Angela Simpson

Stakeholders involved in the National Telecommunications & Information Administration's cybersecurity multistakeholder process to promote collaboration on vulnerability research disclosure today are releasing initial findings, recommendations, and resources that they hope will enhance cooperation and lead to a more secure digital ecosystem. The three stakeholder-drafted reports reflect the experience and wisdom of many of the key experts in the field, including active security researchers, experienced software companies, security companies, academics, and civil society advocates, as well as industries new to the issue. At the last meeting of NTIA's vulnerability disclosure process in November 2016, the three working groups presented their work for comment and discussion and agreed to make public a portion of their work for consideration and use.

One of the things we tried to do at this event was to drill down deeper into the potential policy issues by exploring specific recommendations and discussing what types of government engagement might be beneficial. I think we have advanced the discussion on these issues so I want to thank all of the speakers, presenters, and audience participants for helping us do that. We plan to incorporate the valuable information we received from today’s discussion as we finalize a Department of Commerce policy green paper on Internet of Things (IoT), which will identify next steps for the Department and recommendations for the next Administration.

In addition, we are also actively addressing cybersecurity related to IoT, which we discussed here today and was one of the top issues identified by commenters in the RFC. Earlier this summer, we announced that we plan to launch a new multistakeholder process to support better consumer understanding of IoT products that support security upgrades. We are looking at the third week of October, most likely outside of the beltway, to launch that initiative. Stay tuned for more info on that. Also, stakeholders involved in NTIA’s process aimed at developing guidelines related to the disclosure of cybersecurity vulnerabilities are making good progress and appear on track to wrap up their work before the end of the year.

[Angela Simpson is the Deputy Assistant Secretary for Communications and Information at the US Patent and Trademark Office.]

To help realize the full innovative potential of the Internet of Things, users need reasonable assurance that IoT devices and applications will be secure. One particular area of concern is whether and how to address potential security vulnerabilities in IoT devices or applications through patching and security upgrades. In the early IoT market, there has sometimes been limited consideration for supporting future security patches, even though many devices will eventually need them. Enabling a thriving market for devices that support security upgrades requires common definitions so consumers know what they are getting.

A range of commenters on the National Telecommunications and Information Administration’s recent IoT Request for Comment and 2015’s Request for Comment related to cybersecurity identified security upgradability as an issue that required attention and coordination. In response, NTIA is planning to launch a new multistakeholder process to support better consumer understanding of IoT products that support security upgrades. We have utilized this approach to help make progress on issues such as cybersecurity vulnerability disclosure and providing more transparency about data collected by mobile apps. Given the burgeoning consumer adoption of IoT, the time seems ripe to bring stakeholders together to help drive some guidelines to encourage the growth of IoT. The goal of the new multistakeholder process will be to promote transparency in how patches or upgrades to IoT devices and applications are deployed. Potential outcomes could include a set of common, shared terms or definitions that could be used to standardize descriptions of security upgradability or a set of tools to better communicate security upgradability. As with our other multistakeholder processes, it will be up to stakeholders to determine what outcome they want and when they have reached consensus on it. NTIA will act as a neutral convener. We welcome broad participation and diverse perspectives.

Through our broadband investments, we have witnessed the demonstrated need that community institutions have for broadband. And we know anchor institution demand for broadband is only continuing to skyrocket as telemedicine applications, one-to-one classroom computing, and streaming video become more commonplace in hospitals, schools, and libraries.

To date, our broadband grants have connected more than 21,000 community anchor institutions, including about 8,000 K-12 schools, 1,400 higher education campuses, more than 1,300 libraries, and 2,400 medical and healthcare providers. We’ve also invested in 3,000 new or improved public computer centers and brought online more than 600,000 broadband-subscribing households.

But let’s look past these metrics. We are compiling case studies and gathering information about the impact of these broadband grant projects across the country. And we are sharing the results.

We already released three library-focused reports that highlight the incredible work libraries are doing with their broadband awards. Now, I’d like to share with you four new case studies focusing on the benefits flowing from broadband investments in Arkansas; the Central Valley of California; West Virginia; and Tallahassee, Florida.