Legal and political gaps are hampering national/governmental computer emergency response teams (n/g CERTs) from handling their core duties as well as they should, the European Network and Information Security Agency (ENISA) said in two reports published Monday. The first (http://bit.ly/T436R1) looked at the current situation in Europe regarding CERTs’ capabilities in mandate and strategy, service portfolios, operations and cooperation. It found that CERTs’ roles are usually backed by government mandates whose details and form vary widely across the EU. But the mandate isn’t always clear enough, and CERTs often have problems of limited authority when requiring ISPs to handle incidents, it said. And “a great deal of work needs to be done regarding the proper inclusion of n/g CERTs in national cyber-security strategies” because fewer than half of EU members even have such strategies now, ENISA said. CERTs’ services vary based on which constituents they serve, it said. Governmental bodies get the full scope of CERT services, end-users and other customers only a subset, it said. Many CERTs have expertise that’s highly sought after by law enforcement agencies, it said. But when they handle incidents internationally, partnering CERTs don’t act in accordance with the information provided, it said. Moreover, CERTs often don’t develop their own tools and services, don’t make general incident statistics public, and usually aren’t involved in disaster recovery planning, it said. Operationally, many teams have only minimal staffing levels, and they report difficulties in hiring highly qualified staff in areas such as digital forensics and reverse engineering, it said. Money is a problem because many CERTs rely on national funding. Moreover, there aren’t many opportunities in Europe for training in deep technical aspects, it said. In the area of cooperation, ENISA said, CERTs are increasingly visible on the world stage and there’s a good deal of bilateral and regional cooperation among them. But stakeholders at the national level often aren’t sufficiently aware of the existence of CERTs and their responsibilities, and ISPs aren’t willing to share information with competitors, it said. Recommendations in ENISA’s second report (http://bit.ly/VLZosC) for remedying the situation include: (1) Better clarification of the role of CERTs, including funding provisions. (2) Identification of best practices and development of templates to comply with data protection rules. (3) Creation of a standardized approach to information exchange among CERTs. (4) Determination of alternate funding sources. (5) Hiring of PR experts to give CERT activities more visibility. Despite clear progress in putting their baseline capabilities in place, CERTs “still have a number of obstacles mainly (but not exclusively) of a political, legal and financial nature,” ENISA said.
Customs Duty
A Customs Duty is a tariff or tax which a country imposes on goods when they are transported across international borders. Customs Duties are used to protect countries' economies, residents, jobs, and environments, by limiting the flow of imported merchandise, especially restricted and prohibited goods, into the country. The Customs Duty Rate is a percentage determined by the value of the article purchased in the foreign country and not based on quality, size, or weight.
A year after former FCC Managing Director Steve VanRoekel left the agency to become federal chief information officer, questions remain about the FCC’s revised website. Frequent users of the site say they continue to rely on the old version, the old blue and gold site, still available as the transition website. Meanwhile, the FCC has markedly decreased the number of blog entries it posts each month. The blog averaged 25 posts per month in 2010, but only about a fifth as many per month so far this year.
The FCC voted unanimously to let expire later this year a rule that has required cable operators to deliver the DTV signals of must-carry stations to its analog cable subscribers. The order approved by a 5-0 vote had been expected (CD May 25 p5), though broadcasters had mobilized in recent weeks to attempt to alter it. The FCC said it finds the viewability rule is “no longer necessary,” but requires hybrid analog-digital cable systems to continue complying with the rule until Dec. 12, 2012. NAB will consult its board before it decides how to respond, it said. “The NAB remains concerned that today’s FCC decision has the potential to impose negative financial consequences on small local TV stations,” a spokesman said. “We will be reviewing our options with our Board of Directors.” A coalition of must-carry station owners that formed to lobby on the issue didn’t immediately respond to our query.
High-cost loop support got a major overhaul Wednesday, in an order designed to fix “problematic incentives and inequitable distribution of support” (http://xrl.us/bm49qi). The FCC Wireline Bureau order fleshed out the details of 2011’s commission-level USF/intercarrier compensation order, which set out a framework for reform. About 100 study areas with “very high costs relative to similarly situated peers” will see a total reduction in support of $65 million, the bureau said, and the reduction will be phased in between July 1 and 2014. “By delaying the full impact of the reductions until 2014, we provide companies who would be adversely affected adequate time to make adjustments and, if necessary, demonstrate that a waiver is warranted either to correct inaccurate boundary information and/or to ensure that consumers in the area continue to receive voice service,” the order said. The bureau expects about 500 study areas to receive $55 million to fund new broadband investment.
The one-per-household limit, commissioning biennial audits and verifying the residency of customers at temporary addresses were some of the new rules criticized in the eight petitions for reconsideration of the Lifeline order received by the FCC. Oppositions to the petitions are due May 7 in docket 11-42, replies May 15, said a notice in Friday’s Federal Register (http://xrl.us/bm4kwc).
Cellular carriers have gained the chance to offload some regulatory compliance duties with the replacement of their “walled garden” service by an apps ecosystem, a CTIA executive said. “Carriers and network operators will be less and less responsible” for providing privacy notices and managing information about consents, as users look more and more to app stores for those functions, said Michael Altschul, CTIA’s general counsel. Custody of data and responsibility for them need to be negotiated among the players in the new mobile universe, he said at a Law Seminars International program in San Francisco. One company might handle dealing with customers and another with law enforcers in this connection, Altschul said late Tuesday. Providers of operating systems and applications will have to help network operators shoulder the burden to maintain service reliability and security, he said. “Most of us” in telecom law “have never had to worry much about the Federal Trade Commission, because there’s something called the common-carrier exception” to the jurisdiction provided in its authorizing statute, Altschul said. But wireless operators haven’t been classified as common carriers, and the FTC is eagerly asserting jurisdiction over them, he said. “How to balance user-friendliness with true data security will be the challenge” in policymaking about protecting information regarding users, Altschul said. His general conclusion: “Don’t get stuck looking in the rear-view mirror. Try to start looking ahead of the headlights.”
Legislation giving the West Virginia Public Services Commission “authority and duty to regulate the practices, services and rates of broadband deployment projects,” is only in the discussion stage, sponsors told us. Senate Bill 491 (http://xrl.us/bmryeb) is intended to level the playing field within state broadband employment, said the bill’s sponsor, Sen. David Sypolt, a Republican.
The World Trade Organization approved an extension of the moratorium on customs duties on electronic transmissions, trade officials said following the Dec. 15 to 17 WTO Ministerial Conference. Trade negotiators will “continue the reinvigoration” of the work program on e-commerce, including discussions on the trade treatment of electronically delivered software, and spurring Internet connectivity and access to all information and telecom technologies and public Internet sites, a document said.
Letting cable operators scramble broadcast TV and other basic channels in all-digital systems was largely backed in comments at the FCC. Scrambling is designed to cut down on signal theft and reduce pollution by eliminating the need for technicians to visit households to turn on and off video. Operators large and small, two nonprofits that had concerns with a first-of-its-kind waiver request made two years ago by Cablevision and local regulators each backed at least some of an FCC basic-tier encryption proposal. The regulators sought more conditions than what the commission’s October rulemaking notice proposed (CD Oct 17 p9).
Any Networx contractors that can’t start fulfilling client agencies’ requests for IPv6 work risk losing that work to competitors, a Defense Department official told us. “Discussions in various forums are underway to try to resolve this,” Ron Broersma, a member of the Federal IPv6 Task Force, said by email. “However, if I had my way I wouldn’t wait around for every Networx customer to ask for IPv6 service, but would instead use a top-down approach and ask every Carrier to deploy IPv6 service NOW to every Federal customer, since all will need the IPv6 connectivity to achieve the Federal mandates. If the Carriers can’t deliver, then the Agencies have the choice to switch Carriers.” Broersma spoke last week in San Jose, Calif., at the Gogonet Live conference on IPv6 implementation, about agencies’ poor start on meeting a September 2012 adoption deadline (CD Nov 3 p8). He’s the Space and Naval Warfare Systems Command’s network security manager.