Multistakeholder Process on Internet of Things Security Upgradability and Patching, 47482-47483 [2017-21976]

Download as PDF 47482 Federal Register / Vol. 82, No. 196 / Thursday, October 12, 2017 / Notices before issuing its preliminary determination in this investigation. For this reason, the Department is deferring the preliminary determination, and expects to issue the determination by November 17, 2017. In accordance with section 735(a)(1) of the Act, the deadline for the final determination of this investigation will continue to be 75 days after the date of the preliminary determination, unless postponed at a later date. Dated: October 4, 2017. Gary Taverman, Deputy Assistant Secretary for Antidumping and Countervailing Duty Operations, performing the non-exclusive functions and duties of the Assistant Secretary for Enforcement and Compliance. [FR Doc. 2017–22070 Filed 10–11–17; 8:45 am] BILLING CODE 3510–DS–P DEPARTMENT OF COMMERCE National Oceanic and Atmospheric Administration RIN 0648–XF741 New England Fishery Management Council; Public Meeting National Marine Fisheries Service (NMFS), National Oceanic and Atmospheric Administration (NOAA), Commerce. ACTION: Notice; public meeting. AGENCY: The New England Fishery Management Council (Council) is scheduling a public meeting of its Scallop Committee to consider actions affecting New England fisheries in the exclusive economic zone (EEZ). Recommendations from this group will be brought to the full Council for formal consideration and action, if appropriate. DATES: This meeting will be held on Thursday, October 26, 2017 at 9:30 a.m. ADDRESSES: The meeting will be held at the Hilton Garden Inn Logan Airport, 100 Boardman Street, Boston, MA 02128; phone: (617) 567–6789. Council Address: New England Fishery Management Council, 50 Water Street, Mill 2, Newburyport, MA 01950. FOR FURTHER INFORMATION CONTACT: Thomas A. Nies, Executive Director, New England Fishery Management Council; telephone: (978) 465–0492. SUPPLEMENTARY INFORMATION: asabaliauskas on DSKBBXCHB2PROD with NOTICES SUMMARY: Agenda The Scallop Committee will review Framework (FW) 29 alternatives and analyses. The primary focus of this meeting will be to provide input on the range of specification alternatives. FW VerDate Sep<11>2014 22:35 Oct 11, 2017 Jkt 244001 29 will set specifications including ABC/ACLs, days at sea, access area allocations, total allowable catch for the Northern Gulf of Maine (NGOM) management area, targets for General Category incidental catch and set-asides for the observer and research programs for fishing year 2018 and default specifications for fishing year 2019. Management measures in FW 29 include: (1) Flatfish accountability measures; (2) NGOM Management measures; (3) Measures to access area boundaries consistent with potential changes to habitat and groundfish mortality closed areas. They will also make recommendations on 2018 scallop work priorities. The PDT and AP will discuss scallop related issues under consideration in groundfish FW 57. Other business may be discussed as necessary. Although non-emergency issues not contained in this agenda may come before this group for discussion, those issues may not be the subject of formal action during these meetings. Action will be restricted to those issues specifically listed in this notice and any issues arising after publication of this notice that require emergency action under section 305(c) of the MagnusonStevens Act, provided the public has been notified of the Council’s intent to take final action to address the emergency. Special Accommodations This meeting is physically accessible to people with disabilities. Requests for sign language interpretation or other auxiliary aids should be directed to Thomas A. Nies, Executive Director, at (978) 465–0492, at least 5 days prior to the meeting date. Consistent with 16 U.S.C. 1852, a copy of the recording is available upon request. Authority: 16 U.S.C. 1801 et seq. Dated: October 6, 2017. Jeffrey N. Lonergan, Acting Deputy Director, Office of Sustainable Fisheries, National Marine Fisheries Service. [FR Doc. 2017–22060 Filed 10–11–17; 8:45 am] BILLING CODE 3510–22–P DEPARTMENT OF COMMERCE National Telecommunications and Information Administration Multistakeholder Process on Internet of Things Security Upgradability and Patching National Telecommunications and Information Administration, U.S. Department of Commerce. AGENCY: PO 00000 Frm 00037 Fmt 4703 Sfmt 4703 ACTION: Notice of open meeting. The National Telecommunications and Information Administration (NTIA) will convene a virtual meeting of a multistakeholder process on Internet of Things Security Upgradability and Patching on November 8, 2017. This is the sixth in a series of meetings. For information on prior meetings, see Web site address below. SUMMARY: The virtual meeting will be held on November 8, 2017, from 2:00 p.m. to 4:30 p.m., Eastern Time. See Supplementary Information for details. DATES: This is a virtual meeting. NTIA will post links to online content and dial-in information on the multistakeholder process Web site at https://www.ntia.doc.gov/otherpublication/2016/multistakeholderprocess-iot-security. ADDRESSES: FOR FURTHER INFORMATION CONTACT: Allan Friedman, National Telecommunications and Information Administration, U.S. Department of Commerce, 1401 Constitution Avenue NW., Room 4725, Washington, DC 20230; telephone: (202) 482–4281; email: afriedman@ntia.doc.gov. Please direct media inquiries to NTIA’s Office of Public Affairs: (202) 482–7002; email: press@ntia.doc.gov. SUPPLEMENTARY INFORMATION: Background: In March of 2015, the National Telecommunications and Information Administration issued a Request for Comment to ‘‘identify substantive cybersecurity issues that affect the digital ecosystem and digital economic growth where broad consensus, coordinated action, and the development of best practices could substantially improve security for organizations and consumers.’’ 1 We received comments from a range of stakeholders, including trade associations, large companies, cybersecurity startups, civil society organizations and independent computer security experts.2 The comments recommended a diverse set of issues that might be addressed through the multistakeholder process, including cybersecurity policy and practice in the 1 U.S. Department of Commerce, Internet Policy Task Force, Request for Public Comment, Stakeholder Engagement on Cybersecurity in the Digital Ecosystem, 80 FR 14360, Docket No. 150312253–5253–01 (Mar. 19, 2015), available at: https://www.ntia.doc.gov/files/ntia/publications/ cybersecurity_rfc_03192015.pdf. 2 NTIA has posted the public comments received at https://www.ntia.doc.gov/federal-register-notice/ 2015/comments-stakeholder-engagementcybersecurity-digital-ecosystem. E:\FR\FM\12OCN1.SGM 12OCN1 Federal Register / Vol. 82, No. 196 / Thursday, October 12, 2017 / Notices asabaliauskas on DSKBBXCHB2PROD with NOTICES emerging area of Internet of Things (IoT). In a separate but related matter in April 2016, NTIA, the Department’s Internet Policy Task Force, and its Digital Economy Leadership Team sought comments on the benefits, challenges, and potential roles for the government in fostering the advancement of the Internet of Things.’’ 3 Over 130 stakeholders responded with comments addressing many substantive issues and opportunities related to IoT.4 Security was one of the most common topics raised. Many commenters emphasized the need for a secure lifecycle approach to IoT devices that considers the development, maintenance, and end-oflife phases and decisions for a device. After reviewing these comments, NTIA announced that the next multistakeholder process on cybersecurity would be on IoT security upgradability and patching.5 NTIA subsequently announced that the first meeting of a multistakeholder process on this topic would be held on October 19, 2016.6 NTIA has convened five subsequent virtual or in-person meetings.7 The matter of patching vulnerable systems is now an accepted part of cybersecurity.8 Unaddressed technical flaws in systems leave the users of software and systems at risk. The nature of these risks varies, and mitigating these risks requires various efforts from the developers and owners of these systems. One of the more common 3 U.S. Department of Commerce, Internet Policy Task Force, Request for Public Comment, Benefits, Challenges, and Potential Roles for the Government in Fostering the Advancement of the Internet of Things, 81 FR 19956, Docket No. 160331306–6306– 01 (April 5, 2016), available at: https:// www.ntia.doc.gov/federal-register-notice/2016/rfcpotential-roles-government-fostering-advancementinternet-of-things. 4 NTIA has posted the public comments received at https://www.ntia.doc.gov/federal-register-notice/ 2016/comments-potential-roles-governmentfostering-advancement-internet-of-things. 5 NTIA, Increasing the Potential of IoT through Security and Transparency (Aug. 2, 2016), available at: https://www.ntia.doc.gov/blog/2016/increasingpotential-iot-through-security-and-transparency. 6 NTIA, Notice of Multistakeholder Process on Internet of Things Security Upgradability and Patching Open Meeting (Sept. 15, 2016), available at: https://www.ntia.doc.gov/federal-register-notice/ 2016/10192016-meeting-notice-msp-iot-securityupgradability-patching. 7 Federal Register Notices, Agendas, and Documents of these meetings are available at: https://www.ntia.doc.gov/other-publication/2016/ multistakeholder-process-iot-security. 8 See, e.g. Murugiah Souppaya and Karen Scarfone, Guide to Enterprise Patch Management Technologies, Special Publication 800–40 Revision 3, National Institute of Standards and Technology, NIST SP 800–40 (2013) available at: http:// nvlpubs.nist.gov/nistpubs/SpecialPublications/ NIST.SP.800–40r3.pdf. VerDate Sep<11>2014 22:35 Oct 11, 2017 Jkt 244001 means of mitigation is for the developer or other maintaining party to issue a security patch to address the vulnerability. Patching has become more commonly accepted, even for consumers, as more operating systems and applications shift to visible reminders and automated updates. Yet as one security expert notes, this evolution of the software industry has yet to become the dominant model in IoT.9 To help realize the full innovative potential of IoT, users need reasonable assurance that connected devices, embedded systems, and their applications will be secure. A key part of that security is the mitigation of potential security vulnerabilities in IoT devices or applications through patching and security upgrades. The ultimate objective of the multistakeholder process is to foster a market offering more devices and systems that support security upgrades through increased consumer awareness and understanding. Enabling a thriving market for patchable IoT requires common definitions so that manufacturers and solution providers have shared visions for security, and consumers know what they are purchasing. Currently, no such common, widely accepted definitions exist, so many manufacturers struggle to effectively communicate to consumers the security features of their devices. This is detrimental to the digital ecosystem as a whole, as it does not reward companies that invest in patching and it prevents consumers from making informed purchasing choices. Stakeholders have identified four distinct work streams that could help foster better security across the ecosystem, one of which has produced a consensus document.10 The main objectives of the November 8, 2017, meeting are to share progress from the continuing working groups and potentially come to consensus around final products. Stakeholders will also discuss how the outputs of the different work streams can complement each other, and what next steps will be in promoting awareness and use of the outputs. More information about stakeholders’ work is available at: https://www.ntia.doc.gov/other9 Bruce Schneier, The Internet of Things Is Wildly Insecure—And Often Unpatchable, Wired (Jan. 6, 2014) available at: https://www.schneier.com/blog/ archives/2014/01/security_risks_9.html. 10 Documents shared by working group stakeholders are available at: https:// www.ntia.doc.gov/other-publication/2016/ multistakeholder-process-iot-security. PO 00000 Frm 00038 Fmt 4703 Sfmt 4703 47483 publication/2016/multistakeholderprocess-iot-security. Time and Date: NTIA will convene a virtual meeting of the multistakeholder process on Internet of Things Security Upgradability and Patching on November 8, 2017, from 2:00 p.m. to 4:30 p.m., Eastern Time. The meeting date and time are subject to change. Please refer to NTIA’s Web site, https:// www.ntia.doc.gov/other-publication/ 2016/multistakeholder-process-iotsecurity, for the most current information. Place: This is a virtual meeting. NTIA will post links to online content and dial-in information on the multistakeholder process Web site at https://www.ntia.doc.gov/otherpublication/2016/multistakeholderprocess-iot-security. Other Information: The meeting is open to the public and the press. There will be an opportunity for stakeholders viewing the webcast to participate remotely in the meeting through a moderated conference bridge, including polling functionality. Access details for the meeting are subject to change. Please refer to NTIA’s Web site, https:// www.ntia.doc.gov/other-publication/ 2016/multistakeholder-process-iotsecurity, for the most current information. The meeting is also accessible to people with disabilities. Individuals requiring accommodations, such as other auxiliary aids, are asked to notify Allan Friedman at the contact information listed above at least seven (7) business days prior to the meeting. Dated: October 5, 2017. Kathy D. Smith, Chief Counsel, National Telecommunications and Information Administration. [FR Doc. 2017–21976 Filed 10–11–17; 8:45 am] BILLING CODE 3510–60–P CONSUMER PRODUCT SAFETY COMMISSION Sunshine Act Meeting Notice Wednesday, October 18, 2017, 10:00 a.m.–12:00 p.m. PLACE: Hearing Room 420, Bethesda Towers, 4330 East West Highway, Bethesda, MD. STATUS: Commission Meeting—Open to the Public. MATTER TO BE CONSIDERED: Decisional Matter: (1) Prohibition of Children’s Toys and Child Care Articles Containing Specified Phthalates—Final Rule; (2) Revision to the Notice of Requirements (NOR) for Prohibition of Children’s Toys and Child Care Articles Containing TIME AND DATE: E:\FR\FM\12OCN1.SGM 12OCN1

Agencies

[Federal Register Volume 82, Number 196 (Thursday, October 12, 2017)]
[Notices]
[Pages 47482-47483]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2017-21976]


-----------------------------------------------------------------------

DEPARTMENT OF COMMERCE

National Telecommunications and Information Administration


Multistakeholder Process on Internet of Things Security 
Upgradability and Patching

AGENCY: National Telecommunications and Information Administration, 
U.S. Department of Commerce.

ACTION: Notice of open meeting.

-----------------------------------------------------------------------

SUMMARY: The National Telecommunications and Information Administration 
(NTIA) will convene a virtual meeting of a multistakeholder process on 
Internet of Things Security Upgradability and Patching on November 8, 
2017. This is the sixth in a series of meetings. For information on 
prior meetings, see Web site address below.

DATES: The virtual meeting will be held on November 8, 2017, from 2:00 
p.m. to 4:30 p.m., Eastern Time. See Supplementary Information for 
details.

ADDRESSES: This is a virtual meeting. NTIA will post links to online 
content and dial-in information on the multistakeholder process Web 
site at https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security.

FOR FURTHER INFORMATION CONTACT: Allan Friedman, National 
Telecommunications and Information Administration, U.S. Department of 
Commerce, 1401 Constitution Avenue NW., Room 4725, Washington, DC 
20230; telephone: (202) 482-4281; email: afriedman@ntia.doc.gov. Please 
direct media inquiries to NTIA's Office of Public Affairs: (202) 482-
7002; email: press@ntia.doc.gov.

SUPPLEMENTARY INFORMATION: 
    Background: In March of 2015, the National Telecommunications and 
Information Administration issued a Request for Comment to ``identify 
substantive cybersecurity issues that affect the digital ecosystem and 
digital economic growth where broad consensus, coordinated action, and 
the development of best practices could substantially improve security 
for organizations and consumers.'' \1\ We received comments from a 
range of stakeholders, including trade associations, large companies, 
cybersecurity startups, civil society organizations and independent 
computer security experts.\2\ The comments recommended a diverse set of 
issues that might be addressed through the multistakeholder process, 
including cybersecurity policy and practice in the

[[Page 47483]]

emerging area of Internet of Things (IoT).
---------------------------------------------------------------------------

    \1\ U.S. Department of Commerce, Internet Policy Task Force, 
Request for Public Comment, Stakeholder Engagement on Cybersecurity 
in the Digital Ecosystem, 80 FR 14360, Docket No. 150312253-5253-01 
(Mar. 19, 2015), available at: https://www.ntia.doc.gov/files/ntia/publications/cybersecurity_rfc_03192015.pdf.
    \2\ NTIA has posted the public comments received at https://www.ntia.doc.gov/federal-register-notice/2015/comments-stakeholder-engagement-cybersecurity-digital-ecosystem.
---------------------------------------------------------------------------

    In a separate but related matter in April 2016, NTIA, the 
Department's Internet Policy Task Force, and its Digital Economy 
Leadership Team sought comments on the benefits, challenges, and 
potential roles for the government in fostering the advancement of the 
Internet of Things.'' \3\ Over 130 stakeholders responded with comments 
addressing many substantive issues and opportunities related to IoT.\4\ 
Security was one of the most common topics raised. Many commenters 
emphasized the need for a secure lifecycle approach to IoT devices that 
considers the development, maintenance, and end-of-life phases and 
decisions for a device.
---------------------------------------------------------------------------

    \3\ U.S. Department of Commerce, Internet Policy Task Force, 
Request for Public Comment, Benefits, Challenges, and Potential 
Roles for the Government in Fostering the Advancement of the 
Internet of Things, 81 FR 19956, Docket No. 160331306-6306-01 (April 
5, 2016), available at: https://www.ntia.doc.gov/federal-register-notice/2016/rfc-potential-roles-government-fostering-advancement-internet-of-things.
    \4\ NTIA has posted the public comments received at https://www.ntia.doc.gov/federal-register-notice/2016/comments-potential-roles-government-fostering-advancement-internet-of-things.
---------------------------------------------------------------------------

    After reviewing these comments, NTIA announced that the next 
multistakeholder process on cybersecurity would be on IoT security 
upgradability and patching.\5\ NTIA subsequently announced that the 
first meeting of a multistakeholder process on this topic would be held 
on October 19, 2016.\6\ NTIA has convened five subsequent virtual or 
in-person meetings.\7\
---------------------------------------------------------------------------

    \5\ NTIA, Increasing the Potential of IoT through Security and 
Transparency (Aug. 2, 2016), available at: https://www.ntia.doc.gov/blog/2016/increasing-potential-iot-through-security-and-transparency.
    \6\ NTIA, Notice of Multistakeholder Process on Internet of 
Things Security Upgradability and Patching Open Meeting (Sept. 15, 
2016), available at: https://www.ntia.doc.gov/federal-register-notice/2016/10192016-meeting-notice-msp-iot-security-upgradability-patching.
    \7\ Federal Register Notices, Agendas, and Documents of these 
meetings are available at: https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security.
---------------------------------------------------------------------------

    The matter of patching vulnerable systems is now an accepted part 
of cybersecurity.\8\ Unaddressed technical flaws in systems leave the 
users of software and systems at risk. The nature of these risks 
varies, and mitigating these risks requires various efforts from the 
developers and owners of these systems. One of the more common means of 
mitigation is for the developer or other maintaining party to issue a 
security patch to address the vulnerability. Patching has become more 
commonly accepted, even for consumers, as more operating systems and 
applications shift to visible reminders and automated updates. Yet as 
one security expert notes, this evolution of the software industry has 
yet to become the dominant model in IoT.\9\
---------------------------------------------------------------------------

    \8\ See, e.g. Murugiah Souppaya and Karen Scarfone, Guide to 
Enterprise Patch Management Technologies, Special Publication 800-40 
Revision 3, National Institute of Standards and Technology, NIST SP 
800-40 (2013) available at: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r3.pdf.
    \9\ Bruce Schneier, The Internet of Things Is Wildly Insecure--
And Often Unpatchable, Wired (Jan. 6, 2014) available at: https://www.schneier.com/blog/archives/2014/01/security_risks_9.html.
---------------------------------------------------------------------------

    To help realize the full innovative potential of IoT, users need 
reasonable assurance that connected devices, embedded systems, and 
their applications will be secure. A key part of that security is the 
mitigation of potential security vulnerabilities in IoT devices or 
applications through patching and security upgrades.
    The ultimate objective of the multistakeholder process is to foster 
a market offering more devices and systems that support security 
upgrades through increased consumer awareness and understanding. 
Enabling a thriving market for patchable IoT requires common 
definitions so that manufacturers and solution providers have shared 
visions for security, and consumers know what they are purchasing. 
Currently, no such common, widely accepted definitions exist, so many 
manufacturers struggle to effectively communicate to consumers the 
security features of their devices. This is detrimental to the digital 
ecosystem as a whole, as it does not reward companies that invest in 
patching and it prevents consumers from making informed purchasing 
choices.
    Stakeholders have identified four distinct work streams that could 
help foster better security across the ecosystem, one of which has 
produced a consensus document.\10\ The main objectives of the November 
8, 2017, meeting are to share progress from the continuing working 
groups and potentially come to consensus around final products. 
Stakeholders will also discuss how the outputs of the different work 
streams can complement each other, and what next steps will be in 
promoting awareness and use of the outputs. More information about 
stakeholders' work is available at: https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security.
---------------------------------------------------------------------------

    \10\ Documents shared by working group stakeholders are 
available at: https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security.
---------------------------------------------------------------------------

    Time and Date: NTIA will convene a virtual meeting of the 
multistakeholder process on Internet of Things Security Upgradability 
and Patching on November 8, 2017, from 2:00 p.m. to 4:30 p.m., Eastern 
Time. The meeting date and time are subject to change. Please refer to 
NTIA's Web site, https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security, for the most current 
information.
    Place: This is a virtual meeting. NTIA will post links to online 
content and dial-in information on the multistakeholder process Web 
site at https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security.
    Other Information: The meeting is open to the public and the press. 
There will be an opportunity for stakeholders viewing the webcast to 
participate remotely in the meeting through a moderated conference 
bridge, including polling functionality. Access details for the meeting 
are subject to change. Please refer to NTIA's Web site, https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security, for the most current information.
    The meeting is also accessible to people with disabilities. 
Individuals requiring accommodations, such as other auxiliary aids, are 
asked to notify Allan Friedman at the contact information listed above 
at least seven (7) business days prior to the meeting.

    Dated: October 5, 2017.
Kathy D. Smith,
Chief Counsel, National Telecommunications and Information 
Administration.
[FR Doc. 2017-21976 Filed 10-11-17; 8:45 am]
 BILLING CODE 3510-60-P