146 / Tuesday, August 1, 2017 / Notices
Friday, Sep 21, 2018 ...........
•
•
•
•
Site visit to a U.S. OEM (e.g.: Oceaneering or GE Wellstream—TBD).
Mission participants lunch.
One group meeting with another oil company (e.g.: Shell—TBD).
Evening Departure (**).
(**) As an option, trade mission participants may stay over the weekend and attend at least one day of the Rio Oil and Gas Trade Show that
will take place from September 24–27, 2018. There is no additional costs to the participation fee for the optional trade show participation. There
is free transportation offered by the show organizers to and from the conference grounds. All additional costs that TM participants will have do
not apply to the TM participation fee.
Participation Requirements
Recruitment for the mission will
begin immediately and conclude no
later than July 30, 2018. All parties
interested in participating in the trade
mission must complete and submit an
application package for consideration by
the Department of Commerce. All
applications must be submitted before
July 30, 2018. The Department of
Commerce will evaluate all applications
and inform applicants of selection
decisions as soon as possible after this
application deadline.
Applications received after July 30,
2018, will be considered only if space
and scheduling constraints permit.
mstockstill on DSK30JT082PROD with NOTICES
Fees and Expenses
After a company or organization has
been selected to participate in the
mission, a payment to the Department of
Commerce in the form of a participation
fee is required. The participation fee for
the Trade Mission will be $2,010 for a
small or medium-sized firm (SME), and
$2,320 for large firms. The fee for each
additional firm representative (large
firm or SME/trade organization) is USD
$750.00.
Participants selected for the Trade
Mission will be expected to pay for the
cost of all personal expenses, including,
but not limited to, international travel,
lodging, meals, transportation,
communication, and incidentals, unless
otherwise noted. In the event that the
Mission is cancelled, no personal
expenses paid in anticipation of a Trade
Mission will be reimbursed. However,
participation fees for a cancelled Trade
Mission will be reimbursed to the extent
they have not already been expended in
the anticipation of the Mission.
Participants will be able to take
advantage of U.S. Government rates for
hotel rooms. Business or entry visas
may be required to participate in the
mission. Applying for and obtaining
such visas will be the responsibility of
the mission participant. Government
fees and processing expenses to obtain
such visas are not included in the
participation fee. However, the
Department of Commerce will provide
instructions to each participant on the
procedures required to obtain necessary
business visas.
VerDate Sep<11>2014
20:13 Jul 31, 2017
Jkt 241001
Timeframe for Recruitment and
Application
Mission recruitment will be
conducted in an open and public
manner, including publication in the
Federal Register, posting on the
Commerce Department trade mission
calendar (https://export.gov/
trademissions) and other Internet Web
sites, press releases to general and trade
media, direct mail, notices by industry
trade associations and other multiplier
groups, and publicity at industry
meetings, symposia, conferences, and
trade shows.
Recruitment for the mission will
begin immediately and conclude no
later than July 30, 2018. Applications
received after July 30, 2018, will be
considered only if space and scheduling
constraints permit.
Contacts
Regina Cunha, Senior Commercial
Specialist, U.S. Department of
Commerce, Address: U.S. Consulate
General. Avenida Presidente Wilson
147. Centro, Rio de Janeiro. Brazil.
Tel.: # +55 21 38232416, Email:
regina.cunha@trade.gov.
Rodrigo Correa, Commercial Assistant,
U.S. Department of Commerce,
Address: U.S. Consulate General.
Avenida Presidente Wilson 147.
Centro, Rio de Janeiro. Brazil. Tel.:
# +55 21 38232406, Email:
rodrigo.correa@trade.gov.
Stefan Popescu, Commercial Specialist,
CS Toronto, Tel: 1 416–595–5412
x223, Stefan.Popescu@trade.gov.
Connie Irrera, Commercial Specialist,
CS Montreal, Tel: 1 514–908–3662,
Connie.Irrera@trade.gov.
Julius Svoboda, Senior Oil & Gas Trade
Specialist, U.S. Department of
Commerce, Address: 1401
Constitution Ave., Tel.: +1–202–
482–5430, Email: Julius.Svoboda@
trade.gov.
Frank Spector,
Senior Advisor for Trade Missions.
[FR Doc. 2017–16082 Filed 7–31–17; 8:45 am]
BILLING CODE 3510–DR–P
PO 00000
Frm 00020
Fmt 4703
Sfmt 4703
DEPARTMENT OF COMMERCE
National Telecommunications and
Information Administration
Multistakeholder Process on Internet
of Things Security Upgradability and
Patching
National Telecommunications
and Information Administration, U.S.
Department of Commerce.
ACTION: Notice of open meeting.
AGENCY:
The National
Telecommunications and Information
Administration (NTIA) will convene a
meeting of a multistakeholder process
on Internet of Things Security
Upgradability and Patching on
September 12, 2017.
DATES: The meeting will be held on
September 12, 2017, from 10:00 a.m. to
4:00 p.m., Eastern Time. See
SUPPLEMENTARY INFORMATION for details.
ADDRESSES: The meeting will be held at
the American Institute of Architects,
1735 New York Ave. NW., Washington,
DC 20006.
FOR FURTHER INFORMATION CONTACT:
Allan Friedman, National
Telecommunications and Information
Administration, U.S. Department of
Commerce, 1401 Constitution Avenue
NW., Room 4725, Washington, DC
20230; telephone: (202) 482–4281;
email: afriedman@ntia.doc.gov. Please
direct media inquiries to NTIA’s Office
of Public Affairs: (202) 482–7002; email:
press@ntia.doc.gov.
SUPPLEMENTARY INFORMATION:
Background: In March of 2015 the
National Telecommunications and
Information Administration issued a
Request for Comment to ‘‘identify
substantive cybersecurity issues that
affect the digital ecosystem and digital
economic growth where broad
consensus, coordinated action, and the
development of best practices could
substantially improve security for
organizations and consumers.’’ 1 We
received comments from a range of
SUMMARY:
1 U.S. Department of Commerce, Internet Policy
Task Force, Request for Public Comment,
Stakeholder Engagement on Cybersecurity in the
Digital Ecosystem, 80 FR 14360, Docket No.
150312253–5253–01 (Mar. 19, 2015), available at:
https://www.ntia.doc.gov/files/ntia/publications/
cybersecurity_rfc_03192015.pdf.
E:\FR\FM\01AUN1.SGM
01AUN1
Federal Register / Vol. 82, No. 146 / Tuesday, August 1, 2017 / Notices
mstockstill on DSK30JT082PROD with NOTICES
stakeholders, including trade
associations, large companies,
cybersecurity startups, civil society
organizations and independent
computer security experts.2 The
comments recommended a diverse set of
issues that might be addressed through
the multistakeholder process, including
cybersecurity policy and practice in the
emerging area of Internet of Things
(IoT).
In a separate but related matter in
April 2016, NTIA, the Department’s
Internet Policy Task Force, and its
Digital Economy Leadership Team
sought comments on the benefits,
challenges, and potential roles for the
government in fostering the
advancement of the Internet of
Things.’’ 3 Over 130 stakeholders
responded with comments addressing
many substantive issues and
opportunities related to IoT.4 Security
was one of the most common topics
raised. Many commenters emphasized
the need for a secure lifecycle approach
to IoT devices that considers the
development, maintenance, and end-oflife phases and decisions for a device.
After reviewing these comments,
NTIA announced that the next
multistakeholder process on
cybersecurity would be on IoT security
upgradability and patching.5 The first
meeting of a multistakeholder process
on this topic was held on October 19,
2016.6 Subsequent meetings were held
2 NTIA has posted the public comments received
at https://www.ntia.doc.gov/federal-register-notice/
2015/comments-stakeholder-engagementcybersecurity-digital-ecosystem.
3 U.S. Department of Commerce, Internet Policy
Task Force, Request for Public Comment, Benefits,
Challenges, and Potential Roles for the Government
in Fostering the Advancement of the Internet of
Things, 81 FR 19956, Docket No 160331306–6306–
01 (April 5, 2016), available at: https://
www.ntia.doc.gov/federal-register-notice/2016/rfcpotential-roles-government-fostering-advancementinternet-of-things.
4 NTIA has posted the public comments received
at https://www.ntia.doc.gov/federal-register-notice/
2016/comments-potential-roles-governmentfostering-advancement-internet-of-things.
5 NTIA, Increasing the Potential of IoT through
Security and Transparency (Aug. 2, 2016), available
at: https://www.ntia.doc.gov/blog/2016/increasingpotential-iot-through-security-and-transparency.
6 NTIA, Notice of Multistakeholder Process on
Internet of Things Security Upgradability and
Patching Open Meeting (Sept. 15, 2016), available
at: https://www.ntia.doc.gov/federal-register-notice/
2016/10192016-meeting-notice-msp-iot-securityupgradability-patching.
VerDate Sep<11>2014
20:13 Jul 31, 2017
Jkt 241001
on January 31, 2017,7 April 26, 2017,8
and July 18, 2017.9
The matter of patching vulnerable
systems is now an accepted part of
cybersecurity.10 Unaddressed technical
flaws in systems leave the users of
software and systems at risk. The nature
of these risks varies, and mitigating
these risks requires various efforts from
the developers and owners of these
systems. One of the more common
means of mitigation is for the developer
or other maintaining party to issue a
security patch to address the
vulnerability. Patching has become
more commonly accepted, even for
consumers, as more operating systems
and applications shift to visible
reminders and automated updates. Yet
as one security expert notes, this
evolution of the software industry has
yet to become the dominant model in
IoT.11
To help realize the full innovative
potential of IoT, users need reasonable
assurance that connected devices,
embedded systems, and their
applications will be secure. A key part
of that security is the mitigation of
potential security vulnerabilities in IoT
devices or applications through
patching and security upgrades.
The ultimate objective of the
multistakeholder process is to foster a
market offering more devices and
systems that support security upgrades
through increased consumer awareness
and understanding. Enabling a thriving
market for patchable IoT requires
common definitions so that
manufacturers and solution providers
have shared visions for security, and
consumers know what they are
purchasing. Currently, no such
7 NTIA, Notice of 01/31/2017 Meeting of the
Multistakeholder Process on Internet of Things
Security Upgradability and Patching (January 11,
2017), available at https://www.ntia.doc.gov/
federal-register-notice/2017/notice-01312017meeting-multistakeholder-process-internet-things.
8 NTIA, Notice of 04/26/2017 Meeting of the
Multistakeholder Process on Internet of Things
Security Upgradability and Patching, available at
https://www.ntia.doc.gov/federal-register-notice/
2017/notice-04262017-meeting-multistakeholderprocess-internet-things.
9 NTIA, Notice of 07/18/2017 Meeting of the
Multistakeholder Process on Internet of Things
Security Upgradability and Patching, available at
https://www.ntia.doc.gov/federal-register/2017/
notice-07182017-iot-security-virtual-meeting.
10 See, e.g. Murugiah Souppaya and Karen
Scarfone, Guide to Enterprise Patch Management
Technologies, Special Publication 800–40 Revision
3, National Institute of Standards and Technology,
NIST SP 800–40 (2013) available at: https://
nvlpubs.nist.gov/nistpubs/SpecialPublications/
NIST.SP.800-40r3.pdf.
11 Bruce Schneier, The Internet of Things Is
Wildly Insecure—And Often Unpatchable, Wired
(Jan. 6, 2014) available at: https://
www.schneier.com/blog/archives/2014/01/security_
risks_9.html.
PO 00000
Frm 00021
Fmt 4703
Sfmt 4703
35763
common, widely accepted definitions
exist, so many manufacturers struggle to
effectively communicate to consumers
the security features of their devices.
This is detrimental to the digital
ecosystem as a whole, as it does not
reward companies that invest in
patching and it prevents consumers
from making informed purchasing
choices.
Stakeholders have identified four
distinct work streams that could help
foster better security across the
ecosystem, and focused their efforts in
four working groups addressing both
technical and policy issues.12 The main
objectives of the September 12, 2017,
meeting are to discuss stakeholder
comments on draft working group
documents, and, where possible, to
finalize working group documents.
More information about stakeholders’
work is available at: https://
www.ntia.doc.gov/other-publication/
2016/multistakeholder-process-iotsecurity.
Time and Date: NTIA will convene a
meeting of the multistakeholder process
on Internet of Things Security
Upgradability and Patching on
September 12, 2017, from 10:00 a.m. to
4:00 p.m., Eastern Time. The meeting
date and time are subject to change.
Please refer to NTIA’s Web site, https://
www.ntia.doc.gov/other-publication/
2016/multistakeholder-process-iotsecurity, for the most current
information.
Place: The meeting will be held at the
American Institute of Architects, 1735
New York Ave. NW., Washington, DC
20006. The location of the meeting is
subject to change. Please refer to NTIA’s
Web site, https://www.ntia.doc.gov/
other-publication/2016/
multistakeholder-process-iot-security,
for the most current information.
Other Information: The meeting is
open to the public and the press. The
meeting is physically accessible to
people with disabilities. Requests for
sign language interpretation or other
auxiliary aids should be directed to
Allan Friedman at (202) 482–4281 or
afriedman@ntia.doc.gov at least seven
(7) business days prior to the meeting.
The meeting will also be webcast.
Requests for real-time captioning of the
webcast or other auxiliary aids should
be directed to Allan Friedman at (202)
482–4281 or afriedman@ntia.doc.gov at
least seven (7) business days prior to the
meeting. There will be an opportunity
for stakeholders viewing the webcast to
12 Documents shared by working group
stakeholders are available at: https://
www.ntia.doc.gov/other-publication/2016/
multistakeholder-process-iot-security.
E:\FR\FM\01AUN1.SGM
01AUN1
35764
Federal Register / Vol. 82, No. 146 / Tuesday, August 1, 2017 / Notices
participate remotely in the meeting
through a moderated conference bridge,
including polling functionality. Access
details for the meeting are subject to
change. Please refer to NTIA’s Web site,
https://www.ntia.doc.gov/otherpublication/2016/multistakeholderprocess-iot-security, for the most current
information.
Dated: July 27, 2017.
Kathy D. Smith,
Chief Counsel, National Telecommunications
and Information Administration.
[FR Doc. 2017–16155 Filed 7–31–17; 8:45 am]
BILLING CODE 3510–60–P
DEPARTMENT OF COMMERCE
National Telecommunications and
Information Administration
Community Broadband Workshop
National Telecommunications
and Information Administration, U.S.
Department of Commerce.
ACTION: Notice of Open Meeting.
AGENCY:
The National
Telecommunications and Information
Administration (NTIA), through the
BroadbandUSA program, will hold a
Technical Assistance Workshop to share
information and help communities
build their broadband capacity and
utilization. The workshop will present
in-depth sessions on planning and
funding broadband infrastructure
projects. The session on planning will
explore effective business and
partnership models. The session on
funding will explore available funding
options and models, including federal
funding.
SUMMARY:
The Technical Assistance
Workshop will be held on Tuesday,
September 19, 2017, from 8:30 a.m. to
12:30 p.m., Eastern Daylight Time.
ADDRESSES: The meeting will be held in
Charleston, West Virginia at the Law
Firm of Jackson Kelly PLLC, 500 Lee
Street East, Suite 1600, Rooms A and B,
Charleston, WV 25301.
FOR FURTHER INFORMATION CONTACT:
Giselle Sanders, National
Telecommunications and Information
Administration, U.S. Department of
Commerce, Room 4889, 1401
Constitution Avenue, NW., Washington,
DC 20230; telephone: (202) 482–7971;
email: gsanders@ntia.doc.gov. Please
direct media inquiries to NTIA’s Office
of Public Affairs, (202) 482–7002; email:
press@ntia.doc.gov.
SUPPLEMENTARY INFORMATION: NTIA’s
BroadbandUSA program provides
expert advice and field-proven tools for
mstockstill on DSK30JT082PROD with NOTICES
DATES:
VerDate Sep<11>2014
20:13 Jul 31, 2017
Jkt 241001
assessing broadband adoption, planning
new infrastructure, and engaging a wide
range of partners in broadband projects.
BroadbandUSA convenes workshops on
a regular basis to bring stakeholders
together to discuss ways to improve
broadband policies, share best practices,
and connect communities to other
federal agencies and funding sources for
the purpose of expanding broadband
infrastructure and adoption throughout
America’s communities. The Charleston
workshop will explore two specific
topics for broadband infrastructure:
Planning and funding.
The Charleston workshop will feature
subject matter experts from NTIA’s
BroadbandUSA broadband program.
The first session will explore key
elements required for planning
successful broadband projects. The
second session will explore funding
models, including federal programs that
fund broadband infrastructure projects.
The Charleston workshop will be
open to the public. Pre-registration is
requested, and space is limited. NTIA
will ask registrants to provide their first
and last names and email addresses for
both registration purposes and to
receive any updates on the workshop. If
capacity for the meeting is reached,
NTIA will maintain a waiting list and
will inform those on the waiting list if
space becomes available. Meeting
updates, changes in the agenda, if any,
and relevant documents will also be
available on NTIA’s Web site at https://
www2.ntia.doc.gov/notice-09192017workshop.
The public meeting is physically
accessible to people with disabilities.
Individuals requiring accommodations,
such as language interpretation or other
ancillary aids, are asked to notify Giselle
Sanders at the contact information listed
above at least five (5) business days
before the meeting.
Dated: July 27, 2017.
Kathy D. Smith,
Chief Counsel, National Telecommunications
and Information Administration.
[FR Doc. 2017–16154 Filed 7–31–17; 8:45 am]
BILLING CODE 3510–60–P
COMMODITY FUTURES TRADING
COMMISSION
Agency Information Collection
Activities Under OMB Review
Commodity Futures Trading
Commission.
ACTION: Notice.
AGENCY:
In compliance with the
Paperwork Reduction Act of 1995
(PRA), this notice announces that the
SUMMARY:
PO 00000
Frm 00022
Fmt 4703
Sfmt 4703
Information Collection Request (ICR)
abstracted below has been forwarded to
the Office of Management and Budget
(OMB) for review and comment. The
ICR describes the nature of the
information collection and its expected
costs and burden.
DATES: Comments must be submitted on
or before August 31, 2017.
ADDRESSES: Comments regarding the
burden estimate or any other aspect of
the information collection, including
suggestions for reducing the burden,
may be submitted directly to the Office
of Information and Regulatory Affairs
(OIRA) in OMB within 30 days of this
notice’s publication by either of the
following methods. Please identify the
comments by ‘‘OMB Control No. 3038–
0081’’.
• By email addressed to:
OIRAsubmissions@omb.eop.gov or
• By mail addressed to: the Office of
Information and Regulatory Affairs,
Office of Management and Budget,
Attention Desk Officer for the
Commodity Futures Trading
Commission, 725 17th Street NW.,
Washington, DC 20503.
A copy of all comments submitted to
OIRA should be sent to the Commodity
Futures Trading Commission (the
‘‘Commission’’) by either of the
following methods. The copies should
refer to ‘‘OMB Control No. 3038–0081’’.
• By mail addressed to: Christopher
Kirkpatrick, Secretary of the
Commission, Commodity Futures
Trading Commission, Three Lafayette
Centre, 1155 21st Street NW.,
Washington, DC 20581;
• By Hand Delivery/Courier to the
same address; or
• Through the Commission’s Web site
at https://comments.cftc.gov. Please
follow the instructions for submitting
comments through the Web site.
A copy of the supporting statement
for the collection of information
discussed herein may be obtained by
visiting https://RegInfo.gov.
All comments must be submitted in
English, or if not, accompanied by an
English translation. Comments will be
posted as received to https://
www.cftc.gov. You should submit only
information that you wish to make
available publicly. If you wish the
Commission to consider information
that you believe is exempt from
disclosure under the Freedom of
Information Act, a petition for
confidential treatment of the exempt
information may be submitted according
to the procedures established in § 145.9
of the Commission’s regulations.1 The
1 17
E:\FR\FM\01AUN1.SGM
CFR 145.9.
01AUN1
]]>Agencies
[Federal Register Volume 82, Number 146 (Tuesday, August 1, 2017)]
[Notices]
[Pages 35762-35764]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-16155]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Telecommunications and Information Administration
Multistakeholder Process on Internet of Things Security
Upgradability and Patching
AGENCY: National Telecommunications and Information Administration,
U.S. Department of Commerce.
ACTION: Notice of open meeting.
-----------------------------------------------------------------------
SUMMARY: The National Telecommunications and Information Administration
(NTIA) will convene a meeting of a multistakeholder process on Internet
of Things Security Upgradability and Patching on September 12, 2017.
DATES: The meeting will be held on September 12, 2017, from 10:00 a.m.
to 4:00 p.m., Eastern Time. See SUPPLEMENTARY INFORMATION for details.
ADDRESSES: The meeting will be held at the American Institute of
Architects, 1735 New York Ave. NW., Washington, DC 20006.
FOR FURTHER INFORMATION CONTACT: Allan Friedman, National
Telecommunications and Information Administration, U.S. Department of
Commerce, 1401 Constitution Avenue NW., Room 4725, Washington, DC
20230; telephone: (202) 482-4281; email: afriedman@ntia.doc.gov. Please
direct media inquiries to NTIA's Office of Public Affairs: (202) 482-
7002; email: press@ntia.doc.gov.
SUPPLEMENTARY INFORMATION:
Background: In March of 2015 the National Telecommunications and
Information Administration issued a Request for Comment to ``identify
substantive cybersecurity issues that affect the digital ecosystem and
digital economic growth where broad consensus, coordinated action, and
the development of best practices could substantially improve security
for organizations and consumers.'' \1\ We received comments from a
range of
[[Page 35763]]
stakeholders, including trade associations, large companies,
cybersecurity startups, civil society organizations and independent
computer security experts.\2\ The comments recommended a diverse set of
issues that might be addressed through the multistakeholder process,
including cybersecurity policy and practice in the emerging area of
Internet of Things (IoT).
---------------------------------------------------------------------------
\1\ U.S. Department of Commerce, Internet Policy Task Force,
Request for Public Comment, Stakeholder Engagement on Cybersecurity
in the Digital Ecosystem, 80 FR 14360, Docket No. 150312253-5253-01
(Mar. 19, 2015), available at: https://www.ntia.doc.gov/files/ntia/publications/cybersecurity_rfc_03192015.pdf.
\2\ NTIA has posted the public comments received at https://www.ntia.doc.gov/federal-register-notice/2015/comments-stakeholder-engagement-cybersecurity-digital-ecosystem.
---------------------------------------------------------------------------
In a separate but related matter in April 2016, NTIA, the
Department's Internet Policy Task Force, and its Digital Economy
Leadership Team sought comments on the benefits, challenges, and
potential roles for the government in fostering the advancement of the
Internet of Things.'' \3\ Over 130 stakeholders responded with comments
addressing many substantive issues and opportunities related to IoT.\4\
Security was one of the most common topics raised. Many commenters
emphasized the need for a secure lifecycle approach to IoT devices that
considers the development, maintenance, and end-of-life phases and
decisions for a device.
---------------------------------------------------------------------------
\3\ U.S. Department of Commerce, Internet Policy Task Force,
Request for Public Comment, Benefits, Challenges, and Potential
Roles for the Government in Fostering the Advancement of the
Internet of Things, 81 FR 19956, Docket No 160331306-6306-01 (April
5, 2016), available at: https://www.ntia.doc.gov/federal-register-notice/2016/rfc-potential-roles-government-fostering-advancement-internet-of-things.
\4\ NTIA has posted the public comments received at https://www.ntia.doc.gov/federal-register-notice/2016/comments-potential-roles-government-fostering-advancement-internet-of-things.
---------------------------------------------------------------------------
After reviewing these comments, NTIA announced that the next
multistakeholder process on cybersecurity would be on IoT security
upgradability and patching.\5\ The first meeting of a multistakeholder
process on this topic was held on October 19, 2016.\6\ Subsequent
meetings were held on January 31, 2017,\7\ April 26, 2017,\8\ and July
18, 2017.\9\
---------------------------------------------------------------------------
\5\ NTIA, Increasing the Potential of IoT through Security and
Transparency (Aug. 2, 2016), available at: https://www.ntia.doc.gov/blog/2016/increasing-potential-iot-through-security-and-transparency.
\6\ NTIA, Notice of Multistakeholder Process on Internet of
Things Security Upgradability and Patching Open Meeting (Sept. 15,
2016), available at: https://www.ntia.doc.gov/federal-register-notice/2016/10192016-meeting-notice-msp-iot-security-upgradability-patching.
\7\ NTIA, Notice of 01/31/2017 Meeting of the Multistakeholder
Process on Internet of Things Security Upgradability and Patching
(January 11, 2017), available at https://www.ntia.doc.gov/federal-register-notice/2017/notice-01312017-meeting-multistakeholder-process-internet-things.
\8\ NTIA, Notice of 04/26/2017 Meeting of the Multistakeholder
Process on Internet of Things Security Upgradability and Patching,
available at https://www.ntia.doc.gov/federal-register-notice/2017/notice-04262017-meeting-multistakeholder-process-internet-things.
\9\ NTIA, Notice of 07/18/2017 Meeting of the Multistakeholder
Process on Internet of Things Security Upgradability and Patching,
available at https://www.ntia.doc.gov/federal-register/2017/notice-07182017-iot-security-virtual-meeting.
---------------------------------------------------------------------------
The matter of patching vulnerable systems is now an accepted part
of cybersecurity.\10\ Unaddressed technical flaws in systems leave the
users of software and systems at risk. The nature of these risks
varies, and mitigating these risks requires various efforts from the
developers and owners of these systems. One of the more common means of
mitigation is for the developer or other maintaining party to issue a
security patch to address the vulnerability. Patching has become more
commonly accepted, even for consumers, as more operating systems and
applications shift to visible reminders and automated updates. Yet as
one security expert notes, this evolution of the software industry has
yet to become the dominant model in IoT.\11\
---------------------------------------------------------------------------
\10\ See, e.g. Murugiah Souppaya and Karen Scarfone, Guide to
Enterprise Patch Management Technologies, Special Publication 800-40
Revision 3, National Institute of Standards and Technology, NIST SP
800-40 (2013) available at: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r3.pdf.
\11\ Bruce Schneier, The Internet of Things Is Wildly Insecure--
And Often Unpatchable, Wired (Jan. 6, 2014) available at: https://www.schneier.com/blog/archives/2014/01/security_risks_9.html.
---------------------------------------------------------------------------
To help realize the full innovative potential of IoT, users need
reasonable assurance that connected devices, embedded systems, and
their applications will be secure. A key part of that security is the
mitigation of potential security vulnerabilities in IoT devices or
applications through patching and security upgrades.
The ultimate objective of the multistakeholder process is to foster
a market offering more devices and systems that support security
upgrades through increased consumer awareness and understanding.
Enabling a thriving market for patchable IoT requires common
definitions so that manufacturers and solution providers have shared
visions for security, and consumers know what they are purchasing.
Currently, no such common, widely accepted definitions exist, so many
manufacturers struggle to effectively communicate to consumers the
security features of their devices. This is detrimental to the digital
ecosystem as a whole, as it does not reward companies that invest in
patching and it prevents consumers from making informed purchasing
choices.
Stakeholders have identified four distinct work streams that could
help foster better security across the ecosystem, and focused their
efforts in four working groups addressing both technical and policy
issues.\12\ The main objectives of the September 12, 2017, meeting are
to discuss stakeholder comments on draft working group documents, and,
where possible, to finalize working group documents. More information
about stakeholders' work is available at: https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security.
---------------------------------------------------------------------------
\12\ Documents shared by working group stakeholders are
available at: https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security.
---------------------------------------------------------------------------
Time and Date: NTIA will convene a meeting of the multistakeholder
process on Internet of Things Security Upgradability and Patching on
September 12, 2017, from 10:00 a.m. to 4:00 p.m., Eastern Time. The
meeting date and time are subject to change. Please refer to NTIA's Web
site, https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security, for the most current information.
Place: The meeting will be held at the American Institute of
Architects, 1735 New York Ave. NW., Washington, DC 20006. The location
of the meeting is subject to change. Please refer to NTIA's Web site,
https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security, for the most current information.
Other Information: The meeting is open to the public and the press.
The meeting is physically accessible to people with disabilities.
Requests for sign language interpretation or other auxiliary aids
should be directed to Allan Friedman at (202) 482-4281 or
afriedman@ntia.doc.gov at least seven (7) business days prior to the
meeting. The meeting will also be webcast. Requests for real-time
captioning of the webcast or other auxiliary aids should be directed to
Allan Friedman at (202) 482-4281 or afriedman@ntia.doc.gov at least
seven (7) business days prior to the meeting. There will be an
opportunity for stakeholders viewing the webcast to
[[Page 35764]]
participate remotely in the meeting through a moderated conference
bridge, including polling functionality. Access details for the meeting
are subject to change. Please refer to NTIA's Web site, https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security, for the most current information.
Dated: July 27, 2017.
Kathy D. Smith,
Chief Counsel, National Telecommunications and Information
Administration.
[FR Doc. 2017-16155 Filed 7-31-17; 8:45 am]
BILLING CODE 3510-60-P
