budget for executive order 13636, Congressional Hearing on Cybersecurity, executive order 13636, government surveillance hearings, is it legal for government to collect data, legalities on spying on americans, NIST
June 12: Full length video of Congressional hearing on Cybersecurity http://youtu.be/ZmBAxEWxDFs?t=15m10s
Random Notes taken from Video:
Under this Executive Order, NIST (The National Institute of Standards and Technology) has been directed to work with industry to develop a framework of cyber security practices that meets the performance goal of Homeland Seurity.
The executive order is “very aggressive” in its implementation and must be put into place within one year. First Draft of their plan is due in 120 days. They are half way through the process.
The National Institute of Standards and Technology (NIST), Patrick Gallagher (Acting Deputy Commerce Secretary) said to support industry in accomplishing the task,
1) There was a 24 million increase in their budget from last year = their budget now at 68 million for funding this.
Hear the budget outlined at the Congressional Hearing on Cybersecurity and Government Surveillance that took place June 12: http://youtu.be/ZmBAxEWxDFs?t=36m7s
PRESIDENT’S BUDGET related to the Exec. Order/Requested
9.2 BILLION for defense
1.2-1.3 BILLION for homeland security
589 million for FBI and for all of Justice
197 million for National Science Foundation
50 million TSA or GSA
37 million Department of State
TOTAL BUDGET = 13 billion
The administrations priority is to secure the Federal networks, protect infrastructure, increase incident response, shape the future.
NIST http://www.nist.gov/itl/cyberframework.cfm, Patrick Gallagher — the idea behind the infrastructure is to get industry to develop a set of practices, standards, methodologies whatever it would take, that if implemented would increase cyber security performance. Framework refers to whatever you would put into place to do that, including Standards. The idea about having industry to do it with NIST as a support is because these Private companies are global they have the knowledge and can guess where the technology may go.
By embedding security performance into the products and services themselves, we can achieve cyber security performance that is much broader. It embeds it in the market and gives our companies the power to shape those technologies around the world.
The executive order discusses a development of a broad framework.
How do you drive adoption of these practices? Was asked of the NIST representative — He said, the bottom line is, good doing good cyber security has to become good business. In the end this is all going to be about alignment. These framework practices have to be compatible with profitable and well run businesses.
*They want to get everyone up in the “cloud.”
requires an application must have a statement of facts showing reasonable grounds that the tangible things sought are relevant to an authorized investigation.
Facts, reasonable grounds, tangible things that are relevant and authorized.
All phone records, all the time are recorded. Senator Jeff Merkley from Oregon brought up that the requirements by Law must be met to acquire the data, not look at it. What gave them the grounds for acquiring cell phone data or the other data on anyone? The answer was supposedly provided in writing, the next day (June 14, 2013).