Subscribe: CircleID: News Briefs
Preview: CircleID: News Briefs

CircleID: News Briefs

Latest news postings on CircleID

Updated: 2016-09-30T22:44:00-08:00


IANA Transition Confirmed: US Governement to Handover IANA Contract to ICANN at Midnight


United States District Court for the Southern District of Texas Galveston Division has denied plaintiffs motion for a temporary restraining order thus allowing IANA transition to proceed as planned. — "A federal judge in the Southern District of Texas on Friday denied a last-ditch request for an injunction against the long-awaited shift of oversight of the Internet’s address book from the U.S. Department of Commerce to a non-profit organization," reports Elizabeth Weise in the USA Today: "U.S. Senator Brian Schatz (D-Hawaii), ranking member of the Senate Subcommittee on Communications, Technology, Innovation, and the Internet, said he was pleased the request, which he termed "baseless," had been denied." — "The most significant change in the internet's functioning for a generation will happen tonight at midnight," reports Kieren McCarthy in the Register: "At 12.01am Washington DC time, the US government will walk away from the IANA contract, which has defined how the internet has grown and been structured for nearly 20 years, and hand it over to non-profit organization ICANN." — "Contract expiration to end U.S. authority over Internet IP addresses," Craig Timberg reporting in the Washington Post: "Forty-seven years of U.S. government authority over the Internet’s most basic functions is slated to end Saturday, not with a celebration or a wake but with the quiet expiration of a contract. ... ICANN’s executives and board of directors, who oversee the organization day-to-day, will now report to what the group calls the Internet’s “stakeholder community” — a lightly defined mix of corporate interests, government officials, activists and experts spread across four international bodies." — "But it may not be the end of the Obama administration's political and legal headaches,"reports Tony Romm in Politico: "Even though the transition may proceed, the four states that sued this week could appeal — and they haven't ruled it out. A spokesman for Arizona Attorney General Mark Brnovich said the AG would "continue to explore our options for relief to unwind these improper acts by the Obama administration." — "Snowden legacy ... Efforts to make it truly neutral and global came back into the fore in 2013, after National Security Agency whistleblower Edward Snowden's revelations about the depth of U.S. Internet surveillance. That pushed ICANN to begin working on a new transition proposal," writes Elizabeth Weise in USA Today. — ICANN Board Chair Stephen D. Crocker / 1 Oct 2016: "This transition was envisioned 18 years ago, yet it was the tireless work of the global Internet community, which drafted the final proposal, that made this a reality. This community validated the multistakeholder model of Internet governance. It has shown that a governance model defined by the inclusion of all voices, including business, academics, technical experts, civil society, governments and many others is the best way to assure that the Internet of tomorrow remains as free, open and accessible as the Internet of today." Follow CircleID on TwitterMore under: ICANN, Internet Governance, Policy & Regulation [...]

Restraining Order Filed by US States' Attorneys in the Final Hours of IANA Transition


UNITED STATES DISTRICT COURT for the SOUTHERN DISTRICT OF TEXAS GALVESTON DIVISION UPDATE 30 Sep 2016: Court denies Plaintiffs motion for a temporary restraining order allowing IANA transition to proceed as planned. * * * With less than 24 hours to go before the historic contractual relationship between the US government and ICANN is set to expire, a motion hearing is expected to be held today based on a lawsuit filed in federal court in Texas by four states' attorneys generals which could lead to NTIA facing the possibility of a temporary injunction. — Texas Attorney General Ken Paxton along with Arizona Attorney General Mark Brnovich, Oklahoma Attorney General Scott Pruitt, and Nevada Attorney General Adam Paul Laxalt have filed the lawsuit in Texas in U.S. District Court Southern District of Texas, Galveston Division. The "Plaintiff States" are seeking declaratory and injunctive relief against the National Telecommunications and Information Administration (NTIA); the United States of America; the United States Department of Commerce; the Secretary of Commerce; and the Assistant Secretary for Communications and Information. — But "attempt to enjoin the IANA transfer is baseless," says law professor Michael Froomkin: "The APA claim is bogus. I think they lack standing for the property claim. The property claim is also meritless, as the government is not giving away any property it "owns". The US is letting go of a contractual right to veto alterations to the data in a computer file (the root zone file) held on a privately owned machine. There is no intellectual property right because the contents of the file are in the public domain, and US law would not recognize this as a compilation copyright. What's at issue in the IANA transfer is the loss of the US government's right to veto authoritative changes to the file, not to own the contents." — "The transition is not 'giving the Internet away,' neither to foreign governments nor to ICANN," says Milton Meller, Professor at Georgia Institute of Technology School of Public Policy: "It is giving the Internet to the people — the people who use it, operate its infrastructure and run its services. The people of the Internet — the 'global multi-stakeholder community' to which the Commerce Department referred in March 2014 when it kicked off the stewardship transition — are not confined to the United States. They are everywhere. If freedom entails the right to self-governance, then the transition promotes and advances it." — Update 30 Sep 2016: Organizations and individuals within the Internet's technical community file an amicus brief in the lawsuit filed by the Attorney Generals of Arizona, Texas, Oklahoma and Nevada seeking to enjoin the IANA Stewardship Transition: "This is a vitally important and dangerous case, and Plaintiff Arizona has filed a last-minute motion for an extraordinary injunction: it asks the Court to force the United States to enter into a contract that the Government has determined is not in the interest of the United States. The Plaintiffs, who failed to participate in an open, transparent, two-year process of deliberating and reaching consensus on the IANA stewardship transition, now urge the Court to act hastily on claims that are baseless. A temporary restraining order to disrupt that transition would pose a significant threat to a free and open Internet and its many stakeholders both in the United States and across the world. The gravity of the threat has brought major organizations and experts together as Amici here in record time, filing this brief less than 24 hours after first hearing about the lawsuit and motion. The Amici urge the Court to deny the motion." (HT John Levine, see Comment #1) — Update 30 Sep 2016: Court denies Plaintiffs motion for a temporary restraining order thus allowing IANA transition to proceed as planned. — Official order released: "The Court DENIES The Application for Declaratory and Injunctive Relief, for the reasons [...]

Cameras, DVRs Used for Massive Cyberattack on French Hosting Company and Others


"Hackers infect army of cameras, DVRs for massive internet attacks," reports Drew Fitzgerald in the Wall Street Journal: "The assaults raised eyebrows among security experts both for their size and for the machines that made them happen. The attackers used as many as one million Chinese-made security cameras, digital video recorders and other infected devices to generate webpage requests and data that knocked their targets offline, security experts said. It is unclear whether the attackers had access to video feeds from the devices."

"If you thought that the massive DDoS attack earlier this month on Brian Krebs' security blog was record-breaking, take a look at what just happened to France-based hosting provider OVH," says Brandon Hill in HotHardware: "OVH was the victim of a wide-scale DDoS attack that was carried via network of over 152,000 IoT devices. According to OVH founder and CTO Octave Klaba, the DDoS attack reached nearly 1 Tbps at its peak.... Many of these types devices' network settings are improperly configured, which leaves them ripe for the picking for hackers that would love to use them to carry our destructive attacks."

Follow CircleID on Twitter

More under: Cyberattack, Security

Google Rebrands Portfolio of Products and Services as 'Google Cloud'


(image) Google announces the locations of eight new Google Cloud Regions – Mumbai, Singapore, Sydney, Northern Virginia, São Paulo, London, Finland and Frankfurt. (Click to Enlarge)Google's enterprise business is officially rebranded as Google Cloud, the company announced today at a San Francisco event. Diane Greene, Google Cloud's Senior Vice President writes: "Google Cloud spans every layer. ... our user facing collaboration and productivity applications — now named G Suite — all of our Machine Learning tools and APIs, the enterprise maps APIs and the Android phones, tablets and Chromebooks that access the cloud."

Greene added: "Today we are also introducing a significant lineup of new cloud technologies and machine intelligence capabilities as well as services, and we're showcasing how a cross-section of our customers and partners, including, Airbus, Home Depot, Snap Inc (formerly SnapChat), Evernote, Niantic Labs (Pokemon Go), Telus, Accenture and Pivotal use and work with Google Cloud."

Google Cloud Platform now serves over one billion end-users – To meet the growing demand, company also announced the locations of eight new Google Cloud Regions: Mumbai, Singapore, Sydney, Northern Virginia, São Paulo, London, Finland and Frankfurt. More regions to be announced next year.

Follow CircleID on Twitter

More under: Cloud Computing, Data Center

US Senators in Letter to Yahoo Say Late Hack Disclosure "Unacceptable"


"A group of Democratic U.S. senators on Tuesday demanded Yahoo Inc (YHOO.O) to explain why hackers' theft of user information for half a billion accounts two years ago only came to light last week and lambasted its handling of the breach as "unacceptable," reports Dustin Volz from Washington in Reuters. The lawmakers said they were 'disturbed' the 2014 intrusion, disclosed by the company on Thursday, was detected so long after the hack occurred. "This is unacceptable." The senators have asked Yahoo Chief Executive Officer Marissa Mayer for a timeline of the hack, its discovery and how such a large breach went undetected for so long.

Follow CircleID on Twitter

More under: Cyberattack, Security

What Trump and Clinton Said About Cybersecurity in the First US Presidential Debate


Donald Trump vs Hillary Clinton – First Presidential Debate 2016 / Hofstra University NYThe Internet and tech got very little mention last night during the first of three presidential debates. The only notable exception was cybersecurity where moderator Lester Holt asked: "Our institutions are under cyber attack, and our secrets are being stolen. So my question is, who's behind it? And how do we fight it?" Following are the responses provided to the question by the two candidates: * * * Hillary Clinton – Well, I think cyber security, cyber warfare will be one of the biggest challenges facing the next president, because clearly we're facing at this point two different kinds of adversaries. There are the independent hacking groups that do it mostly for commercial reasons to try to steal information that they can use to make money. But increasingly, we are seeing cyber attacks coming from states, organs of states. The most recent and troubling of these has been Russia. There's no doubt now that Russia has used cyber attacks against all kinds of organizations in our country, and I am deeply concerned about this. I know Donald's very praiseworthy of Vladimir Putin, but Putin is playing a really tough, long game here. And one of the things he's done is to let loose cyber attackers to hack into government files, to hack into personal files, hack into the Democratic National Committee. And we recently have learned that, you know, that this is one of their preferred methods of trying to wreak havoc and collect information. We need to make it very clear — whether it's Russia, China, Iran or anybody else — the United States has much greater capacity. And we are not going to sit idly by and permit state actors to go after our information, our private-sector information or our public-sector information. And we're going to have to make it clear that we don't want to use the kinds of tools that we have. We don't want to engage in a different kind of warfare. But we will defend the citizens of this country. And the Russians need to understand that. I think they've been treating it as almost a probing, how far would we go, how much would we do. And that's why I was so — I was so shocked when Donald publicly invited Putin to hack into Americans. That is just unacceptable. It's one of the reasons why 50 national security officials who served in Republican information — in administrations — have said that Donald is unfit to be the commander- in-chief. It's comments like that really worry people who understand the threats that we face. * * * Donald Trump – As far as the cyber, I agree to parts of what Secretary Clinton said. We should be better than anybody else, and perhaps we're not. I don't think anybody knows it was Russia that broke into the DNC. She's saying Russia, Russia, Russia, but I don't — maybe it was. I mean, it could be Russia, but it could also be China. It could also be lots of other people. It also could be somebody sitting on their bed that weighs 400 pounds, OK? You don't know who broke in to DNC. "But what did we learn with DNC? We learned that Bernie Sanders was taken advantage of by your people, by Debbie Wasserman Schultz. Look what happened to her. But Bernie Sanders was taken advantage of. That's what we learned. Now, whether that was Russia, whether that was China, whether it was another country, we don't know, because the truth is, under President Obama we've lost control of things that we used to have control over. We came in with the Internet, we came up with the Internet, and I think Secretary Clinton and myself would agree very much, when you look at what ISIS is doing with the Internet, they're beating us at our own game. ISIS. So we have to get very, very tough on cyber and cyber warfare. It is — it is a huge problem. I have a son. He's 10 years old. He has computers. He is so good with these [...]

IANA Transition Must Move Forward, Says Google Senior VP and General Counsel


"Preserving a Free and Open Internet," is the title of a post published today by Kent Walker, Google's SVP and General Counsel. He writes in part: "Why the IANA Transition Must Move Forward ... Although this is a change in how one technical function of the Internet is governed, it will give innovators and users a greater role in managing the global Internet. And that's a very good thing. The Internet has been built by — and has thrived because of — the companies, civil society activists, technologists, and selfless users around the world who recognized the Internet's power to transform communities and economies. If we want the Internet to have this life-changing impact on everyone in the world, then we need to make sure that the right people are in a position to drive its future growth. This proposal does just that."

Follow CircleID on Twitter

More under: ICANN, Internet Governance, Policy & Regulation

IP Address Information Misused by Authorities Says EFF, Not Enough to Justify Police Raids


(image) "Law Enforcement, Courts Need to Better Understand IP Addresses, Stop Misuse," says EFF in a whitepaper released on Thursday. Legal Fellow, Aaron Mackey writes: "[U]se of the IP address alone, without more, can too often result in dangerous, frightening, and resource-wasting police raids based on warrants issued without proper investigation… This paper explains how law enforcement and courts can use IP addresses responsibly in criminal investigations and provides specific suggestions to assist each of them."

— "IP addresses information isn't the same as physical addresses or license plates that can pinpoint an exact location or identify a particular person. Put simply: there is no uniform way to systematically map physical locations based on IP addresses or create a phone book to lookup users of particular IP addresses."

"The Constitution requires further investigation and corroboration of rumors and anonymous tips before police can rely upon them to establish probable cause authorizing warrants to search homes or arrest individuals. The same should be true of IP address information."

Follow CircleID on Twitter

More under: IP Addressing, Law, Policy & Regulation

Cybersecurity Regime for Satellites and other Space Assets Urgently Required, Warn Researchers


"A radical review of cybersecurity in space is needed to avoid potentially catastrophic attacks," warn researchers at the International Security Department of UK-based thinktank, Chatham House. The report titled, "Space, the Final Frontier for Cybersecurity?," released today is based on a multi-year study led by David Livingstone and Dr. Patricia Lewis. From the report: "The vulnerability of satellites and other space assets to cyberattack is often overlooked in wider discussions of cyberthreats to critical national infrastructure. This is a significant failing, given society's substantial and ever increasing reliance on satellite technologies for navigation, communications, remote sensing, monitoring and the myriad associated applications. Vulnerabilities at the junction of space-based or space-derived capability with cybersecurity cause major national, regional and international security concerns, yet are going unaddressed, apart from in some 'high end' space-based systems. Analysing the intersection between cyber and space security is essential to understanding this non-traditional, evolving security threat." Further notes include: — Satellite services are potential targets for a range of cyberthreats, as space supports a growing and increasingly critical level of functionality within national infrastructure across the world, stimulating economic growth. One attack on a key node in the space sector could have the leveraged potential to affect critical national and international capabilities. This dependency on space is not unique to developed states; most countries will have similar vulnerabilities. — Cyberattacks on satellites can include jamming, spoofing and hacking attacks on communication networks; targeting control systems or mission packages; and attacks on the ground infrastructure such as satellite control centres. Possible cyberthreats against space-based systems include state-to-state and military actions; well-resourced organized criminal elements seeking financial gain; terrorist groups wishing to promote their causes, even up to the catastrophic level of cascading satellite collisions; and individual hackers who want to fanfare their skills. — There is currently no coherent global organization with regard to cybersecurity in space. Development of a flexible, multilateral space and cybersecurity regime is urgently required Follow CircleID on TwitterMore under: Cyberattack, Security, Telecom [...]

Yahoo to Confirm Massive Data Breach, Several Hundred Million Users Exposed


"Yahoo is expected to confirm a massive data breach, impacting hundreds of millions of users," reports Kara Swisher today in Recode: "Yahoo is poised to confirm a massive data breach of its service, according to several sources close to the situation, hacking that has exposed several hundred million user accounts. ... The announcement, which is expected to come this week, also has possible larger implications for the $4.8 billion sale of Yahoo's core business — which is at the core of this hack — to Verizon." — UPDATE: Yahoo has confirmed the massive data breach affecting 500 million accounts. Reported by AP / 22 Sep 2016 — Verizon releases statement this afternoon regarding Yahoo security incident: "Within the last two days, we were notified of Yahoo's security incident. We understand that Yahoo is conducting an active investigation of this matter, but we other wise have limited information and understanding of the impact. We will evaluate as the investigation continues through the lens of overall Verizon intersets, including consumers, customers, shareholders and related communities. Until then, we are not in position to further comment." — Yahoo releases official statement: "A recent investigation by Yahoo! Inc. (NASDAQ:YHOO) has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor. The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network. Yahoo is working closely with law enforcement on this matter." Follow CircleID on TwitterMore under: Cyberattack, Cybercrime, Security [...]

Berners-Lee: Ted Cruz Wrong About How Free Speech Is Censored on the Internet


"Sen. Ted Cruz wants to engineer a United States takeover of a key Internet organization, ICANN, in the name of protecting freedom of expression," said Tim Berners-Lee and Daniel Weitzner in a co-op piece today in the Washington post: "[T]he misguided call for the United States to exert unilateral control over ICANN does nothing to advance free speech because ICANN, in fact, has no power whatsoever over individual speech online. ... There is no international law or treaty that calls the Internet into existence or forces everyone to use the same standards and technology. Rather, it is a voluntary effort of people around the world. ... ICANN is no 'mini-United Nations.'"

Follow CircleID on Twitter

More under: Censorship, ICANN, Internet Governance, Policy & Regulation

Close to 7.9 Million Domain Names Registered in Q2 2016


VeriSign, in its latest Domain Name Industry Brief, reports approximately 7.9 million new domain name registrations in the second quarter of 2016 which brings total number of domain name registrations to approximately 334.6 million across all top-level domains (TLDs) as of June 30, 2016.

— "The increase of approximately 7.9 million domain name registrations globally equates to a growth rate of 2.4 percent over the first quarter of 2016. Domain name registrations have grown by 38.2 million, or 12.9 percent, year over year."

— "The top 10 ccTLDs, as of June 30, 2016, were .tk (Tokelau), .cn (China), .de (Germany), .uk (United Kingdom), .ru (Russian Federation), .nl (Netherlands), .br (Brazil), .eu (European Union), .au (Australia) and .fr (France)."

— "As of June 30, 2016, new gTLDs (ngTLD) totaled 22.0 million domain name registrations, which represents 6.6 percent of total domain name registrations. The top 10 ngTLDs represented 61.5 percent of all ngTLD domain name registrations."

Follow CircleID on Twitter

More under: Domain Names, Top-Level Domains

UK's National Cyber Security Centre Reveals Plans to Scale Up DNS Filtering


Speaking at the Billington Cyber Security Summit in Washington DC, Ciaran Martin, head of UK's Government Communication Headquarters (GCHQ) and the first Chief Executive of the new National Cyber Security Centre (NCSC), set out how the new organization will use DNS filters as part of its plan to curb cyberattacks: "[W]e're exploring a flagship project on scaling up DNS filtering: what better way of providing automated defences at scale than by the major private providers effectively blocking their customers from coming into contact with known malware and bad addresses? Now it's crucial that all of these economy-wide initiatives are private sector led. The Government does not own or operate the Internet. Consumers must have a choice. Any DNS filtering would have to be opt out based. So addressing privacy concerns and citizen choice is hardwired into our programme."

Follow CircleID on Twitter

More under: Access Providers, Cyberattack, DNS, Security

Internet, Mobile Connectivity a Lifeline for Refugees, Reports UNHCR


(image) "Many refugees regard a connected device as being as vital to them as food, water or shelter," according to a new report from the UN Refugee Agency (UNHCR), and Accenture. The report, titled "Connecting Refugees: How Internet and Mobile Connectivity Can Improve Refugee Well-being and Transform Humanitarian Action," is based on research undertaken in 44 countries on four continents.

"Refugees living in urban areas tend to have similar access to mobile networks as other urban populations, but for refugees in rural locations the picture is very different, with only one in six refugees located in areas with 3G access, and one in five rural refugees having no mobile coverage at all — significantly lower than for the population at large. This effectively prevents many refugees from participating in the cultural, educational, and economic activity that connectivity affords."

"Private-sector partnerships are essential to scale the connectivity interventions globally... Companies and corporations bring global reach, innovative business models, experience in the communications and telecommunications industries, relationships with government regulators and financial and human resources, all of which will be instrumental to connecting the world's refugee population." –Roger Ford, ADP managing director

Follow CircleID on Twitter

More under: Access Providers, Broadband, Mobile

US Senate Judiciary Subcommittee Hearing Held on IANA Transition


US SENATE JUDICIARY SUBCOMMITTEE HEARING, SEPTEMBER 14, 2016"I urge you: Do not give a gift to Russia and other authoritarian nations by blocking this transition," Lawrence Strickling, administrator of the U.S. Commerce Department's National Telecommunications and Information Administration, said on Wednesday at a Senate Judiciary Subcommittee Hearing Held on IANA Transition. – Dustin Volz reporting in Reuters — "Sen. Ted Cruz warned Commerce Department officials they could face jail time for their efforts to hand control of the internet's domain name system to an international group, saying they violated congressional funding restrictions. ... employees are at risk of 'personal criminal liability of up to two years in prison' because, he alleged, they overstepped provisions in the last government spending bill that prevent them from using funds to carry out the transition." – Ashley Gold reporting in Politico — "Iowa Republican Sen. Chuck Grassley accused the Obama administration of ending the government's role 'for political reasons' and said there are significant unanswered questions about whether the transfer yields 'an unconstitutional transfer of United States government property.' He worries ICANN could eventually be susceptible to corruption and that the planned transfer is 'misguided, and at best, premature.' – Washington correspondent, Katie Leslie reporting in the Dallas Morning News — Leslie: "Steve Del Bianco, the executive director of Netchoice, a trade association of eCommerce businesses, warned against the U.S. breaking its 18-year-long commitment. ... 'What is the real reason to defer the transition? That's the question we didn't really learn today,' he said following the hearing. 'There seems to be some hope of retaining a level of control we never had.'" Follow CircleID on TwitterMore under: ICANN, Internet Governance, Policy & Regulation [...]

Schneier: "Someone Is Learning How to Take down the Internet"


"Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet," wrote renowned security expert, Bruce Schneier, in a piece published in Lawfare: "These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don't know who is doing this, but it feels like a large nation state. China and Russia would be my first guesses."

The attacks are larger, last longer and more sophisticated: "And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue."

Companies forced to reveal their defense capabilities: "These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they've got to defend themselves. They can't hold anything back. They're forced to demonstrate their defense capabilities for the attacker."

Follow CircleID on Twitter

More under: Cyberattack, Security

Internet Architecture Board: IANA Transition Plan Is Fit for Purpose, Should Go Forward as Planned


The Internet Architecture Board (IAB) statement on the IANA Stewardship Transition released on Wednesday: "Our assessment, as the oldest technical community using the IANA functions, is that the transition plan is fit for purpose and that the IANA stewardship transition should go forward as planned on September 30, 2016. ... We note that recent attention to the transition has sometimes engendered misunderstandings about the nature of the existing system.  Some have presumed that the effort is one that relates to control of Internet infrastructure, speech, content, or security.  None of those are within the purview of IANA staff."

Follow CircleID on Twitter

More under: ICANN, Internet Governance, Policy & Regulation

U.S. Justice Department Forms Group to Study National Security Threats of IoT


"The U.S. Justice Department has formed a threat analysis team to study potential national security challenges posed by self-driving cars, medical devices and other Internet-connected tools," reports Dustin Volz from Washington in Reuters: "The new group's goal is to secure the so-called 'internet of things' from exploitation by 'terrorist threats' and by others who might try to hack devices to cause loss of life or achieve political or economic gain, according to Assistant Attorney General John Carlin, head of the Justice Department’s national security division."

Follow CircleID on Twitter

More under: Cyberattack, Internet of Things, Security

New York’s Department of Financial Services Issues Cybersecurity Proposal


"New York state is proposing new rules requiring banks and insurance companies to establish cybersecurity programs and designate an internal cybersecurity officer, in what Gov. Andrew Cuomo described as a 'first-in-the-nation' move to codify cyber safety policies," reports Greg Farrell in Bloomberg: "The new regulations, proposed by New York’s Department of Financial Services, will apply only to banks and other financial services companies licensed by the Empire State and not to nationally chartered institutions."

Follow CircleID on Twitter

More under: Cyberattack, Cybercrime, Policy & Regulation, Security

GAO Rules IANA Transition Not a Transfer of Government Property Requiring Congressional Approval


The Untied States Government Accountability Office (GAO) has concluded that the IANA transition is not a government transfer of property requiring congressional approval. Critics concerned about the hand-off to a multistakeholder model — and the potential influence of countries like China and Russia — had suggested it was such a property transfer needing Congressional sign-off.

From the GAO Report: "We find it is unlikely that either the domain name system or the authoritative root zone file (the "address book" for the top-level domain) is U.S. Government property under Article IV. We also find the Government may have certain data rights, and has limited intellectual and tangible property, all of which constitute Article IV property, but that property will be retained and not disposed of in connection with the transition. Finally, the Government has a contractual right to continued performance by the entities carrying out the IANA functions and related services. That right, which also constitutes U.S. Government property, would be disposed of if NTIA terminates the agreements rather than allowing them to expire, but NTIA has the requisite authority to dispose of this Government property interest."

Follow CircleID on Twitter

More under: ICANN, Internet Governance, Policy & Regulation