Promoting Stakeholder Action Against Botnets and Other Automated Threats, 1342-1344 [2018-00322]
Download as PDF
<![CDATA[
1342
Federal Register / Vol. 83, No. 8 / Thursday, January 11, 2018 / Notices
193–411, and (3) enter your name and
email address (required). After logging
in to the webinar, you must use your
telephone for the audio portion of the
meeting by dialing this TOLL number
(1) dial this TOLL number 1–415–655–
0052, (2) enter the attendee phone audio
access code 564–202–797, and (3) then
enter your audio phone pin (shown after
joining the webinar). Note: Technical
Information and system requirements:
PC-based attendees are required to use
Windows® 7, Vista, or XP; Mac®-based
attendees are required to use Mac OS®
X 10.5 or newer; Mobile attendees are
required to use iPhone®, iPad®,
AndroidTM phone or Android tablet (See
the https://www.gotomeeting.com/
webinar/ipad-iphone-android-webinarapps). You may send an email to Mr.
Kris Kleinschmidt at
Kris.Kleinschmidt@noaa.gov or contact
him at (503) 820–2280, extension 411
for technical assistance.
Council address: Pacific Fishery
Management Council, 7700 NE
Ambassador Place, Suite 101, Portland,
OR 97220.
Dr.
Kit Dahl, Pacific Council; telephone:
(503) 820–2422.
FOR FURTHER INFORMATION CONTACT:
At its
September 2018 meeting, the Pacific
Council decided to embark on the
Climate and Communities Initiative
pursuant to its Fishery Ecosystem Plan.
The purpose of this initiative is to help
the Pacific Council, its advisory bodies,
and the public to better understand the
effects of near-term climate shift and
long-term climate change on our fish,
fisheries, and fishing communities and
identify ways in which the Council
could incorporate such understanding
into its decision-making. As a first step,
the Council’s Ad Hoc Ecosystem
Workgroup is working with scientists at
NMFS Northwest and Southwest
Fisheries Science Centers to present a
series of webinars to educate the Pacific
Council, advisory bodies, and the
interested public about current research
and forecasts related to the effects of
climate variability/change on the
California Current Ecosystem.
Although non-emergency issues not
contained in the meeting agenda may be
discussed, those issues may not be the
subject of formal action during this
meeting. Action will be restricted to
those issues specifically listed in this
document and any issues arising after
publication of this document that
require emergency action under section
305(c) of the Magnuson-Stevens Fishery
Conservation and Management Act,
provided the public has been notified of
srobinson on DSK9F5VC42PROD with NOTICES
SUPPLEMENTARY INFORMATION:
VerDate Sep<11>2014
00:05 Jan 11, 2018
Jkt 244001
the intent to take final action to address
the emergency.
Special Accommodations
This meeting is physically accessible
to people with disabilities. Requests for
sign language interpretation or other
auxiliary aids should be directed to Mr.
Kris Kleinschmidt (503) 820–2411 at
least 10 business days prior to the
meeting date.
Dated: January 8, 2018.
Tracey L. Thompson,
Acting Deputy Director, Office of Sustainable
Fisheries, National Marine Fisheries Service.
[FR Doc. 2018–00378 Filed 1–10–18; 8:45 am]
BILLING CODE 3510–22–P
DEPARTMENT OF COMMERCE
National Telecommunications and
Information Administration
[Docket No. 180103005–8005–01]
RIN 0660–XC040
Promoting Stakeholder Action Against
Botnets and Other Automated Threats
National Telecommunications
and Information Administration, U.S.
Department of Commerce.
ACTION: Notice, request for public
comment.
AGENCY:
The Department of Commerce
(Department) is requesting comment on
a draft Report about actions to address
automated and distributed threats to the
digital ecosystem as part of the activity
directed by Executive Order 13800,
‘‘Strengthening the Cybersecurity of
Federal Networks and Critical
Infrastructure.’’ Through this Notice, the
Department seeks broad input and
feedback from all interested
stakeholders—including private
industry, academia, civil society, and
other security experts—on this draft
Report, its characterization of risks and
the state of the ecosystem, the goals laid
out, and the actions to further these
goals.
SUMMARY:
Comments are due on or before
5 p.m. Eastern Time on February 12,
2018.
DATES:
Written comments may be
submitted by email to counter_botnet@
list.commerce.gov. Written comments
also may be submitted by mail to the
National Telecommunications and
Information Administration, U.S.
Department of Commerce, 1401
Constitution Avenue NW, Room 4725,
Attn: Evelyn L. Remaley, Deputy
Associate Administrator, Washington,
DC 20230. For more detailed
ADDRESSES:
PO 00000
Frm 00016
Fmt 4703
Sfmt 4703
instructions about submitting
comments, see the ‘‘Instructions for
Commenters’’ section of SUPPLEMENTARY
INFORMATION.
FOR FURTHER INFORMATION CONTACT:
Megan Doscher, tel.: (202) 482–2503,
email: mdoscher@ntia.doc.gov, or Allan
Friedman, tel.: (202) 482–4281, email:
afriedman@ntia.doc.gov, National
Telecommunications and Information
Administration, U.S. Department of
Commerce, 1401 Constitution Avenue
NW, Room 4725, Washington, DC
20230. Please direct media inquiries to
NTIA’s Office of Public Affairs, (202)
482–7002, or at press@ntia.doc.gov.
SUPPLEMENTARY INFORMATION:
Background: Executive Order 13800
on Strengthening the Cybersecurity of
Federal Networks and Critical
Infrastructure called for ‘‘resilience
against botnets and other automated,
distributed threats.’’ 1 The Order
directed the Secretary of Commerce,
together with the Secretary of Homeland
Security, to ‘‘lead an open and
transparent process to identify and
promote action by appropriate
stakeholders’’ with the goal of
‘‘dramatically reducing threats
perpetrated by automated and
distributed attacks (e.g., botnets).’’ 2
The Departments of Commerce and
Homeland Security worked jointly on
this effort through three approaches—
hosting a workshop, publishing a
request for comment, and initiating an
inquiry through the President’s National
Security Telecommunications Advisory
Committee (NSTAC)—all aimed at
gathering a broad range of input from
experts and stakeholders, including
private industry, academia, and civil
society. The Departments worked in
consultation with the Departments of
Defense, Justice, and State, the Federal
Bureau of Investigation, the sectorspecific agencies, the Federal
Communications Commission, and
Federal Trade Commission, as well as
other interested agencies. These
activities all contributed to the
information gathering process for
developing a draft Report.
The draft Report, published on
January 5, 2018, and available at https://
www.ntia.doc.gov/report/2018/reportpresident-enhancing-resilience-internetand-communications-ecosystemagainst, characterizes the status of the
internet and communications
ecosystem, and offers a positive vision
of the future. The Departments
determined that the opportunities and
challenges in working toward
1 Exec.
Order 13800, 82 FR 22,391 (May 11, 2017).
2 Id.
E:\FR\FM\11JAN1.SGM
11JAN1
srobinson on DSK9F5VC42PROD with NOTICES
Federal Register / Vol. 83, No. 8 / Thursday, January 11, 2018 / Notices
dramatically reducing threats from
automated, distributed attacks can be
summarized in six principal themes.
1. Automated, distributed attacks are
a global problem. The majority of the
compromised devices in recent botnets
have been geographically located
outside the United States. Increasing the
resilience of the internet and
communications ecosystem against
these threats will require coordinated
action with international partners.
2. Effective tools exist, but are not
widely used. The tools, processes, and
practices required to significantly
enhance the resilience of the internet
and communications ecosystem are
widely available, if imperfect, and are
routinely applied in selected market
sectors. However, they are not part of
common practices for product
development and deployment in many
other sectors for a variety of reasons,
including (but not limited to) lack of
awareness, cost avoidance, insufficient
technical expertise, and lack of market
incentives.
3. Products should be secured during
all stages of the lifecycle. Devices that
are vulnerable at time of deployment,
lack facilities to patch vulnerabilities
after discovery, or remain in service
after vendor support ends make
assembling automated, distributed
threats far too easy.
4. Education and awareness is
needed. Knowledge gaps in home and
enterprise customers, product
developers, manufacturers, and
infrastructure operators impede the
deployment of the tools, processes, and
practices that would make the
ecosystem more resilient.
5. Market incentives are misaligned.
Perceived market incentives do not
align with the goal of ‘‘dramatically
reducing threats perpetrated by
automated and distributed attacks.’’
Market incentives motivate product
developers, manufacturers, and vendors
to minimize cost and time to market,
rather than to build in security or offer
efficient security updates. There has to
be a better balance between security and
convenience when developing products.
6. Automated, distributed attacks are
an ecosystem-wide challenge. No single
stakeholder community can address the
problem in isolation.
The Report lays out five
complementary and mutually
supportive goals that would
dramatically reduce the threat of
automated, distributed attacks and
improve the resilience of the ecosystem.
They are:
1. Identify a clear pathway toward an
adaptable, sustainable, and secure
technology marketplace;
VerDate Sep<11>2014
00:05 Jan 11, 2018
Jkt 244001
2. Promote innovation in the
infrastructure for dynamic adaptation to
evolving threats;
3. Promote innovation at the edge of
the network to prevent, detect, and
mitigate bad behavior;
4. Build coalitions between the
security, infrastructure, and operational
technology communities domestically
and around the world; and
5. Increase awareness and education
across the ecosystem.
For each goal, the report suggests
supporting activities to be taken by both
government and private sector actors.
With this Request for Comment, the
Department is asking for a response to
the issues and goals raised by the draft
Report, as well as the proposed
approach, current initiatives, and next
steps. Following the completion of the
comment period, the Department will
host a workshop to discuss substantive
comments and the way forward for the
Report. The workshop will be held
February 28–March 1, 2018 at the
National Cybersecurity Center of
Excellence (NCCoE). Additional
information regarding the workshop,
including logistics and registration
information, is available at https://
csrc.nist.gov/Events/2018/secondbotnet-workshop.
Information obtained through this
Request for Comment, the NCCoEhosted workshop, and other stakeholder
interactions will be considered for
incorporation into the final version of
the Report. The final Report is due to
the President on May 11, 2018.
Request for Comment
The goal of this Request for Comment
is to solicit feedback on the draft Report,
its characterization of the challenges,
and proposed actions. The Department
invites comment on the full range of
issues that may be presented by this
inquiry, including issues that are not
specifically raised in the following
questions. Respondents are invited to
respond to some or all of the questions
below:
1. The Ecosystem: Is the Report’s
characterization of risks and the state of
the current internet and
communications ecosystem accurate
and/or complete? Are there technical
details, innovations, policy approaches,
or implementation barriers that warrant
new or further consideration?
2. Goals: Are the Report’s stated goals
appropriate for achieving a more
resilient ecosystem? Do the actions
support the relevant goals? In aggregate,
are the actions sufficient to significantly
advance the goals?
3. Stakeholder Roles: How can
specific actions be refined for efficacy
PO 00000
Frm 00017
Fmt 4703
Sfmt 4703
1343
and achievability? What actors, inside
the Federal government, in the private
sector, and across the global
community, can be instrumental in the
successful accomplishment of these
activities? Who should play a leadership
role; and where and how? What
stakeholders are key to particular
successes?
4. Road map: What information can
help the government and stakeholders
delineate a road map for achieving these
goals? How should implementation be
phased to optimize resources and
commitments? Which actions are of
highest priority, or offer opportunities
for near term progress? Which actions
depend on the completion of other
actions? Are there known barriers that
may inhibit progress on specific
actions?
5. Incentives: What policies,
innovations, standards, best practices,
governance approaches, or other
activities can promote market-based
solutions to the challenges and goals
discussed in the report? Are there
specific incentive ideas beyond the
market-based approaches discussed in
the report (e.g., procurement,
multistakeholder policy development,
R&D, best practices, and adoption &
awareness efforts) that demand new
consideration or exploration?
6. Further Activities: What additional
specific actions can improve the
resilience of the internet and
communications ecosystem? What
partners can drive success for these
activities?
7. Metrics: How should we evaluate
progress against the stated goals?
Instructions for Commenters: The
Department invites comment on the full
range of issues that may be presented by
this inquiry, including issues that are
not specifically raised in the above
questions. Commenters are encouraged
to address any or all of the above
questions. Comments that contain
references to studies, research, and
other empirical data that are not widely
available should include copies of the
referenced materials with the submitted
comments.
Comments submitted by email should
be machine-readable and should not be
copy-protected. Responders should
include the name of the person or
organization filing the comment, which
will facilitate agency follow up for
clarity as necessary, as well as a page
number on each page of their
submissions. All comments received are
a part of the public record and will
generally be posted on the NTIA
website, https://www.ntia.doc.gov/,
without change. All personal identifying
information (for example, name,
E:\FR\FM\11JAN1.SGM
11JAN1
1344
Federal Register / Vol. 83, No. 8 / Thursday, January 11, 2018 / Notices
address) voluntarily submitted by the
commenter may be publicly accessible.
Do not submit confidential business
information or otherwise sensitive or
protected information. The Department
will also accept anonymous comments.
Dated: January 5, 2018.
David J. Redl,
Assistant Secretary for Communication and
Information, National Telecommunications
and Information Administration.
[FR Doc. 2018–00322 Filed 1–10–18; 8:45 am]
BILLING CODE 3510–60–P
DEPARTMENT OF DEFENSE
Office of the Secretary
Board of Regents, Uniformed Services
University of the Health Sciences;
Notice of Federal Advisory Committee
Meeting
Under Secretary of Defense for
Personnel and Readiness, Department of
Defense.
ACTION: Notice of Federal Advisory
Committee meeting.
AGENCY:
The Department of Defense
(DoD) is publishing this notice to
announce that the following Federal
Advisory Committee meeting of the
Board of Regents, Uniformed Services
University of the Health Sciences will
take place.
DATES: Tuesday, February 6, 2018; open
to the public from 8:00 a.m. to 10:05
a.m. Closed session will occur from
approximately 10:10 a.m. to 10:40 a.m.
ADDRESSES: Uniformed Services
University of the Health Sciences, 4301
Jones Bridge Road, Everett Alvarez Jr.
Board of Regents Room (D3001),
Bethesda, Maryland 20814.
FOR FURTHER INFORMATION CONTACT:
Jennifer Nuetzi James, 301–295–3066
(Voice), 301–295–1960 (Facsimile),
jennifer.nuetzi-james@usuhs.edu
(Email). Mailing address is 4301 Jones
Bridge Road, A1020, Bethesda,
Maryland 20814. Website: https://
www.usuhs.edu/vpe/bor.
SUPPLEMENTARY INFORMATION: This
meeting is being held under the
provisions of the Federal Advisory
Committee Act (FACA) of 1972 (5
U.S.C., Appendix, as amended), the
Government in the Sunshine Act of
1976 (5 U.S.C. 552b, as amended), and
41 CFR 102–3.140 and 102–3.150.
Purpose of the Meeting: The purpose
of the meeting is to provide advice and
recommendations to the Secretary of
Defense, through the Under Secretary of
Defense for Personnel and Readiness, on
academic and administrative matters
srobinson on DSK9F5VC42PROD with NOTICES
SUMMARY:
VerDate Sep<11>2014
00:05 Jan 11, 2018
Jkt 244001
critical to the full accreditation and
successful operation of USU. These
actions are necessary for USU to pursue
its mission, which is to educate, train
and comprehensively prepare
uniformed services health professionals,
officers, scientists and leaders to
support the Military and Public Health
Systems, the National Security and
National Defense Strategies of the
United States, and the readiness of our
Uniformed Services.
Agenda: The actions scheduled to
occur include the review of the minutes
from the Board meeting held on
November 3, 2017; recommendations
regarding the awarding of associate,
baccalaureate and post-baccalaureate
degrees; recommendations regarding the
approval of faculty appointments and
promotions; and recommendations
regarding award nominations. The USU
President will provide a report on recent
actions affecting academic and
operational aspects of USU. Member
reports will include an Academics
Summary consisting of reports from the
´
Dean of the F. Edward Hebert School of
Medicine, Dean of the Daniel K. Inouye
Graduate School of Nursing, Executive
Dean of the Postgraduate Dental College,
Dean of the College of Allied Health
Sciences, Director of the Armed Forces
Radiobiology Research Institute and the
President of the USU Faculty Senate.
Member Reports will also include a
Finance and Administration Summary
consisting of reports from the Senior
Vice President, Southern Region; Senior
Vice President, Western Region;
Commander, USU Brigade; and the
President and CEO of the Henry M.
Jackson Foundation for the
Advancement of Military Medicine.
There will be reports from the USU Vice
President for Research and the USU
Vice President for Finance and
Administration. A closed session will be
held, after the open session, to discuss
active investigations and personnel
actions.
Meeting Accessibility: Pursuant to
Federal statutes and regulations (5
U.S.C., Appendix, 5 U.S.C. 552b, and 41
CFR 102–3.140 through 102–3.165) and
the availability of space, the meeting is
open to the public from 8:00 a.m. to
10:05 a.m. Seating is on a first-come
basis. Members of the public wishing to
attend the meeting should contact
Jennifer Nuetzi James no later than five
business days prior to the meeting, at
the address and phone number noted in
the FOR FURTHER INFORMATION CONTACT
section. Pursuant to 5 U.S.C. 552b(c)(2,
5–7), the Department of Defense has
determined that the portion of the
meeting from 10:10 a.m. to 10:40 a.m.
shall be closed to the public. The Under
PO 00000
Frm 00018
Fmt 4703
Sfmt 4703
Secretary of Defense (Personnel and
Readiness), in consultation with the
Office of the Department of Defense
General Counsel, has determined in
writing that this portion of the Board’s
meeting will be closed as the discussion
will disclose sensitive personnel
information, will include matters that
relate solely to the internal personnel
rules and practices of the agency, will
involve allegations of a person having
committed a crime or censuring an
individual, and may disclose
investigatory records compiled for law
enforcement purposes.
Written Statements: Pursuant to
section 10(a)(3) of the Federal Advisory
Committee Act of 1972 and 41 CFR 102–
3.140, the public or interested
organizations may submit written
comments to the Board about its
approved agenda pertaining to this
meeting or at any time regarding the
Board’s mission. Individuals submitting
a written statement must submit their
statement to the Designated Federal
Officer at the address listed in the FOR
FURTHER INFORMATION CONTACT section.
Written statements that do not pertain to
a scheduled meeting of the Board may
be submitted at any time. However, if
individual comments pertain to a
specific topic being discussed at the
planned meeting, then these statements
must be received at least 5 calendar
days prior to the meeting, otherwise, the
comments may not be provided to or
considered by the Board until a later
date. The Designated Federal Officer
will compile all timely submissions
with the Board’s Chair and ensure such
submissions are provided to Board
Members before the meeting.
Dated: January 8, 2018.
Aaron Siegel,
Alternate OSD Federal Register Liaison
Officer, Department of Defense.
[FR Doc. 2018–00335 Filed 1–10–18; 8:45 am]
BILLING CODE 5001–06–P
DEPARTMENT OF ENERGY
Environmental Management SiteSpecific Advisory Board, Oak Ridge
Reservation
Department of Energy.
Notice of open meeting.
AGENCY:
ACTION:
This notice announces a
meeting of the Environmental
Management Site-Specific Advisory
Board (EM SSAB), Oak Ridge
Reservation. The Federal Advisory
Committee Act requires that public
notice of this meeting be announced in
the Federal Register.
SUMMARY:
E:\FR\FM\11JAN1.SGM
11JAN1
]]>Agencies
[Federal Register Volume 83, Number 8 (Thursday, January 11, 2018)]
[Notices]
[Pages 1342-1344]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2018-00322]
-----------------------------------------------------------------------
DEPARTMENT OF COMMERCE
National Telecommunications and Information Administration
[Docket No. 180103005-8005-01]
RIN 0660-XC040
Promoting Stakeholder Action Against Botnets and Other Automated
Threats
AGENCY: National Telecommunications and Information Administration,
U.S. Department of Commerce.
ACTION: Notice, request for public comment.
-----------------------------------------------------------------------
SUMMARY: The Department of Commerce (Department) is requesting comment
on a draft Report about actions to address automated and distributed
threats to the digital ecosystem as part of the activity directed by
Executive Order 13800, ``Strengthening the Cybersecurity of Federal
Networks and Critical Infrastructure.'' Through this Notice, the
Department seeks broad input and feedback from all interested
stakeholders--including private industry, academia, civil society, and
other security experts--on this draft Report, its characterization of
risks and the state of the ecosystem, the goals laid out, and the
actions to further these goals.
DATES: Comments are due on or before 5 p.m. Eastern Time on February
12, 2018.
ADDRESSES: Written comments may be submitted by email to
[email protected]. Written comments also may be
submitted by mail to the National Telecommunications and Information
Administration, U.S. Department of Commerce, 1401 Constitution Avenue
NW, Room 4725, Attn: Evelyn L. Remaley, Deputy Associate Administrator,
Washington, DC 20230. For more detailed instructions about submitting
comments, see the ``Instructions for Commenters'' section of
SUPPLEMENTARY INFORMATION.
FOR FURTHER INFORMATION CONTACT: Megan Doscher, tel.: (202) 482-2503,
email: [email protected], or Allan Friedman, tel.: (202) 482-4281,
email: [email protected], National Telecommunications and
Information Administration, U.S. Department of Commerce, 1401
Constitution Avenue NW, Room 4725, Washington, DC 20230. Please direct
media inquiries to NTIA's Office of Public Affairs, (202) 482-7002, or
at [email protected].
SUPPLEMENTARY INFORMATION:
Background: Executive Order 13800 on Strengthening the
Cybersecurity of Federal Networks and Critical Infrastructure called
for ``resilience against botnets and other automated, distributed
threats.'' \1\ The Order directed the Secretary of Commerce, together
with the Secretary of Homeland Security, to ``lead an open and
transparent process to identify and promote action by appropriate
stakeholders'' with the goal of ``dramatically reducing threats
perpetrated by automated and distributed attacks (e.g., botnets).'' \2\
---------------------------------------------------------------------------
\1\ Exec. Order 13800, 82 FR 22,391 (May 11, 2017).
\2\ Id.
---------------------------------------------------------------------------
The Departments of Commerce and Homeland Security worked jointly on
this effort through three approaches--hosting a workshop, publishing a
request for comment, and initiating an inquiry through the President's
National Security Telecommunications Advisory Committee (NSTAC)--all
aimed at gathering a broad range of input from experts and
stakeholders, including private industry, academia, and civil society.
The Departments worked in consultation with the Departments of Defense,
Justice, and State, the Federal Bureau of Investigation, the sector-
specific agencies, the Federal Communications Commission, and Federal
Trade Commission, as well as other interested agencies. These
activities all contributed to the information gathering process for
developing a draft Report.
The draft Report, published on January 5, 2018, and available at
https://www.ntia.doc.gov/report/2018/report-president-enhancing-resilience-internet-and-communications-ecosystem-against, characterizes
the status of the internet and communications ecosystem, and offers a
positive vision of the future. The Departments determined that the
opportunities and challenges in working toward
[[Page 1343]]
dramatically reducing threats from automated, distributed attacks can
be summarized in six principal themes.
1. Automated, distributed attacks are a global problem. The
majority of the compromised devices in recent botnets have been
geographically located outside the United States. Increasing the
resilience of the internet and communications ecosystem against these
threats will require coordinated action with international partners.
2. Effective tools exist, but are not widely used. The tools,
processes, and practices required to significantly enhance the
resilience of the internet and communications ecosystem are widely
available, if imperfect, and are routinely applied in selected market
sectors. However, they are not part of common practices for product
development and deployment in many other sectors for a variety of
reasons, including (but not limited to) lack of awareness, cost
avoidance, insufficient technical expertise, and lack of market
incentives.
3. Products should be secured during all stages of the lifecycle.
Devices that are vulnerable at time of deployment, lack facilities to
patch vulnerabilities after discovery, or remain in service after
vendor support ends make assembling automated, distributed threats far
too easy.
4. Education and awareness is needed. Knowledge gaps in home and
enterprise customers, product developers, manufacturers, and
infrastructure operators impede the deployment of the tools, processes,
and practices that would make the ecosystem more resilient.
5. Market incentives are misaligned. Perceived market incentives do
not align with the goal of ``dramatically reducing threats perpetrated
by automated and distributed attacks.'' Market incentives motivate
product developers, manufacturers, and vendors to minimize cost and
time to market, rather than to build in security or offer efficient
security updates. There has to be a better balance between security and
convenience when developing products.
6. Automated, distributed attacks are an ecosystem-wide challenge.
No single stakeholder community can address the problem in isolation.
The Report lays out five complementary and mutually supportive
goals that would dramatically reduce the threat of automated,
distributed attacks and improve the resilience of the ecosystem. They
are:
1. Identify a clear pathway toward an adaptable, sustainable, and
secure technology marketplace;
2. Promote innovation in the infrastructure for dynamic adaptation
to evolving threats;
3. Promote innovation at the edge of the network to prevent,
detect, and mitigate bad behavior;
4. Build coalitions between the security, infrastructure, and
operational technology communities domestically and around the world;
and
5. Increase awareness and education across the ecosystem.
For each goal, the report suggests supporting activities to be
taken by both government and private sector actors. With this Request
for Comment, the Department is asking for a response to the issues and
goals raised by the draft Report, as well as the proposed approach,
current initiatives, and next steps. Following the completion of the
comment period, the Department will host a workshop to discuss
substantive comments and the way forward for the Report. The workshop
will be held February 28-March 1, 2018 at the National Cybersecurity
Center of Excellence (NCCoE). Additional information regarding the
workshop, including logistics and registration information, is
available at https://csrc.nist.gov/Events/2018/second-botnet-workshop.
Information obtained through this Request for Comment, the NCCoE-
hosted workshop, and other stakeholder interactions will be considered
for incorporation into the final version of the Report. The final
Report is due to the President on May 11, 2018.
Request for Comment
The goal of this Request for Comment is to solicit feedback on the
draft Report, its characterization of the challenges, and proposed
actions. The Department invites comment on the full range of issues
that may be presented by this inquiry, including issues that are not
specifically raised in the following questions. Respondents are invited
to respond to some or all of the questions below:
1. The Ecosystem: Is the Report's characterization of risks and the
state of the current internet and communications ecosystem accurate
and/or complete? Are there technical details, innovations, policy
approaches, or implementation barriers that warrant new or further
consideration?
2. Goals: Are the Report's stated goals appropriate for achieving a
more resilient ecosystem? Do the actions support the relevant goals? In
aggregate, are the actions sufficient to significantly advance the
goals?
3. Stakeholder Roles: How can specific actions be refined for
efficacy and achievability? What actors, inside the Federal government,
in the private sector, and across the global community, can be
instrumental in the successful accomplishment of these activities? Who
should play a leadership role; and where and how? What stakeholders are
key to particular successes?
4. Road map: What information can help the government and
stakeholders delineate a road map for achieving these goals? How should
implementation be phased to optimize resources and commitments? Which
actions are of highest priority, or offer opportunities for near term
progress? Which actions depend on the completion of other actions? Are
there known barriers that may inhibit progress on specific actions?
5. Incentives: What policies, innovations, standards, best
practices, governance approaches, or other activities can promote
market-based solutions to the challenges and goals discussed in the
report? Are there specific incentive ideas beyond the market-based
approaches discussed in the report (e.g., procurement, multistakeholder
policy development, R&D, best practices, and adoption & awareness
efforts) that demand new consideration or exploration?
6. Further Activities: What additional specific actions can improve
the resilience of the internet and communications ecosystem? What
partners can drive success for these activities?
7. Metrics: How should we evaluate progress against the stated
goals?
Instructions for Commenters: The Department invites comment on the
full range of issues that may be presented by this inquiry, including
issues that are not specifically raised in the above questions.
Commenters are encouraged to address any or all of the above questions.
Comments that contain references to studies, research, and other
empirical data that are not widely available should include copies of
the referenced materials with the submitted comments.
Comments submitted by email should be machine-readable and should
not be copy-protected. Responders should include the name of the person
or organization filing the comment, which will facilitate agency follow
up for clarity as necessary, as well as a page number on each page of
their submissions. All comments received are a part of the public
record and will generally be posted on the NTIA website, https://www.ntia.doc.gov/, without change. All personal identifying information
(for example, name,
[[Page 1344]]
address) voluntarily submitted by the commenter may be publicly
accessible. Do not submit confidential business information or
otherwise sensitive or protected information. The Department will also
accept anonymous comments.
Dated: January 5, 2018.
David J. Redl,
Assistant Secretary for Communication and Information, National
Telecommunications and Information Administration.
[FR Doc. 2018-00322 Filed 1-10-18; 8:45 am]
BILLING CODE 3510-60-P
