82 FR 35762 - Multistakeholder Process on Internet of Things Security Upgradability and Patching
DEPARTMENT OF COMMERCE
National Telecommunications and Information Administration Federal Register Volume 82, Issue 146 (August 1, 2017)
National Telecommunications and Information Administration
Federal Register Volume 82, Issue 146 (August 1, 2017)
| Page Range | 35762-35764 | |
| FR Document | 2017-16155 |
[Federal Register Volume 82, Number 146 (Tuesday, August 1, 2017)] [Notices] [Pages 35762-35764] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2017-16155] ----------------------------------------------------------------------- DEPARTMENT OF COMMERCE National Telecommunications and Information Administration Multistakeholder Process on Internet of Things Security Upgradability and Patching AGENCY: National Telecommunications and Information Administration, U.S. Department of Commerce. ACTION: Notice of open meeting. ----------------------------------------------------------------------- SUMMARY: The National Telecommunications and Information Administration (NTIA) will convene a meeting of a multistakeholder process on Internet of Things Security Upgradability and Patching on September 12, 2017. DATES: The meeting will be held on September 12, 2017, from 10:00 a.m. to 4:00 p.m., Eastern Time. See SUPPLEMENTARY INFORMATION for details. ADDRESSES: The meeting will be held at the American Institute of Architects, 1735 New York Ave. NW., Washington, DC 20006. FOR FURTHER INFORMATION CONTACT: Allan Friedman, National Telecommunications and Information Administration, U.S. Department of Commerce, 1401 Constitution Avenue NW., Room 4725, Washington, DC 20230; telephone: (202) 482-4281; email: [email protected]. Please direct media inquiries to NTIA's Office of Public Affairs: (202) 482- 7002; email: [email protected]. SUPPLEMENTARY INFORMATION: Background: In March of 2015 the National Telecommunications and Information Administration issued a Request for Comment to ``identify substantive cybersecurity issues that affect the digital ecosystem and digital economic growth where broad consensus, coordinated action, and the development of best practices could substantially improve security for organizations and consumers.'' \1\ We received comments from a range of [[Page 35763]] stakeholders, including trade associations, large companies, cybersecurity startups, civil society organizations and independent computer security experts.\2\ The comments recommended a diverse set of issues that might be addressed through the multistakeholder process, including cybersecurity policy and practice in the emerging area of Internet of Things (IoT). --------------------------------------------------------------------------- \1\ U.S. Department of Commerce, Internet Policy Task Force, Request for Public Comment, Stakeholder Engagement on Cybersecurity in the Digital Ecosystem, 80 FR 14360, Docket No. 150312253-5253-01 (Mar. 19, 2015), available at: https://www.ntia.doc.gov/files/ntia/publications/cybersecurity_rfc_03192015.pdf. \2\ NTIA has posted the public comments received at https://www.ntia.doc.gov/federal-register-notice/2015/comments-stakeholder-engagement-cybersecurity-digital-ecosystem. --------------------------------------------------------------------------- In a separate but related matter in April 2016, NTIA, the Department's Internet Policy Task Force, and its Digital Economy Leadership Team sought comments on the benefits, challenges, and potential roles for the government in fostering the advancement of the Internet of Things.'' \3\ Over 130 stakeholders responded with comments addressing many substantive issues and opportunities related to IoT.\4\ Security was one of the most common topics raised. Many commenters emphasized the need for a secure lifecycle approach to IoT devices that considers the development, maintenance, and end-of-life phases and decisions for a device. --------------------------------------------------------------------------- \3\ U.S. Department of Commerce, Internet Policy Task Force, Request for Public Comment, Benefits, Challenges, and Potential Roles for the Government in Fostering the Advancement of the Internet of Things, 81 FR 19956, Docket No 160331306-6306-01 (April 5, 2016), available at: https://www.ntia.doc.gov/federal-register-notice/2016/rfc-potential-roles-government-fostering-advancement-internet-of-things. \4\ NTIA has posted the public comments received at https://www.ntia.doc.gov/federal-register-notice/2016/comments-potential-roles-government-fostering-advancement-internet-of-things. --------------------------------------------------------------------------- After reviewing these comments, NTIA announced that the next multistakeholder process on cybersecurity would be on IoT security upgradability and patching.\5\ The first meeting of a multistakeholder process on this topic was held on October 19, 2016.\6\ Subsequent meetings were held on January 31, 2017,\7\ April 26, 2017,\8\ and July 18, 2017.\9\ --------------------------------------------------------------------------- \5\ NTIA, Increasing the Potential of IoT through Security and Transparency (Aug. 2, 2016), available at: https://www.ntia.doc.gov/blog/2016/increasing-potential-iot-through-security-and-transparency. \6\ NTIA, Notice of Multistakeholder Process on Internet of Things Security Upgradability and Patching Open Meeting (Sept. 15, 2016), available at: https://www.ntia.doc.gov/federal-register-notice/2016/10192016-meeting-notice-msp-iot-security-upgradability-patching. \7\ NTIA, Notice of 01/31/2017 Meeting of the Multistakeholder Process on Internet of Things Security Upgradability and Patching (January 11, 2017), available at https://www.ntia.doc.gov/federal-register-notice/2017/notice-01312017-meeting-multistakeholder-process-internet-things. \8\ NTIA, Notice of 04/26/2017 Meeting of the Multistakeholder Process on Internet of Things Security Upgradability and Patching, available at https://www.ntia.doc.gov/federal-register-notice/2017/notice-04262017-meeting-multistakeholder-process-internet-things. \9\ NTIA, Notice of 07/18/2017 Meeting of the Multistakeholder Process on Internet of Things Security Upgradability and Patching, available at https://www.ntia.doc.gov/federal-register/2017/notice-07182017-iot-security-virtual-meeting. --------------------------------------------------------------------------- The matter of patching vulnerable systems is now an accepted part of cybersecurity.\10\ Unaddressed technical flaws in systems leave the users of software and systems at risk. The nature of these risks varies, and mitigating these risks requires various efforts from the developers and owners of these systems. One of the more common means of mitigation is for the developer or other maintaining party to issue a security patch to address the vulnerability. Patching has become more commonly accepted, even for consumers, as more operating systems and applications shift to visible reminders and automated updates. Yet as one security expert notes, this evolution of the software industry has yet to become the dominant model in IoT.\11\ --------------------------------------------------------------------------- \10\ See, e.g. Murugiah Souppaya and Karen Scarfone, Guide to Enterprise Patch Management Technologies, Special Publication 800-40 Revision 3, National Institute of Standards and Technology, NIST SP 800-40 (2013) available at: http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-40r3.pdf. \11\ Bruce Schneier, The Internet of Things Is Wildly Insecure-- And Often Unpatchable, Wired (Jan. 6, 2014) available at: https://www.schneier.com/blog/archives/2014/01/security_risks_9.html. --------------------------------------------------------------------------- To help realize the full innovative potential of IoT, users need reasonable assurance that connected devices, embedded systems, and their applications will be secure. A key part of that security is the mitigation of potential security vulnerabilities in IoT devices or applications through patching and security upgrades. The ultimate objective of the multistakeholder process is to foster a market offering more devices and systems that support security upgrades through increased consumer awareness and understanding. Enabling a thriving market for patchable IoT requires common definitions so that manufacturers and solution providers have shared visions for security, and consumers know what they are purchasing. Currently, no such common, widely accepted definitions exist, so many manufacturers struggle to effectively communicate to consumers the security features of their devices. This is detrimental to the digital ecosystem as a whole, as it does not reward companies that invest in patching and it prevents consumers from making informed purchasing choices. Stakeholders have identified four distinct work streams that could help foster better security across the ecosystem, and focused their efforts in four working groups addressing both technical and policy issues.\12\ The main objectives of the September 12, 2017, meeting are to discuss stakeholder comments on draft working group documents, and, where possible, to finalize working group documents. More information about stakeholders' work is available at: https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security. --------------------------------------------------------------------------- \12\ Documents shared by working group stakeholders are available at: https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security. --------------------------------------------------------------------------- Time and Date: NTIA will convene a meeting of the multistakeholder process on Internet of Things Security Upgradability and Patching on September 12, 2017, from 10:00 a.m. to 4:00 p.m., Eastern Time. The meeting date and time are subject to change. Please refer to NTIA's Web site, https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security, for the most current information. Place: The meeting will be held at the American Institute of Architects, 1735 New York Ave. NW., Washington, DC 20006. The location of the meeting is subject to change. Please refer to NTIA's Web site, https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security, for the most current information. Other Information: The meeting is open to the public and the press. The meeting is physically accessible to people with disabilities. Requests for sign language interpretation or other auxiliary aids should be directed to Allan Friedman at (202) 482-4281 or [email protected] at least seven (7) business days prior to the meeting. The meeting will also be webcast. Requests for real-time captioning of the webcast or other auxiliary aids should be directed to Allan Friedman at (202) 482-4281 or [email protected] at least seven (7) business days prior to the meeting. There will be an opportunity for stakeholders viewing the webcast to [[Page 35764]] participate remotely in the meeting through a moderated conference bridge, including polling functionality. Access details for the meeting are subject to change. Please refer to NTIA's Web site, https://www.ntia.doc.gov/other-publication/2016/multistakeholder-process-iot-security, for the most current information. Dated: July 27, 2017. Kathy D. Smith, Chief Counsel, National Telecommunications and Information Administration. [FR Doc. 2017-16155 Filed 7-31-17; 8:45 am] BILLING CODE 3510-60-P
![35762 Federal Register / Vol. 82, No. 146 / Tuesday, August 1, 2017 / Notices
Friday, Sep 21, 2018 ........... • Site visit to a U.S. OEM (e.g.: Oceaneering or GE Wellstream—TBD).
• Mission participants lunch.
• One group meeting with another oil company (e.g.: Shell—TBD).
• Evening Departure (**).
(**) As an option, trade mission participants may stay over the weekend and attend at least one day of the Rio Oil and Gas Trade Show that
will take place from September 24–27, 2018. There is no additional costs to the participation fee for the optional trade show participation. There
is free transportation offered by the show organizers to and from the conference grounds. All additional costs that TM participants will have do
not apply to the TM participation fee.
Participation Requirements Timeframe for Recruitment and DEPARTMENT OF COMMERCE
Application
Recruitment for the mission will National Telecommunications and
begin immediately and conclude no Mission recruitment will be Information Administration
later than July 30, 2018. All parties conducted in an open and public
interested in participating in the trade manner, including publication in the Multistakeholder Process on Internet
mission must complete and submit an Federal Register, posting on the of Things Security Upgradability and
application package for consideration by Commerce Department trade mission Patching
the Department of Commerce. All calendar (http://export.gov/
applications must be submitted before AGENCY: National Telecommunications
trademissions) and other Internet Web and Information Administration, U.S.
July 30, 2018. The Department of
sites, press releases to general and trade Department of Commerce.
Commerce will evaluate all applications
media, direct mail, notices by industry ACTION: Notice of open meeting.
and inform applicants of selection
decisions as soon as possible after this trade associations and other multiplier
groups, and publicity at industry SUMMARY: The National
application deadline. Telecommunications and Information
meetings, symposia, conferences, and
Applications received after July 30, Administration (NTIA) will convene a
2018, will be considered only if space trade shows.
meeting of a multistakeholder process
and scheduling constraints permit. Recruitment for the mission will on Internet of Things Security
begin immediately and conclude no Upgradability and Patching on
Fees and Expenses
later than July 30, 2018. Applications September 12, 2017.
After a company or organization has received after July 30, 2018, will be DATES: The meeting will be held on
been selected to participate in the considered only if space and scheduling September 12, 2017, from 10:00 a.m. to
mission, a payment to the Department of constraints permit. 4:00 p.m., Eastern Time. See
Commerce in the form of a participation SUPPLEMENTARY INFORMATION for details.
fee is required. The participation fee for Contacts
ADDRESSES: The meeting will be held at
the Trade Mission will be $2,010 for a Regina Cunha, Senior Commercial the American Institute of Architects,
small or medium-sized firm (SME), and Specialist, U.S. Department of 1735 New York Ave. NW., Washington,
$2,320 for large firms. The fee for each Commerce, Address: U.S. Consulate DC 20006.
additional firm representative (large
General. Avenida Presidente Wilson FOR FURTHER INFORMATION CONTACT:
firm or SME/trade organization) is USD
147. Centro, Rio de Janeiro. Brazil. Allan Friedman, National
$750.00.
Tel.: # +55 21 38232416, Email: Telecommunications and Information
Participants selected for the Trade Administration, U.S. Department of
regina.cunha@trade.gov.
Mission will be expected to pay for the Commerce, 1401 Constitution Avenue
cost of all personal expenses, including, Rodrigo Correa, Commercial Assistant,
NW., Room 4725, Washington, DC
but not limited to, international travel, U.S. Department of Commerce,
20230; telephone: (202) 482–4281;
lodging, meals, transportation, Address: U.S. Consulate General.
email: afriedman@ntia.doc.gov. Please
communication, and incidentals, unless Avenida Presidente Wilson 147. direct media inquiries to NTIA’s Office
otherwise noted. In the event that the Centro, Rio de Janeiro. Brazil. Tel.: of Public Affairs: (202) 482–7002; email:
Mission is cancelled, no personal # +55 21 38232406, Email: press@ntia.doc.gov.
expenses paid in anticipation of a Trade rodrigo.correa@trade.gov. SUPPLEMENTARY INFORMATION:
Mission will be reimbursed. However, Stefan Popescu, Commercial Specialist, Background: In March of 2015 the
participation fees for a cancelled Trade CS Toronto, Tel: 1 416–595–5412 National Telecommunications and
Mission will be reimbursed to the extent x223, Stefan.Popescu@trade.gov. Information Administration issued a
they have not already been expended in Request for Comment to ‘‘identify
the anticipation of the Mission. Connie Irrera, Commercial Specialist,
CS Montreal, Tel: 1 514–908–3662, substantive cybersecurity issues that
Participants will be able to take affect the digital ecosystem and digital
advantage of U.S. Government rates for Connie.Irrera@trade.gov.
economic growth where broad
hotel rooms. Business or entry visas Julius Svoboda, Senior Oil & Gas Trade consensus, coordinated action, and the
may be required to participate in the Specialist, U.S. Department of development of best practices could
mission. Applying for and obtaining Commerce, Address: 1401 substantially improve security for
such visas will be the responsibility of Constitution Ave., Tel.: +1–202– organizations and consumers.’’ 1 We
the mission participant. Government 482–5430, Email: Julius.Svoboda@
mstockstill on DSK30JT082PROD with NOTICES
received comments from a range of
fees and processing expenses to obtain trade.gov.
such visas are not included in the 1 U.S. Department of Commerce, Internet Policy
participation fee. However, the Frank Spector, Task Force, Request for Public Comment,
Department of Commerce will provide Senior Advisor for Trade Missions. Stakeholder Engagement on Cybersecurity in the
Digital Ecosystem, 80 FR 14360, Docket No.
instructions to each participant on the [FR Doc. 2017–16082 Filed 7–31–17; 8:45 am] 150312253–5253–01 (Mar. 19, 2015), available at:
procedures required to obtain necessary BILLING CODE 3510–DR–P https://www.ntia.doc.gov/files/ntia/publications/
business visas. cybersecurity_rfc_03192015.pdf.
VerDate Sep<11>2014 20:13 Jul 31, 2017 Jkt 241001 PO 00000 Frm 00020 Fmt 4703 Sfmt 4703 E:\FR\FM\01AUN1.SGM 01AUN1](https://thefederalregister.org/doc/82_FR_35908/page/1.svg)
![35764 Federal Register / Vol. 82, No. 146 / Tuesday, August 1, 2017 / Notices
participate remotely in the meeting assessing broadband adoption, planning Information Collection Request (ICR)
through a moderated conference bridge, new infrastructure, and engaging a wide abstracted below has been forwarded to
including polling functionality. Access range of partners in broadband projects. the Office of Management and Budget
details for the meeting are subject to BroadbandUSA convenes workshops on (OMB) for review and comment. The
change. Please refer to NTIA’s Web site, a regular basis to bring stakeholders ICR describes the nature of the
https://www.ntia.doc.gov/other- together to discuss ways to improve information collection and its expected
publication/2016/multistakeholder- broadband policies, share best practices, costs and burden.
process-iot-security, for the most current and connect communities to other DATES: Comments must be submitted on
information. federal agencies and funding sources for or before August 31, 2017.
the purpose of expanding broadband
Dated: July 27, 2017. ADDRESSES: Comments regarding the
infrastructure and adoption throughout
Kathy D. Smith, burden estimate or any other aspect of
America’s communities. The Charleston
Chief Counsel, National Telecommunications the information collection, including
workshop will explore two specific
and Information Administration. suggestions for reducing the burden,
topics for broadband infrastructure:
[FR Doc. 2017–16155 Filed 7–31–17; 8:45 am] may be submitted directly to the Office
Planning and funding.
BILLING CODE 3510–60–P The Charleston workshop will feature of Information and Regulatory Affairs
subject matter experts from NTIA’s (OIRA) in OMB within 30 days of this
BroadbandUSA broadband program. notice’s publication by either of the
DEPARTMENT OF COMMERCE The first session will explore key following methods. Please identify the
elements required for planning comments by ‘‘OMB Control No. 3038–
National Telecommunications and 0081’’.
successful broadband projects. The
Information Administration
second session will explore funding • By email addressed to:
models, including federal programs that OIRAsubmissions@omb.eop.gov or
Community Broadband Workshop • By mail addressed to: the Office of
fund broadband infrastructure projects.
AGENCY: National Telecommunications The Charleston workshop will be Information and Regulatory Affairs,
and Information Administration, U.S. open to the public. Pre-registration is Office of Management and Budget,
Department of Commerce. requested, and space is limited. NTIA Attention Desk Officer for the
ACTION: Notice of Open Meeting. will ask registrants to provide their first Commodity Futures Trading
and last names and email addresses for Commission, 725 17th Street NW.,
SUMMARY: The National both registration purposes and to Washington, DC 20503.
Telecommunications and Information receive any updates on the workshop. If A copy of all comments submitted to
Administration (NTIA), through the capacity for the meeting is reached, OIRA should be sent to the Commodity
BroadbandUSA program, will hold a NTIA will maintain a waiting list and Futures Trading Commission (the
Technical Assistance Workshop to share will inform those on the waiting list if ‘‘Commission’’) by either of the
information and help communities space becomes available. Meeting following methods. The copies should
build their broadband capacity and updates, changes in the agenda, if any, refer to ‘‘OMB Control No. 3038–0081’’.
utilization. The workshop will present and relevant documents will also be • By mail addressed to: Christopher
in-depth sessions on planning and available on NTIA’s Web site at https:// Kirkpatrick, Secretary of the
funding broadband infrastructure www2.ntia.doc.gov/notice-09192017- Commission, Commodity Futures
projects. The session on planning will workshop. Trading Commission, Three Lafayette
explore effective business and The public meeting is physically Centre, 1155 21st Street NW.,
partnership models. The session on accessible to people with disabilities. Washington, DC 20581;
funding will explore available funding Individuals requiring accommodations, • By Hand Delivery/Courier to the
options and models, including federal such as language interpretation or other same address; or
funding. ancillary aids, are asked to notify Giselle • Through the Commission’s Web site
Sanders at the contact information listed at http://comments.cftc.gov. Please
DATES: The Technical Assistance
above at least five (5) business days follow the instructions for submitting
Workshop will be held on Tuesday,
before the meeting. comments through the Web site.
September 19, 2017, from 8:30 a.m. to
A copy of the supporting statement
12:30 p.m., Eastern Daylight Time. Dated: July 27, 2017.
for the collection of information
ADDRESSES: The meeting will be held in Kathy D. Smith, discussed herein may be obtained by
Charleston, West Virginia at the Law Chief Counsel, National Telecommunications visiting http://RegInfo.gov.
Firm of Jackson Kelly PLLC, 500 Lee and Information Administration. All comments must be submitted in
Street East, Suite 1600, Rooms A and B, [FR Doc. 2017–16154 Filed 7–31–17; 8:45 am] English, or if not, accompanied by an
Charleston, WV 25301. BILLING CODE 3510–60–P English translation. Comments will be
FOR FURTHER INFORMATION CONTACT: posted as received to http://
Giselle Sanders, National www.cftc.gov. You should submit only
Telecommunications and Information COMMODITY FUTURES TRADING information that you wish to make
Administration, U.S. Department of COMMISSION available publicly. If you wish the
Commerce, Room 4889, 1401 Commission to consider information
Constitution Avenue, NW., Washington, Agency Information Collection that you believe is exempt from
DC 20230; telephone: (202) 482–7971; Activities Under OMB Review disclosure under the Freedom of
mstockstill on DSK30JT082PROD with NOTICES
email: gsanders@ntia.doc.gov. Please AGENCY: Commodity Futures Trading Information Act, a petition for
direct media inquiries to NTIA’s Office Commission. confidential treatment of the exempt
of Public Affairs, (202) 482–7002; email: information may be submitted according
ACTION: Notice.
press@ntia.doc.gov. to the procedures established in § 145.9
SUPPLEMENTARY INFORMATION: NTIA’s SUMMARY: In compliance with the of the Commission’s regulations.1 The
BroadbandUSA program provides Paperwork Reduction Act of 1995
expert advice and field-proven tools for (PRA), this notice announces that the 1 17 CFR 145.9.
VerDate Sep<11>2014 20:13 Jul 31, 2017 Jkt 241001 PO 00000 Frm 00022 Fmt 4703 Sfmt 4703 E:\FR\FM\01AUN1.SGM 01AUN1](https://thefederalregister.org/doc/82_FR_35908/page/3.svg)
Document Created: 2018-10-24 11:44:56
Document Modified: 2018-10-24 11:44:56
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Notice of open meeting. | |
| Dates | The meeting will be held on September 12, 2017, from 10:00 a.m. to 4:00 p.m., Eastern Time. See SUPPLEMENTARY INFORMATION for details. | |
| Contact | Allan Friedman, National Telecommunications and Information Administration, U.S. Department of Commerce, 1401 Constitution Avenue NW., Room 4725, Washington, DC 20230; telephone: (202) 482-4281; email: [email protected] Please direct media inquiries to NTIA's Office of Public Affairs: (202) 482- 7002; email: [email protected] | |
| FR Citation | 82 FR 35762 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR