Kent Bressie and Madeleine Findley Analyze the Impact - Wiltshire ...

More documents

Recommendations

Info

• Framework to Reduce CyberRisk to Critical Infrastructure.The Executive Order requiresNIST to work with industry todevelop a set of industry bestpractices (the “CybersecurityFramework”) to reduce cyberrisks to critical infrastructure.A preliminary version of theCybersecurity Framework is duewithin 240 days of the ExecutiveOrder and a final version withinone year.11• Regulatory Review. TheExecutive Order directs federalagencies to review theirregulations and propose newauthority as needed to addresscurrent and projected cyberrisks to critical infrastructure.The PPD designates DHS as thesector-specific agency for thecommunications sector, subjectto consultations with the FCC.• IdentifyingCriticalInfrastructure. Within 150days, DHS must “identifycritical infrastructure wherea cybersecurity incidentcould reasonably result” incatastrophic consequences.DHS must confidentially notifyowners and operators of criticalinfrastructure that they appearon the list, and listed entities willhave an opportunity to appealtheir identification as high-riskcritical infrastructure.The PPD includes the following keyprovisions:• DHS to Take Lead Role. As inthe Executive Order, the PPDdesignates DHS as the primaryauthority in coordinating thefederal government’s actionsto improve the security ofcritical infrastructure. The PPDinstructs DHS to establish andoperate two national criticalinfrastructure centers—one forphysical infrastructure and onefor cyber infrastructure.
12• Directives to FCC. The PPDinstructs the FCC to identifycommunications infrastructureand communications-sectorvulnerabilities and to workwith industry to address thosevulnerabilities. The PPD alsoinstructs the FCC to workwith industry to developbest practices to promotethe security and resilience ofcritical communications-sectorinfrastructure. Because the FCCis an independent regulatoryagency, however, the PPD is notbinding on the FCC.• Information Sharing. The PPDrequires all levels of governmentand critical infrastructureowners and operators to timelyexchange information on threatsand vulnerabilities, includinginformation that allows for thedevelopment of a situationalawareness capability duringincidents.2. Issues of Concern to the UnderseaCable IndustryThe undersea cable industry should beconcerned about a number of aspects ofthe regulatory program established bythe Executive Order and PPD. Theseinclude:• MismatchBetweenDecisionmaking Responsibilityand Expertise. The regulatoryprocesses established by theExecutive Order and PPD couldresult in inappropriate or overlyburdensome regulation becauseregulatory responsibility forundersea cables is diffuse, andmany of the agencies that playa role in regulating underseacables have not been identifiedformally as decision-makingagencies. The ExecutiveOrder and PPD identify DHSas the sector-specific agencyresponsible for developing andimplementing the CybersecurityFramework and cybersecurityinformation-sharing programfor the communications sector.The PPD directs the FederalCommunications Commission(“FCC”)—the principal licensingagency for undersea cableslanding in the United Statespursuant to the Cable LandingLicense Act of 1921 3 —to partnerwith DHS to the extent legallypermitted. But the Presidentand his Administration canonly request but not requireFCC action, as the FCC isanswerable to the Congress asan “independent regulatoryagency.” Even for ExecutiveBranch agencies, however, theprocesses do not expresslyinclude agencies such as: theU.S. Department of State (whichcoordinates Executive Branchinput on cable landing licenseapplications filed with the FCCand plays a key role in defendingundersea cable treaty rights andfreedoms from encroachmentby other governments); theNational Telecommunicationsand Information Administration;the U.S. Army Corps ofEngineers (which authorizes3. 47 U.S.C. §§ 34-39; 47 C.F.R. § 1.767.
Page 1 and 2: Voiceof theIndustry69m a r2013ISSN
Page 3: Cybersecurity Developments Raise Gr
Page 8 and 9: the installation of underseacables
Page 10 and 11: 15wake of the President’s action,

Kent Bressie and Madeleine Findley Analyze the Impact - Wiltshire ...

Create successful ePaper yourself

Delete template?

Save as template?