cybersecurity

Updated (5/3/2018)

On April 17, the Federal Communications Commission (“FCC”) broke new ground in the agency’s role in national security policy by voting unanimously to approve a Notice of Proposed Rulemaking captioned “Protecting Against National Security Threats to the Communications Supply Chain Through FCC Programs” (the “NPRM”).  The deadline for filing comments is June 1, 2018, and reply comments are due July 2, 2018.

As the title indicates, the NPRM seeks comment on a framework to reduce supply chain risks for telecommunications equipment and services deployed throughout the country. The item acknowledges a specific role for the FCC in this arena: to ban use of Universal Service Fund (“USF”) subsidies in ways that undermine or pose a threat to national security. In short, the FCC proposes to use the power of the purse—in the case of USF, about $9 billion in subsidies per year—to dissuade companies from using equipment sourced from companies or countries that pose a national security concern.

Although the approach is narrow in scope, in practice the NPRM could produce a final rule that would significantly affect the selections of equipment and services by some USF recipients, particularly rural and smaller providers who reportedly are more likely to have purchased equipment from targeted suppliers. Additionally, as explained below, this proposed rule could affect USF recipients that do not use prohibited equipment and service providers, depending on whether some of their subcontractors use them.
Continue Reading Covington Internet of Things Update: FCC Looks to Bolster the Communications Supply Chain

The “Internet of Things” (IoT)—the network of consumer devices connected to the Internet through digital connections and sensors—has dramatically grown over the past five years. A McKinsey analysis estimated that the potential annual economic impact of IoT in 2025 could be between $4 trillion and $11 trillion, with value accruing in manufacturing, urban spaces, human wellness, retail, autonomous vehicles, homes, and other sectors. An analysis by Gartner, Inc. estimated that in 2018, nearly 11.2 billion connected things will be in use globally, and that this figure will surpass 20 billion by 2020.

IoT already has global reach. Nearly one-third of the overall installed IoT base is located outside China, North America, and Western Europe. And although IoT use will continue to grow in commerce and industry, more than 63% of IoT-connected units are already available on the consumer market. Some “smart” consumer products—such as fitness monitors, wearable devices, smart thermostats, and smart TVs—are well-established. In the coming years, connected devices will continue to expand in other categories, including kitchen appliances, toys, and medical devices, among many others.
Continue Reading Covington Internet of Things Update: U.S., U.K., and E.U. Regulators Turn Focus to IoT

Two hundred billion IoT devices could be in use by 2020, according to one estimate cited in the World Economic Forum’s recent report, Mitigating Risk in the Innovation Economy.  This rapid integration of the digital world and the physical world presents unprecedented opportunities for businesses in a wide array of industries.  But it also

Inflection Point for IoT

In a relatively short amount of time, the adoption of the Internet of Things (IoT) and its applications— from smart cars to the myriad of interconnected sensors in the General Service Administration building reminiscent of HAL 9000 from 2001: A Space Odyssey— has rapidly proliferated, providing significant opportunities and benefits. However,

The US Information Security and Privacy Board (ISPAB) voiced concerns over potential harms resulting from a lack of controlled management of cybersecurity in wireless medical devices in response to the FDA’s  draft guidance, “Content of Premarket Submissions for Management of Cybersecurity in Medical Devices.”  ISPAB operates under the National Institute of Standards and Technology (NIST) in its Computer Security Division, and its goals include identifying emerging managerial, technical, administrative, and physical safeguard issues relative to information security and privacy.
Continue Reading US Information Security and Privacy Board Expresses Concerns about Management of Cybersecurity in Wireless Medical Devices

On March 29, the American Chamber of Commerce in China (“AmCham China”) released its 15th annual Business Climate Survey.  This year, AmCham China polled 325 of its members, most of which are U.S. companies operating in China.  According to AmCham China’s Chairman, this year’s results reflect “expectations for growth” tempered with “a more conservative

In his State of the Union message on Tuesday, President Obama announced that he had signed an Executive Order addressing the cybersecurity of  critical infrastructure.  President Obama emphasized that in the face of threats to corporate secrets, the power grid, and financial institutions, among others, “We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”

The Executive Order follows legislative efforts in the last Congress to pass comprehensive cybersecurity bills.  After the Cybersecurity Act of 2012 (S. 3414) failed to pass in August 2012, Deputy National Security Adviser John Brennan mentioned in an appearance at the Council on Foreign Relations that the President was considering issuing an Executive Order to implement portions of the cybersecurity legislation.  In the subsequent months, the White House sought industry input on the Order.

The Order has two main components: increasing information sharing from the government to the private sector and establishing a Cybersecurity Framework to buttress the security of critical infrastructure.
Continue Reading President Obama Issues Cybersecurity Executive Order

The Federal Communications Commission yesterday released a Smartphone Security Checker, a tool designed to help consumers secure their smartphones against mobile security threats.  The tool provides consumers with tips that are customized for four different mobile operating systems.  Many of tips focus on security-related topics.  For instance, the tool recommends that consumers set a