LAS VEGAS, January 11, 2024 – The United States has entered an agreement with the European Union on a “joint roadmap” for standardized cybersecurity labels, a Biden Administration official announced at CES on Thursday.

“We want companies to know when they test their product once to meet the cybersecurity standards, they can sell anywhere,” said Anne Neuberger, the White House’s deputy national security advisor for cyber and emerging technologies. “They can sell in Paris, Texas, or Paris, France.”

Neuberger said the White House is aiming to get its U.S. Cyber Trust Mark, a voluntary certification for internet of things devices, on consumer products by the end of the year. The effort to mark products like routers, baby monitors, and thermostats as safe from hacking was first announced in October 2022.

The Federal Communications Commission voted in August to seek comment on how to implement various parts of the program, including how to develop and ensure compliance with its cybersecurity standards.

What exactly those standards will be is not yet decided, but the Commission has said it will base the program on criteria developed by the National Institute of Standards and Technology. Those  include encrypting both stored and communicated data and the ability to receive software updates.

The measure is not on the FCC’s tentative January meeting agenda, but Neuberger said the agency is “working toward next steps.”

WASHINGTON, November 2, 2023 – How states implement cybersecurity rules in the $42.5 billion Broadband Equity, Access and Deployment program could shape internet security regulations more widely, experts said during a virtual panel Wednesday.

The BEAD program, which will provide federal grants to states to disperse for broadband projects, requires providers to submit comprehensive cybersecurity plans based on standards from the National Institute of Standards and Technology. Panelists said flexibility in the plans allows customization but also establishes baseline expectations as critical infrastructure relies more on connected technology.

“I think the way that states and entities interpret these BEAD cybersecurity and supply chain requirements is really going to have a ripple effect across the whole community,” said Savannah Schaefer, an attorney of Wilkinson Barker Knauer, who advises clients on cybersecurity.

Federal Communications Commission rules are beginning to include similar mandates, meaning how states implement BEAD’s requirements could influence cybersecurity regulations more broadly, Schaefer said.

Melissa Newman, vice president of government Affairs at the Telecommunications Industry Association, said BEAD’s cybersecurity stipulations cite lengthy federal guidance documents providers must wade through. Her trade group developed a checklist to help companies understand the rules.

“You cannot be confident in the security of your networks and products without consideration of both cyber and supply chain security,” said Newman, TIA’s vice president of government affairs.

Supply chain management, knowing who provides equipment and software, is critical because cybersecurity threats can be embedded throughout a product’s lifecycle, she said.

Evan Rice, senior vice president of Guide Star, a division of CCI Systems, said providers should start by documenting current cyber practices, identifying gaps and making plans to address them. Cybersecurity must be incorporated holistically, from network construction to long-term operation, he said.

“Everyone understands that piece. The cybersecurity is the same. Once you build it, you have to operate it,” said Rice. Schaefer encouraged viewing BEAD as part of an ongoing process of shaping cybersecurity requirements.

Our Broadband Breakfast Live Online events take place on Wednesday at 12 Noon ET. Watch the event on Broadband Breakfast, or REGISTER HERE to join the conversation.

Wednesday, November 1, 2023 – Cybersecurity and BEAD

To qualify for funding under the Broadband Equity, Access and Deployment program, network operators must submit a comprehensive cybersecurity strategy in line with the National Institute of Standards and Technology’s cybersecurity framework. What impacts do these requirements have on broadband deployers, and what steps can they take to ensure compliance? How can operators strike the right balance between expanding their networks and safeguarding them against cyber threats?

Panelists

• Evan Rice, Senior Vice President, Guide Star
• Savannah Schaefer, Wilkinson Barker Knauer LLP
• Melissa Newman, Vice President of Government Affairs, Telecommunications Industry Association
• Drew Clark (moderator), Editor and Publisher, Broadband Breakfast

As with all Broadband Breakfast Live Online events, the FREE webcasts will take place at 12 Noon ET on Wednesday.

SUBSCRIBE to the Broadband Breakfast YouTube channel. That way, you will be notified when events go live. Watch on YouTube, Twitter and Facebook.

See a complete list of upcoming and past Broadband Breakfast Live Online events.

WASHINGTON, May 25, 2023 – A Cisco executive urged Congress at a Semafor event Thursday to provide more incentives for companies to ensure their cybersecurity posture is up to date. 

While Jeetu Patel, general manager of security at the information technology giant, didn’t specify what types of incentives can be used, he said the incentives must push private infrastructure to have high security standards. 

Both private and public sectors have a part to play in improving the nation’s security, he noted, adding private companies must build products that are secure by design. 

There is “tremendous” need for cross-nation coordination around cyberattacks, said Patel. He urged lawmakers to democratize cybersecurity by simplifying the process, adding the nation must be united to gain traction against attackers.

The cybersecurity industry has not made conversations simple to follow or technology easy to use, he said. Simplifying cybersecurity is the only way we can democratize it and when it’s democratized, it can be made universal, said Patel. 

He warned that the country cannot let the financial constraints of a few companies put the whole system at risk. Regardless of how affluent a country is, the weakest link controls the strength of the chain, he said. 

Artificial Intelligence will change cybersecurity fundamentally, he noted. It is important to remember that AI tools are also available to attackers. Currently, the majority of attacks stem from fraudulent emails which AI can make more personalized and difficult to discern from real communication, he said.  

Cybersecurity defenses must evolve

We need to develop an idea of civic responsibility for tech innovators and students in STEM fields, added Suzanne Spaulding, senior advisor of Homeland Security at the Center for Strategic and International Studies. Civic responsibility is the antidote to disinformation and is the change central to democracy, she continued.  

Spaulding warned companies against relying on existing cybersecurity measures. Resilience is about having layers of plans and assuming they all will fail, she said.  

This comes at a time of Congressional focus on cybersecurity. In March, two bills were introduced by Senators Jacky Rosen, D-Nev., and Marsha Blackburn, R-Tenn., to establish pilot programs in the Department of Defense and Homeland Security that would hire civilian cybersecurity personnel in reserve. 

In 2021, President Joe Biden signed an executive order on improving American cybersecurity capabilities following the Colonial Pipeline ransomware attack and SolarWinds breach in 2020.