Multistakeholder Process on Internet of Things Security Upgradability and Patching, 47482-47483 [2017-21976]
Download as PDF
<![CDATA[
47482
Federal Register / Vol. 82, No. 196 / Thursday, October 12, 2017 / Notices
before issuing its preliminary
determination in this investigation. For
this reason, the Department is deferring
the preliminary determination, and
expects to issue the determination by
November 17, 2017.
In accordance with section 735(a)(1)
of the Act, the deadline for the final
determination of this investigation will
continue to be 75 days after the date of
the preliminary determination, unless
postponed at a later date.
Dated: October 4, 2017.
Gary Taverman,
Deputy Assistant Secretary for Antidumping
and Countervailing Duty Operations,
performing the non-exclusive functions and
duties of the Assistant Secretary for
Enforcement and Compliance.
[FR Doc. 2017–22070 Filed 10–11–17; 8:45 am]
BILLING CODE 3510–DS–P
DEPARTMENT OF COMMERCE
National Oceanic and Atmospheric
Administration
RIN 0648–XF741
New England Fishery Management
Council; Public Meeting
National Marine Fisheries
Service (NMFS), National Oceanic and
Atmospheric Administration (NOAA),
Commerce.
ACTION: Notice; public meeting.
AGENCY:
The New England Fishery
Management Council (Council) is
scheduling a public meeting of its
Scallop Committee to consider actions
affecting New England fisheries in the
exclusive economic zone (EEZ).
Recommendations from this group will
be brought to the full Council for formal
consideration and action, if appropriate.
DATES: This meeting will be held on
Thursday, October 26, 2017 at 9:30 a.m.
ADDRESSES: The meeting will be held at
the Hilton Garden Inn Logan Airport,
100 Boardman Street, Boston, MA
02128; phone: (617) 567–6789.
Council Address: New England
Fishery Management Council, 50 Water
Street, Mill 2, Newburyport, MA 01950.
FOR FURTHER INFORMATION CONTACT:
Thomas A. Nies, Executive Director,
New England Fishery Management
Council; telephone: (978) 465–0492.
SUPPLEMENTARY INFORMATION:
asabaliauskas on DSKBBXCHB2PROD with NOTICES
SUMMARY:
Agenda
The Scallop Committee will review
Framework (FW) 29 alternatives and
analyses. The primary focus of this
meeting will be to provide input on the
range of specification alternatives. FW
VerDate Sep<11>2014
22:35 Oct 11, 2017
Jkt 244001
29 will set specifications including
ABC/ACLs, days at sea, access area
allocations, total allowable catch for the
Northern Gulf of Maine (NGOM)
management area, targets for General
Category incidental catch and set-asides
for the observer and research programs
for fishing year 2018 and default
specifications for fishing year 2019.
Management measures in FW 29
include: (1) Flatfish accountability
measures; (2) NGOM Management
measures; (3) Measures to access area
boundaries consistent with potential
changes to habitat and groundfish
mortality closed areas. They will also
make recommendations on 2018 scallop
work priorities. The PDT and AP will
discuss scallop related issues under
consideration in groundfish FW 57.
Other business may be discussed as
necessary.
Although non-emergency issues not
contained in this agenda may come
before this group for discussion, those
issues may not be the subject of formal
action during these meetings. Action
will be restricted to those issues
specifically listed in this notice and any
issues arising after publication of this
notice that require emergency action
under section 305(c) of the MagnusonStevens Act, provided the public has
been notified of the Council’s intent to
take final action to address the
emergency.
Special Accommodations
This meeting is physically accessible
to people with disabilities. Requests for
sign language interpretation or other
auxiliary aids should be directed to
Thomas A. Nies, Executive Director, at
(978) 465–0492, at least 5 days prior to
the meeting date. Consistent with 16
U.S.C. 1852, a copy of the recording is
available upon request.
Authority: 16 U.S.C. 1801 et seq.
Dated: October 6, 2017.
Jeffrey N. Lonergan,
Acting Deputy Director, Office of Sustainable
Fisheries, National Marine Fisheries Service.
[FR Doc. 2017–22060 Filed 10–11–17; 8:45 am]
BILLING CODE 3510–22–P
DEPARTMENT OF COMMERCE
National Telecommunications and
Information Administration
Multistakeholder Process on Internet
of Things Security Upgradability and
Patching
National Telecommunications
and Information Administration, U.S.
Department of Commerce.
AGENCY:
PO 00000
Frm 00037
Fmt 4703
Sfmt 4703
ACTION:
Notice of open meeting.
The National
Telecommunications and Information
Administration (NTIA) will convene a
virtual meeting of a multistakeholder
process on Internet of Things Security
Upgradability and Patching on
November 8, 2017. This is the sixth in
a series of meetings. For information on
prior meetings, see Web site address
below.
SUMMARY:
The virtual meeting will be held
on November 8, 2017, from 2:00 p.m. to
4:30 p.m., Eastern Time. See
Supplementary Information for details.
DATES:
This is a virtual meeting.
NTIA will post links to online content
and dial-in information on the
multistakeholder process Web site at
https://www.ntia.doc.gov/otherpublication/2016/multistakeholderprocess-iot-security.
ADDRESSES:
FOR FURTHER INFORMATION CONTACT:
Allan Friedman, National
Telecommunications and Information
Administration, U.S. Department of
Commerce, 1401 Constitution Avenue
NW., Room 4725, Washington, DC
20230; telephone: (202) 482–4281;
email: afriedman@ntia.doc.gov. Please
direct media inquiries to NTIA’s Office
of Public Affairs: (202) 482–7002; email:
press@ntia.doc.gov.
SUPPLEMENTARY INFORMATION:
Background: In March of 2015, the
National Telecommunications and
Information Administration issued a
Request for Comment to ‘‘identify
substantive cybersecurity issues that
affect the digital ecosystem and digital
economic growth where broad
consensus, coordinated action, and the
development of best practices could
substantially improve security for
organizations and consumers.’’ 1 We
received comments from a range of
stakeholders, including trade
associations, large companies,
cybersecurity startups, civil society
organizations and independent
computer security experts.2 The
comments recommended a diverse set of
issues that might be addressed through
the multistakeholder process, including
cybersecurity policy and practice in the
1 U.S. Department of Commerce, Internet Policy
Task Force, Request for Public Comment,
Stakeholder Engagement on Cybersecurity in the
Digital Ecosystem, 80 FR 14360, Docket No.
150312253–5253–01 (Mar. 19, 2015), available at:
https://www.ntia.doc.gov/files/ntia/publications/
cybersecurity_rfc_03192015.pdf.
2 NTIA has posted the public comments received
at https://www.ntia.doc.gov/federal-register-notice/
2015/comments-stakeholder-engagementcybersecurity-digital-ecosystem.
E:\FR\FM\12OCN1.SGM
12OCN1
Federal Register / Vol. 82, No. 196 / Thursday, October 12, 2017 / Notices
asabaliauskas on DSKBBXCHB2PROD with NOTICES
emerging area of Internet of Things
(IoT).
In a separate but related matter in
April 2016, NTIA, the Department’s
Internet Policy Task Force, and its
Digital Economy Leadership Team
sought comments on the benefits,
challenges, and potential roles for the
government in fostering the
advancement of the Internet of
Things.’’ 3 Over 130 stakeholders
responded with comments addressing
many substantive issues and
opportunities related to IoT.4 Security
was one of the most common topics
raised. Many commenters emphasized
the need for a secure lifecycle approach
to IoT devices that considers the
development, maintenance, and end-oflife phases and decisions for a device.
After reviewing these comments,
NTIA announced that the next
multistakeholder process on
cybersecurity would be on IoT security
upgradability and patching.5 NTIA
subsequently announced that the first
meeting of a multistakeholder process
on this topic would be held on October
19, 2016.6 NTIA has convened five
subsequent virtual or in-person
meetings.7
The matter of patching vulnerable
systems is now an accepted part of
cybersecurity.8 Unaddressed technical
flaws in systems leave the users of
software and systems at risk. The nature
of these risks varies, and mitigating
these risks requires various efforts from
the developers and owners of these
systems. One of the more common
3 U.S. Department of Commerce, Internet Policy
Task Force, Request for Public Comment, Benefits,
Challenges, and Potential Roles for the Government
in Fostering the Advancement of the Internet of
Things, 81 FR 19956, Docket No. 160331306–6306–
01 (April 5, 2016), available at: https://
www.ntia.doc.gov/federal-register-notice/2016/rfcpotential-roles-government-fostering-advancementinternet-of-things.
4 NTIA has posted the public comments received
at https://www.ntia.doc.gov/federal-register-notice/
2016/comments-potential-roles-governmentfostering-advancement-internet-of-things.
5 NTIA, Increasing the Potential of IoT through
Security and Transparency (Aug. 2, 2016), available
at: https://www.ntia.doc.gov/blog/2016/increasingpotential-iot-through-security-and-transparency.
6 NTIA, Notice of Multistakeholder Process on
Internet of Things Security Upgradability and
Patching Open Meeting (Sept. 15, 2016), available
at: https://www.ntia.doc.gov/federal-register-notice/
2016/10192016-meeting-notice-msp-iot-securityupgradability-patching.
7 Federal Register Notices, Agendas, and
Documents of these meetings are available at:
https://www.ntia.doc.gov/other-publication/2016/
multistakeholder-process-iot-security.
8 See, e.g. Murugiah Souppaya and Karen
Scarfone, Guide to Enterprise Patch Management
Technologies, Special Publication 800–40 Revision
3, National Institute of Standards and Technology,
NIST SP 800–40 (2013) available at: https://
nvlpubs.nist.gov/nistpubs/SpecialPublications/
NIST.SP.800–40r3.pdf.
VerDate Sep<11>2014
22:35 Oct 11, 2017
Jkt 244001
means of mitigation is for the developer
or other maintaining party to issue a
security patch to address the
vulnerability. Patching has become
more commonly accepted, even for
consumers, as more operating systems
and applications shift to visible
reminders and automated updates. Yet
as one security expert notes, this
evolution of the software industry has
yet to become the dominant model in
IoT.9
To help realize the full innovative
potential of IoT, users need reasonable
assurance that connected devices,
embedded systems, and their
applications will be secure. A key part
of that security is the mitigation of
potential security vulnerabilities in IoT
devices or applications through
patching and security upgrades.
The ultimate objective of the
multistakeholder process is to foster a
market offering more devices and
systems that support security upgrades
through increased consumer awareness
and understanding. Enabling a thriving
market for patchable IoT requires
common definitions so that
manufacturers and solution providers
have shared visions for security, and
consumers know what they are
purchasing. Currently, no such
common, widely accepted definitions
exist, so many manufacturers struggle to
effectively communicate to consumers
the security features of their devices.
This is detrimental to the digital
ecosystem as a whole, as it does not
reward companies that invest in
patching and it prevents consumers
from making informed purchasing
choices.
Stakeholders have identified four
distinct work streams that could help
foster better security across the
ecosystem, one of which has produced
a consensus document.10 The main
objectives of the November 8, 2017,
meeting are to share progress from the
continuing working groups and
potentially come to consensus around
final products. Stakeholders will also
discuss how the outputs of the different
work streams can complement each
other, and what next steps will be in
promoting awareness and use of the
outputs. More information about
stakeholders’ work is available at:
https://www.ntia.doc.gov/other9 Bruce Schneier, The Internet of Things Is Wildly
Insecure—And Often Unpatchable, Wired (Jan. 6,
2014) available at: https://www.schneier.com/blog/
archives/2014/01/security_risks_9.html.
10 Documents shared by working group
stakeholders are available at: https://
www.ntia.doc.gov/other-publication/2016/
multistakeholder-process-iot-security.
PO 00000
Frm 00038
Fmt 4703
Sfmt 4703
47483
publication/2016/multistakeholderprocess-iot-security.
Time and Date: NTIA will convene a
virtual meeting of the multistakeholder
process on Internet of Things Security
Upgradability and Patching on
November 8, 2017, from 2:00 p.m. to
4:30 p.m., Eastern Time. The meeting
date and time are subject to change.
Please refer to NTIA’s Web site, https://
www.ntia.doc.gov/other-publication/
2016/multistakeholder-process-iotsecurity, for the most current
information.
Place: This is a virtual meeting. NTIA
will post links to online content and
dial-in information on the
multistakeholder process Web site at
https://www.ntia.doc.gov/otherpublication/2016/multistakeholderprocess-iot-security.
Other Information: The meeting is
open to the public and the press. There
will be an opportunity for stakeholders
viewing the webcast to participate
remotely in the meeting through a
moderated conference bridge, including
polling functionality. Access details for
the meeting are subject to change. Please
refer to NTIA’s Web site, https://
www.ntia.doc.gov/other-publication/
2016/multistakeholder-process-iotsecurity, for the most current
information.
The meeting is also accessible to
people with disabilities. Individuals
requiring accommodations, such as
other auxiliary aids, are asked to notify
Allan Friedman at the contact
information listed above at least seven
(7) business days prior to the meeting.
Dated: October 5, 2017.
Kathy D. Smith,
Chief Counsel, National Telecommunications
and Information Administration.
[FR Doc. 2017–21976 Filed 10–11–17; 8:45 am]
BILLING CODE 3510–60–P
CONSUMER PRODUCT SAFETY
COMMISSION
Sunshine Act Meeting Notice
Wednesday, October 18,
2017, 10:00 a.m.–12:00 p.m.
PLACE: Hearing Room 420, Bethesda
Towers, 4330 East West Highway,
Bethesda, MD.
STATUS: Commission Meeting—Open to
the Public.
MATTER TO BE CONSIDERED: Decisional
Matter: (1) Prohibition of Children’s
Toys and Child Care Articles Containing
Specified Phthalates—Final Rule; (2)
Revision to the Notice of Requirements
(NOR) for Prohibition of Children’s Toys
and Child Care Articles Containing
TIME AND DATE:
E:\FR\FM\12OCN1.SGM
12OCN1
]]>Agencies
[Federal Register Volume 82, Number 196 (Thursday, October 12, 2017)]
[Notices]
[Pages 47482-47483]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-21976]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Telecommunications and Information Administration
Multistakeholder Process on Internet of Things Security
Upgradability and Patching
AGENCY: National Telecommunications and Information Administration,
U.S. Department of Commerce.
ACTION: Notice of open meeting.
-----------------------------------------------------------------------
SUMMARY: The National Telecommunications and Information Administration
(NTIA) will convene a virtual meeting of a multistakeholder process on
Internet of Things Security Upgradability and Patching on November 8,
2017. This is the sixth in a series of meetings. For information on
prior meetings, see Web site address below.
DATES: The virtual meeting will be held on November 8, 2017, from 2:00
p.m. to 4:30 p.m., Eastern Time. See Supplementary Information for
details.
ADDRESSES: This is a virtual meeting. NTIA will post links to online
content and dial-in information on the multistakeholder process Web
site at https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security.
FOR FURTHER INFORMATION CONTACT: Allan Friedman, National
Telecommunications and Information Administration, U.S. Department of
Commerce, 1401 Constitution Avenue NW., Room 4725, Washington, DC
20230; telephone: (202) 482-4281; email: afriedman@ntia.doc.gov. Please
direct media inquiries to NTIA's Office of Public Affairs: (202) 482-
7002; email: press@ntia.doc.gov.
SUPPLEMENTARY INFORMATION:
Background: In March of 2015, the National Telecommunications and
Information Administration issued a Request for Comment to ``identify
substantive cybersecurity issues that affect the digital ecosystem and
digital economic growth where broad consensus, coordinated action, and
the development of best practices could substantially improve security
for organizations and consumers.'' \1\ We received comments from a
range of stakeholders, including trade associations, large companies,
cybersecurity startups, civil society organizations and independent
computer security experts.\2\ The comments recommended a diverse set of
issues that might be addressed through the multistakeholder process,
including cybersecurity policy and practice in the
[[Page 47483]]
emerging area of Internet of Things (IoT).
---------------------------------------------------------------------------
\1\ U.S. Department of Commerce, Internet Policy Task Force,
Request for Public Comment, Stakeholder Engagement on Cybersecurity
in the Digital Ecosystem, 80 FR 14360, Docket No. 150312253-5253-01
(Mar. 19, 2015), available at: https://www.ntia.doc.gov/files/ntia/publications/cybersecurity_rfc_03192015.pdf.
\2\ NTIA has posted the public comments received at https://www.ntia.doc.gov/federal-register-notice/2015/comments-stakeholder-engagement-cybersecurity-digital-ecosystem.
---------------------------------------------------------------------------
In a separate but related matter in April 2016, NTIA, the
Department's Internet Policy Task Force, and its Digital Economy
Leadership Team sought comments on the benefits, challenges, and
potential roles for the government in fostering the advancement of the
Internet of Things.'' \3\ Over 130 stakeholders responded with comments
addressing many substantive issues and opportunities related to IoT.\4\
Security was one of the most common topics raised. Many commenters
emphasized the need for a secure lifecycle approach to IoT devices that
considers the development, maintenance, and end-of-life phases and
decisions for a device.
---------------------------------------------------------------------------
\3\ U.S. Department of Commerce, Internet Policy Task Force,
Request for Public Comment, Benefits, Challenges, and Potential
Roles for the Government in Fostering the Advancement of the
Internet of Things, 81 FR 19956, Docket No. 160331306-6306-01 (April
5, 2016), available at: https://www.ntia.doc.gov/federal-register-notice/2016/rfc-potential-roles-government-fostering-advancement-internet-of-things.
\4\ NTIA has posted the public comments received at https://www.ntia.doc.gov/federal-register-notice/2016/comments-potential-roles-government-fostering-advancement-internet-of-things.
---------------------------------------------------------------------------
After reviewing these comments, NTIA announced that the next
multistakeholder process on cybersecurity would be on IoT security
upgradability and patching.\5\ NTIA subsequently announced that the
first meeting of a multistakeholder process on this topic would be held
on October 19, 2016.\6\ NTIA has convened five subsequent virtual or
in-person meetings.\7\
---------------------------------------------------------------------------
\5\ NTIA, Increasing the Potential of IoT through Security and
Transparency (Aug. 2, 2016), available at: https://www.ntia.doc.gov/blog/2016/increasing-potential-iot-through-security-and-transparency.
\6\ NTIA, Notice of Multistakeholder Process on Internet of
Things Security Upgradability and Patching Open Meeting (Sept. 15,
2016), available at: https://www.ntia.doc.gov/federal-register-notice/2016/10192016-meeting-notice-msp-iot-security-upgradability-patching.
\7\ Federal Register Notices, Agendas, and Documents of these
meetings are available at: https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security.
---------------------------------------------------------------------------
The matter of patching vulnerable systems is now an accepted part
of cybersecurity.\8\ Unaddressed technical flaws in systems leave the
users of software and systems at risk. The nature of these risks
varies, and mitigating these risks requires various efforts from the
developers and owners of these systems. One of the more common means of
mitigation is for the developer or other maintaining party to issue a
security patch to address the vulnerability. Patching has become more
commonly accepted, even for consumers, as more operating systems and
applications shift to visible reminders and automated updates. Yet as
one security expert notes, this evolution of the software industry has
yet to become the dominant model in IoT.\9\
---------------------------------------------------------------------------
\8\ See, e.g. Murugiah Souppaya and Karen Scarfone, Guide to
Enterprise Patch Management Technologies, Special Publication 800-40
Revision 3, National Institute of Standards and Technology, NIST SP
800-40 (2013) available at: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r3.pdf.
\9\ Bruce Schneier, The Internet of Things Is Wildly Insecure--
And Often Unpatchable, Wired (Jan. 6, 2014) available at: https://www.schneier.com/blog/archives/2014/01/security_risks_9.html.
---------------------------------------------------------------------------
To help realize the full innovative potential of IoT, users need
reasonable assurance that connected devices, embedded systems, and
their applications will be secure. A key part of that security is the
mitigation of potential security vulnerabilities in IoT devices or
applications through patching and security upgrades.
The ultimate objective of the multistakeholder process is to foster
a market offering more devices and systems that support security
upgrades through increased consumer awareness and understanding.
Enabling a thriving market for patchable IoT requires common
definitions so that manufacturers and solution providers have shared
visions for security, and consumers know what they are purchasing.
Currently, no such common, widely accepted definitions exist, so many
manufacturers struggle to effectively communicate to consumers the
security features of their devices. This is detrimental to the digital
ecosystem as a whole, as it does not reward companies that invest in
patching and it prevents consumers from making informed purchasing
choices.
Stakeholders have identified four distinct work streams that could
help foster better security across the ecosystem, one of which has
produced a consensus document.\10\ The main objectives of the November
8, 2017, meeting are to share progress from the continuing working
groups and potentially come to consensus around final products.
Stakeholders will also discuss how the outputs of the different work
streams can complement each other, and what next steps will be in
promoting awareness and use of the outputs. More information about
stakeholders' work is available at: https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security.
---------------------------------------------------------------------------
\10\ Documents shared by working group stakeholders are
available at: https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security.
---------------------------------------------------------------------------
Time and Date: NTIA will convene a virtual meeting of the
multistakeholder process on Internet of Things Security Upgradability
and Patching on November 8, 2017, from 2:00 p.m. to 4:30 p.m., Eastern
Time. The meeting date and time are subject to change. Please refer to
NTIA's Web site, https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security, for the most current
information.
Place: This is a virtual meeting. NTIA will post links to online
content and dial-in information on the multistakeholder process Web
site at https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security.
Other Information: The meeting is open to the public and the press.
There will be an opportunity for stakeholders viewing the webcast to
participate remotely in the meeting through a moderated conference
bridge, including polling functionality. Access details for the meeting
are subject to change. Please refer to NTIA's Web site, https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security, for the most current information.
The meeting is also accessible to people with disabilities.
Individuals requiring accommodations, such as other auxiliary aids, are
asked to notify Allan Friedman at the contact information listed above
at least seven (7) business days prior to the meeting.
Dated: October 5, 2017.
Kathy D. Smith,
Chief Counsel, National Telecommunications and Information
Administration.
[FR Doc. 2017-21976 Filed 10-11-17; 8:45 am]
BILLING CODE 3510-60-P
