News Summary

How One Energy Department Lab Uses Physics to Boost Cybersecurity

How One Energy Department Lab Uses Physics to Boost Cybersecurity

Source: Fed Tech Magazine | Phil Goldstein | August 17, 2017

The cutting-edge security technology could make it easier to defend critical energy sector infrastructure.

It’s drilled into businesses and government agencies alike: encrypt your data. But what if normal encryption is not enough?

The Energy Department’s Oak Ridge National Laboratory (ORNL) has designed a cybersecurity protocol that uses physics to make it faster and more secure to share and protect encrypted data. ORNL has non-exclusively licensed the technology to Qubitekk, a San Diego-based company that develops quantum cryptography solutions to secure machine-to-machine communications.

The hope is that this technology, which uses quantum light particles (known as photons), will allow federal IT security professionals, and those in the private sector, to better protect critical network infrastructure in the energy sector.

How to Harness Photon Technology

Current encryption techniques use mathematical algorithms to code information that can only be deciphered by a recipient who knows the encryption key. However, in a statement, ORNL notes that cybersecurity threats in the energy environment are growing in frequency, scaleand sophistication.

Photons have numerous properties and can be used in quantum computing or to protect sensitive information, quantum researchers found. However, according to the ORNL statement, systems that emit single photons typically do so randomly, and it is difficult to generate them deterministically, or when they are needed. The ORNL researchers used a method for their solution known as down-conversion, which produces two photons instead of one. This is accomplished by detecting one of the photons to signal the presence of the other.

“The trick then is to direct the heralded photon using a combination of high speed and low-loss operations, so that it appears when needed,” Warren Grice of ORNL’s Computational Sciences and Engineering Division says in the statement.

An existing Qubitekk prototype will leverage ORNL’s technology to enhance encryption. Photo credit: Oak Ridge National Laboratory

To keep from losing the photon pairs, the team built upon the concept of multiplexing, an approach that uses a series of light-source systems comprising components common in fiber optics. The ORNL system switches the speed and frequency of the heralded photon, allowing the researchers to carry out switching in the frequency domain that potentially reduces single-photon loss.

“The goal is to specify and control every aspect of the photon’s quantum state, constraining everything to a single mode so that the photons emitted from the single-photon source are identical — each one indistinguishable from the next,” says Nicholas Peters, another co-inventor of the technology.

Security Applications of Photon Technology for the Energy Sector

What is the upshot of all this for cybersecurity? The identical photon pairs can be used to develop quantum key encryption technologies that protect information from malicious cybersecurity threats when shared over existing machine-to-machine networks.

The technology could allow those who run the networks used to control power grid operations to detect, in real time, the presence of an adversary attempting to intercept the exchange of secret keys used in cryptographic algorithms that protect energy sector information. The technology has the potential to enhance the energy sector’s resiliency against a cyberattack.

Qubitekk, which has been developing a quantum encryption device based on the single-photon source concept, hopes to strengthen that technology through further development of ORNL’s new approach.

“The idea of a nearly on-demand, single-photon source can be used to increase the speed, or data rates, and the distance you can send the quantum keys when transmitting encrypted information,” Duncan Earl, president and CTO of Qubitekk, says in the statement. “The ORNL technology could address both of those issues, which could move our product closer to commercialization.”

Earl is a former ORNL researcher who worked with the lab’s Cyber Warfare group and the Quantum Information Sciences team.

Qubitekk plans to integrate its existing technology with ORNL’s, which could either increase quantum encryption data rates tenfold or maintain current data rates over much longer transmission distances.

Earl expects Qubitekk to further develop the single-photon source design and plans to advance to field trials with the company’s existing customers, including California-based utility companies. ORNL will provide additional support as needed.

EDGE Security Conference Planners Hope to Double Last Year’s Attendance

Source: | Tom Ballard | July 12, 2017

With the event only a few months away, details about the second annual “EDGE Security Conference” are coming together.

Set for October 17 and 18 at the Knoxville Convention Center, this year’s event features daily keynote presentations by well-known speakers plus a line-up of other industry experts that currently totals about 30. The first day of the conference will feature Charlie Miller and Chris Valasek, the renowned “White Hat” Hackers that are responsible for the Jeep Cherokee hack,  while day two is keynoted by Major General Brett Williams who formerly headed the U.S. Cyber Command.

“The success of our first EDGE empowered us to build upon last year’s speaker quality in order to feature even more impressive content this year,” says Mike Mangione, Vice President of Business Strategy and Marketing for Sword & Shield Enterprise Security.

The Knoxville-based company is the presenting sponsor, but Mangione emphasizes that EDGE is an industry conference and community event.

“It’s important to us to build a platform that offers balanced information from multiple perspectives to make this conference a valuable use of time for our attendees,” he notes. “We will even have some of our industry competitors speaking, sponsoring and exhibiting.”

Last year’s inaugural EDGE conference drew about 350 people. The goal for this year’s event is 600 to 700 attendees. EDGE is well on its way to fulfilling this aspiration, with more than 200 pre-registered at the early bird price. To accommodate the larger crowd, Sword & Shield moved the conference to the Knoxville Convention Center.

“Our overall theme is to create true collaboration where complex business security problems meet real-world solutions,” Mangione says, adding that many cybersecurity conferences are very theoretical. “We want attendees to be able to go back to their offices and immediately implement solutions they heard about at EDGE.”

During our recent interview, Mangione talked about a focus on converging two communities – those in cybersecurity and the Knoxville area.

“EDGE is a boost for the city,” he says. “There are not many easily accessible cybersecurity conferences on the East Coast. This is an opportunity to bring a cybersecurity focus to a location that is already a center for impressive technical resources.”

As previously reported in several articles on, there is an on-going effort to brand the region’s strengths under a new initiative named the Cyber and Information Security Consortium. John McNeely, President and Chief Executive Officer of Sword & Shield, is a major player in that effort that also includes CISCO Systems, Oak Ridge National Laboratory, University of Tennessee, and Pellissippi State Community College.

That focus includes having those within the region, as well as those from other areas, to understand why Knoxville is an ideal location for a premier security conference.

“Part of our goal with EDGE is to bring more awareness of Knoxville’s strengths – technology generally and cyber security specifically,” Mangione added. “It just makes sense.”

With just one year of branding, one might think that recruiting speakers to EDGE could be a challenge, but the opposite is true.

“This year, they are finding us,” Mangione says. “We’re excited about the quality of the content we’ll be able to provide our attendees. It’s going to be a great conference.”

Go to the conference website to see an updated list that as of the writing of this article included:

  • Chris Poulin, Principal and Director of Booz Allen Hamilton;
  • Stephen Fridakis, Chief Information Security Officer for HBO;
  • Ben Johnson, Co-Founder of Carbon Black;
  • Larry Bray, Security Advisor at BIMASS;
  • William Dixon, Vice President with Stroz Friedberg’s Security Science Practice; and
  • Paul Coggin, Cybersecurity Research Scientist at Wells Fargo.

Those interested in sponsoring can find more information here. To register, click here.

Howerton Represents CNS on Cyber Consortium Board

Source: CNS | May 2 ,2017

Travis Howerton, senior director of Transformation, is representing Consolidated Nuclear Security (CNS) on the Cyber and Information Security Consortium. The group is a non-profit corporation formed last year by Oak Ridge National Laboratory (ORNL) and the University of Tennessee (UT), along with Cisco Systems, Y-12 National Security Complex, Sword & Shield Enterprise Security, the East Tennessee Economic Council, and other private corporations, to position the region as a national leader in the development and deployment of cutting-edge cyber security technologies.

“The consortium is still in early phases,” said Howerton. “Membership is growing, and they do two big get-togethers per year. We are working at the state level now to gain grant money to expand capabilities.”

Howerton said the consortium has a variety of roles and interests, including peer networking and recruiting of cyber talent; workforce development (partnering with colleges and universities on a talent pipeline, just signing an agreement with Pellissippi State Community College); and public awareness of policy issues (currently working with UT’s Baker Center on education about cyber issues). Most of the research and development is driven by ORNL, but there are some longer-term interests based on CNS work.

“Right now, it is a chance for CNS to be seen in the community and working with others on an initiative that could solve some meaningful problems in our area and grow jobs over the mid to long term.

DOE Releases Results of Energy Cybersecurity Emergency Exercise

DOE Releases Results of Energy Cybersecurity Emergency Exercise

Source: Daily Energy Insider| | April 25, 2017

The U.S. Department of Energy (DOE) recently released the findings and recommendations from Liberty Eclipse, a multi-state cyber-energy preparedness exercise hosted by DOE and the National Association of State Energy Officials (NASEO) in December 2016.

The exercise simulated a cyber attack on the energy infrastructure, including electricity, gasoline, jet fuel, heating oil, and other energy services, of several Northeast and Mid-Atlantic states. It brought together officials from State Energy Offices, Public Utility Commissions, State Emergency Management Agencies, private sector energy supply owners and operators, DOE and other federal agency representatives and critical energy infrastructure stakeholders.

“The results of this exercise reaffirm the importance of energy emergency mitigation and response planning,” David Terry, executive director of NASEO, said. “This type of planning enhances states’ capacity to respond to energy supply disruptions, facilitates sharing of best practices, and aides in identifying ways to mitigate risks in the future.”

Liberty Eclipse was developed in response to direction from Congress under the Fixing America’s Surface Transportation Act (FAST Act). The FAST Act calls for increased coordination among DOE, states and the oil and gas industry to develop energy assurance and emergency plans, training, and exercises.

In order to develop energy emergency response plans, states use U.S. State Energy Program (SEP) funds at the direction of their governors. State Energy Offices and their partners then engage with experts from DOE’s Office of Electricity Delivery and Energy Reliability and the private sector to support Emergency Support Function #12, the federal emergency support function for energy, through programs such as the Liberty Eclipse Exercise.

Cybersecurity And The Board

Cybersecurity And The Board

Source:  Forbes | Tech Council and Juliette Rizkallah | April 25, 2017

Data breaches. First, they were the concerns of CISOs and CIOs. Some even lost their jobs after overmediatized breaches.  Then CEOs got the spotlight, especially as brand reputations were damaged and customers left angry and churning. Today, board members are increasingly more involved in discussions around companies’ cybersecurity and measures needed to prevent being thrown into the next big headline..

We've come a long way from the days where board members would ask: Are we secure? They are now requesting scorecards that measure company security posture. They are also asking more questions related to regulations and how security controls can help demonstrate compliance. Soon, we will see boards demanding quarterly cybersecurity briefings -- some directly presented by the CISO -- rather than relying on the occasional update from the company security committee.

Because cybersecurity has experienced a "personality transformation" in recent years, the nature of boards’ attention to cybersecurity is also evolving. Before, it was all about the hardware of the enterprise -- its networks, firewalls and physical location itself. Fast-forward to 2017, and cybersecurity is now wholly centered on the less tangible and harder-to-control pieces: identities. Hackers today prefer people (through social engineering, phishing and other sneaky ways of getting a human to make a mistake) as their attack target du jour, and views on security and the attention of board members have shifted to identity.

This is an important shift, and, interestingly enough, board members will most likely play three very different roles when dealing with identity.

Boards As Targets

As we saw with the now-infamous breach of Colin Powell's email, which exposed a Salesforce M&A target list, board members are and will continue to be hackers’ targets. Board members communicate regularly via email with the companies they advise. Many times, they use their personal email accounts to communicate, which are typically less secure than corporate accounts. Most of the time their communication deals with very sensitive data: M&As, new market entry, personnel reshuffling and reorganization, and the usual financial data. That information, which is usually protected by a company’s full security infrastructure, is just sent over email via a file attachment to a group of directors, easily identifiable and therefore increasingly targeted.

A survey presented by Diligent Corporation's Dottie Schindlinger at the NYSE Governance Services Cyber Risk Board Forum in February reported that 60% of board directors use personal email regularly to communicate with fellow directors and executive management; 48% use their personal PCs or other devices to download board books and company documents; and 22% of them store these documents long-term on their devices.

The survey also reports that despite the mounting risk surrounding board communications, the main driver in deciding how communications between a board and its company are conducted remains with the board chairmen and not the IT department -- making board members that much more susceptible to a data breach.

Click here to read the rest of the article.

7 Cities That Could Become the World’s Cybersecurity Capital

7 Cities That Could Become the World’s Cybersecurity Capital

7 Cities That Could Become the World’s Cybersecurity Capital

Source: Fortune | Jeff John Roberts | April 6, 2017

The film industry has Hollywood, the banks have Wall Street, and tech has Silicon Valley. But so far the fast-growing cybersecurity industry—slated to pull in more than $100 billion a year by 2020—has no obvious place to call home.

If you believe in the theory of economic clusters, popularized in a 1998 HBR article by professor Michael Porter, the cyber business is exactly the sort of industry that could give rise to a regional hub or cluster—a "Cybercon Valley" if you will.

Clusters, recall, represent a geographic region where an intangible mix of people, education, and economic factors create an interdependent network of businesses and institutions. As those ties become stronger, it becomes virtually impossible for a competing city to disrupt or replace the cluster. That's why, despite innumerable efforts to copy them, there's still only one Silicon Valley or Hollywood.

What makes the race to build a regional cyber center so interesting is that there are all sorts of places right now claiming they have the secret sauce to win the crown. But so far, there is no obvious winner.

If a dominant cyber hub does emerge, it will likely have most or all of the following attributes: proximity to a research university; a large population of hackers or military types; access to angel and venture capital; a culture of cooperation and entrepreneurship.

To figure out which cities fit this bill, Fortune talked to investors, entrepreneurs, and academics. Based on those conversations, here are seven leading contenders: five in the United States and two abroad.

The choices here are subjective, of course, and it's possible a place not on this list could emerge as the winner. (Other names that have come up in discussion include the likes of Seattle, San Antonio, and Huntsville, Ala.).

But for now, here are the seven cities most destined to become the capital of the cybersecurity industry.


The name of Georgia's biggest city came up again and again in discussions about serious cyber tech centers. Its boosters pointed to the presence of Georgia Tech, a vibrant corporate and funding eco-system, and local champions like Tom Noonan, who one VC dubbed the "godfather of Atlanta's cyber-scene."

The city also has some remarkable companies that are not named Coca-Cola or CNN. These include Pindrop—a fast-growing startup backed by the likes of GV and Andreessen Horowitz—which uses sophisticated analytics to root out phone fraud.

Washington D.C.

"I’ve voted with my dollars and feet on two places that have better a chance than Silicon Valley [of being the leading cyber center]," says David Cowan, a well-known partner at Bessemer Venture Partners, while talking up the benefits of the D.C. area. (The other place, according to Cowan is Tel Aviv.)

The obvious advantages include proximity to the defense industry and to elite military talent with the hacking skills in demand at many cyber companies. Meanwhile, local governments—like nearby Howard County—are flexing their political pull to make the region the cyber center of gravity.

Not everyone buys D.C.'s cyber-story, however. Martin Casado, a partner at Andreessen Horowitz, cautions the area is tilted heavily to "people from government who want to sell to government," which complicates an organic business ecosystem.

Silicon Valley

Casado, the D.C. skeptic, is a bigger booster of his home turf. He and several entrepreneurs made the case that Silicon Valley is destined to be the world's cyber capital for the very same reasons it is the world's tech capital: its unique mix of capital, entrepreneurship, elite developers, and tech geniuses.

"Having created companies in Silicon Valley, I can say starting a company here is like getting a job somewhere else," Casado says. "I jumped easily from Stanford to starting a company. From HR to finance to legal to funding—that whole network exists. It's such a self-fulfilling ecosystem."

Casado downplays theabsence of a major military presence in the Valley, saying it's not an essential ingredient for a cyber cluster. The presence of next generation cyber titans, such as Tanium and Palantir, suggests he might be right.

Tel Aviv

Israel's capital is another place that came up in every single discussion of leading cybersecurity centers. Tel Aviv is a powerhouse in other tech fields, including ad-tech, but is especially notable in cyber thanks to big names Check Point and Forescout as well as Team8, a security-focused incubator.

Many people attribute Tel Aviv's cyber prowess to its universal military service, which includes the famous SigInt and code-cracking outfit known as Unit 8200. According to Cowan, the unit creates a "great flow of talent that produces 1000 cyber warriors every year."


Boston is another place that comes up when people talk about cyber centers—though its place on the list may have more to do with past glories than present reality. The area helped to pioneer the cybersecurity industry in the 1980's with the likes of RSA (now owned by Dell), but lost momentum amid the general ascendance of the west coast tech scene.

Still, the Boston area's research prowess remains world class, and has produced some newer cybersecurity stars, including IPO-bound Carbon Black and the software analysis firm Veracode, which was acquired last month by CA Technologies.


Britain is known for its top-notch intelligence services, including GCHQ, which has helped to make London a player in the cybersecurity industry. The city's role as a global financial and diplomatic center also serves to support a cyber ecosystem, though it lacks the easy access to venture capital that is fueling the U.S. industry.

Its notable companies include fast-growing Darktrace, which helps companies track online intruders, and Digital Shadows, which scours the internet for digital risks to firms.

Augusta, Ga.

This small city is a dark horse when it comes to winning the race to be a cyber capital. But while some scoff at the idea of Augusta emerging as a major player (skeptics point to the city's out-of-the-way location and small size), it does have some distinct advantages—most notably nearby Fort Gordon, which the Pentagon designated as the new home of the Army's Cyber Command.

Brooks Keel, the President of Augusta University, says the town is preparing for “cyber tsunami” of approximately 4000 families, and the school will provide complementaryeducation to support this. Meanwhile, Augusta is hoping a $50 million cyber grant from the state and presence of firms like Unisys and Ratheon will lead to a bonanza of spin-offs and startups.


So what city will take the cyber capital crown? Possibly none of them. Or to put it in a more positive way, all of them.

That's because, as the venture capitalists Cowan and Casado pointed out, the cybersecurity industry might continue to flourish without a dominant region. In their views, the industry is not like Hollywood, which requires a specific economic infrastructure to make a movie, but one in which successful firms can emerge from all over.

"I’ve seen good cyber companies built everywhere," says Cowan. That amounts to good news for all of the cities on the list, and many others as well.

Lenvio Inc. Exclusively Licenses ORNL Malware Behavior Detection Technology

Source: EurekaPress | ORNL Release | April 6, 2017

Virginia-based Lenvio Inc. has exclusively licensed a cyber security technology from the Department of Energy’s Oak Ridge National Laboratory that can quickly detect malicious behavior in software not previously identified as a threat.

The platform, known as Hyperion, uses sophisticated algorithms to seek out both legitimate and malicious software behavior, identify malware such as viruses or executable files undetected by standard methods, and ultimately help reduce the risk of cyberattacks.

Hyperion’s development began over a decade ago as an experiment by ORNL cybersecurity researchers to explore the emerging science of software behavior computation.

They determined that the behavior approach outperforms signature detection, which only searches for syntactic patterns that are easily hidden within a program’s code, according to ORNL’s Stacy Prowell, chief cyber security research scientist.

“These behaviors can be automatically checked for known malicious operations as well as domain-specific problems,” Prowell said. “Hyperion helps detect vulnerabilities and can uncover malicious content before it has a chance to execute.”

Hyperion introduces behavior computation as a new weapon for enterprise-level customers in the fight against large-scale cybersecurity threats.

“For us, software with unknown behavior has unknown security, which is problematic for global cybersecurity,” said B.K. Gogia, Lenvio’s chief executive officer. “Current methods are increasingly overwhelmed by the sophistication of attacks often precipitated by stealthy zero-day or sleeper code vulnerabilities. With Hyperion, we’re offering a new class of cyber protection.”

The Transition to Practice program, which is part of the Department of Homeland Security’s Science and Technology Directorate, had selected the technology for its market-transition program. TTP identifies promising technologies in national laboratories and helps transition them into product-level capabilities for commercial markets. As a result of participation in TTP, Hyperion was licensed non-exclusively by R&K Cyber Solutions in 2015.

Lenvio, which launched as a spin-off company from R&K in April 2016, has invested substantial funds and time to transform Hyperion from proof-of-concept into a capable and reliable commercial product. The previous non-exclusive license to R&K was discontinued by mutual agreement, and the exclusive license for Hyperion was awarded to Lenvio.

“Obtaining an exclusive technology license from ORNL helps us secure a more competitive position to commercialize Hyperion as we grow our company,” Gogia said.

Lenvio will continue to work with ORNL on co-authored publications and exploring opportunities for joint research and development.

The licensed intellectual property includes a copyright on the computer code and two patent-pending technologies invented by Kirk Sayre, Rima Awad, Stacy Prowell and former ORNL employee Stephen Lindberg of the Computational Sciences and Engineering Division and former ORNL employee Richard Willems of the Electrical and Electronics Systems Research Division. Others contributing to the technology were David Heise, Kelly Huffer, Mark Pleszkoch, Joel Reed and former ORNL employee Logan Lamb of the Computational Sciences and Engineering Division and Rick Linger, former ORNL Hyperion team member who is now Lenvio’s chief technology officer.

This technology was funded, in part, by DOE’s Office of Electricity Delivery and Energy Reliability’s (OE) Cybersecurity for Energy Delivery Systems Program to help reduce the risk that a cyber incident might disrupt energy delivery. Since 2010, OE has invested more than $210 million in a wide range of cybersecurity research, development and demonstration projects that are led by industry, universities and national laboratories. As a result, more than 35 new tools and technologies that OE investments have helped support are now being used to further advance the resilience of the nation’s energy delivery systems.

How CISOs Can Create a Balanced Portfolio of Cybersecurity Products

How CISOs Can Create a Balanced Portfolio of Cybersecurity Products

ource: ForbesDan Woods | Mach 26, 2017  (Opinions expressed by Forbes Contributors are their own.)

We’re entering a world of deepening complexity and far vaster breadth when it comes to security for the modern enterprise. With companies integrating legacy data centers, manufacturing facilities, and networks with the cloud and the Internet of Things (IoT), all connecting to an uncontrollable mass of independently governed endpoints, CIOs and CISOs face a constant challenge of trying to decide what to protect and how to protect it.

When thinking about how companies should choose to spend their security dollars, I find the framework created by the National Institute of Standards and Technology (NIST) to be a great guide, although many security professionals also rely on ISO 27001. The NIST framework offers five main functions companies need to be able to address in their approach to cybersecurity: 1) Identify; 2) Protect; 3) Detect; 4) Respond; and 5) Recover. Within this excellent taxonomy of security capabilities, categories like asset management, risk management, and governance are under the identify function, access control, maintenance, and data security fall under protect, while monitoring and anomalous events fall under detect. Respond includes response planning, communications, and mitigation, while recover includes communications taken in the wake of an attack, recovery planning, and improvements to systems and procedures.

Keeping your balance when designing a security portfolio is just as hard as it looks

I highly recommend keeping that framework in mind as you approach decisions about your security spend, but it’s crucial to note that it doesn’t address how to balance your spending across those categories and functions. Yet, the question of how to spread your limited dollars and resources over these categories to ensure your business is as protected as possible is paramount for today’s corporate landscape.

The NIST framework does provide some focus on portfolio analysis, including both the assets you need protected and the security used to protect them. This focus is mainly in the framework’s Risk Assessment section, where there are guides offered for such things as system security plan development, contingency planning, conducting risk assessments, and mapping information types to security categories to name just a few. The NIST framework, just as with other structures like it, helps companies to organize a holistic approach to security. But the portfolio and product analysis framework needs more fleshing out, which is part of the reason for this series of articles. It’s also important to remember that even with a strong security portfolio, there still needs to be security officer(s) matching the needs of the business to the framework and available technologies. Also, in this series we are focusing on analysis of technology products primarily. It is vital to remember that a fully realized vision for security must integrate people, process, and technology products. We are assuming that the people and process aspects are being designed carefully as well in combination with an analysis of technology products.

This is the first article in a series on building the right cybersecurity portfolio for your business. This piece includes the first two steps (Determine Needs, Allocate Spending According to Risk) companies should take when creating that portfolio. Subsequent articles will cover steps three through five (Design Your Portfolio, Choose the Right Products, Rebalance as Needed). This graphic shows all the steps:

Steps to creating a balanced security portfolio

I’ve written previously about modern enterprise security, and have compared proper security to anatomy and the human body, with companies needing a brain for comprehensive and analysis, eyes for searching and scanning for threats, ears for listening for abnormalities, waiting rooms for behavioral analysis, walls and locks for perimeter defense, and arms and hands to respond immediately to threats. And while this analogy works very well for thinking about what a specific product provides, I believe there’s another analogy more apt for thinking about your security spend.

(Click here to read the full article.)

The National Telecommunications and Information Administration Punches above its Weight

Source: The Brookings Institution | Stuart Brotman | March 20, 2017

For the first time in 25 years, Congress conducted hearings last month to reauthorize the National Telecommunications and Information Administration (NTIA). This Department of Commerce agency is tasked with advising the president on matters related to telecommunications and information policy. Consequently, its influence reaches the White House, either directly or through its sub-cabinet reporting structure. This makes NTIA a unique agency with two masters, able to speak on behalf of the executive branch or even the president himself under appropriate circumstances.

NTIA was created in 1978, when the executive branch reorganized the functions of the former White House Office of Telecommunications Policy and the Commerce Department’s Office of Telecommunications, consolidating policymaking and technical authority within the newly-formed agency. Unlike the Federal Communications Commission, NTIA has no real regulatory responsibilities. Rather, it serves as the federal government’s strategic planning arm for telecommunications and information policy. Here, NTIA can complement and supplement what the FCC does, and in some cases, become involved in matters that lie outside the jurisdiction delegated to the FCC by Congress in the Communications Act of 1934, as amended (e.g., federal government spectrum management).

History shows the power and influence of NTIA largely depends on the vision of its head, who holds the dual titles of NTIA Administrator and Assistant Secretary of Commerce for Communications and Information. The founding NTIA Administrator, Henry Geller, brought to the agency a wealth of experience based on his prior service as FCC General Counsel and as an attorney in the Department of Justice Antitrust Division. The Geller NTIA assembled a dream team of engineers, economists, lawyers, and social scientists who provided invaluable analytic advice to the FCC in a range of proceedings dealing with competition and deregulation. It also gave input to Congress and the Justice Department as it began to restructure AT&T, which laid the foundation for the break-up of Ma Bell in the early 1980s.

Another notable period where NTIA had significant influence was during the Clinton Administration, when Larry Irving served in both Clinton terms as NTIA Administrator. Irving focused the agency’s efforts on studying the development of the internet, with particular attention paid to emerging inequities in internet access based on geographic and socio-economic factors. This notion of a digital divide has become an enduring benchmark for formulating policies and evaluating progress to close digital access gaps.

And during the Obama Administration, NTIA Administrator Larry Strickling made the agency the key player in developing a global multi-stakeholder process that enabled the successful transition of the internet’s Domain Name System from the federal government to the Internet Corporation for Assigned Names and Numbers (ICANN). The Strickling NTIA also ably administered over $4 billion in stimulus funding that Congress allocated for broadband development under the American Recovery and Reinvestment Act of 2009.

NTIA’s current budget appropriation is $39.5 million. This represents the tremendous bang for the buck that NTIA has delivered, as illustrated by these examples spanning several decades. The vital role that telecommunications and information plays in job creation and economic growth makes an easy case for why the agency should continue to receive sufficient financial resources. Equally important, the Trump administration’s to-be-named NTIA Administrator should bring a zeal for keeping the agency both relevant to our times and important to the President’s own policy initiatives.

Two Cybersecurity Events set for April in Oak Ridge

Source: | Tom Ballard | March 10, 2017

Two big cybersecurity events are planned for the first week in April, both in Oak Ridge.

Ahead of the 12th Annual Cyber and Information Security Research (CISR) Conference that begins with a reception the evening of April 4, the new Cyber and Information Security Consortium (CISC) will hold its second workshop at the same venue – Oak Ridge National Laboratory (ORNL).

CISC, a non-profit organization, grew from efforts by several Knoxville and Oak Ridge organizations to capitalize on some of the region’s unique cyber and information security assets. The key drivers included private sector firms like Cisco Systems, which has more than 50 employees locally, and Sword & Shield Enterprise Security Inc., a growing national information security provider as well as public research entities like the University of Tennessee (UT) and ORNL.

After holding its first gathering a year ago during the CISR conference, the CISC group convened more formally in the fall in conjunction with Sword & Shield’s EDGE conference. CISC also held a micro-event during “Innov865 Week” last September and has hosted several brown bag lunches.

The collaborative relationship continues this year with CISC again piggybacking on the long-standing and well-attended conference hosted by ORNL.

From 1 to 5 p.m. April 4, CISC will hold a meeting targeted at C-suite executives interested in cybersecurity. There will be a panel focused on strategic attack and response trends that includes Fred Cobb of Sword & Shield, Travis Howerton of Consolidated Nuclear Security LLC, Bob Jackson of Sedgwick Claims Management Services Inc., and Tony Rucci of Information International Associates.

Stuart Brotman, a UT Professor and Senior Fellow with The Brookings Institution, will lead a discussion on how to navigate the boardroom from a cyber perspective. There will also be structured networking as CISC begins building its Executive Peer Forums for C-level security professionals.

For more information and to register for the CISC event, click here.

The CISR conference that begins with an opening reception after the CISC workshop also includes two full days of sessions, research paper presentations, a conference banquet, vendor interaction, and networking. The first full day features a technology showcase, while the second will include technology demonstrations.

To register for the CISR conference, click here. Registration closes on March 31.