Comments on Incentives To Adopt Improved Cybersecurity Practices NOI

Senator Rockefeller Letter

Senator Rockefeller Letter attached.

AttachmentSize
cyber_letter_to_acting_secretary_kerry.pdf 1.48 MB

Marsh Comments

From: McCabe, Matthew P [mailto:Matthew.P.McCabe@marsh.com]
Sent: Friday, May 03, 2013 3:24 PM

Attached is a letter providing comments in response to the Notice of Inquiry by the National Institute of Standards and Technology and the National Telecommunications and Information Administration, dated March 28, 2013, regarding Incentives To Adopt Improved Cybersecurity Practices. 

Thank you.

Matthew McCabe
Senior Advisory Specialist
Marsh FINPRO
1166 Avenue of the Americas, New York NY 10036
(O) +1 212 345 9642
(C) +1 646 703 1884

www.mmc.com

AttachmentSize
marsh_letter_may_3_2013.pdf 88.45 KB

FCC Response

From: Steve Wildman [mailto:Steve.Wildman@fcc.gov]
Sent: Friday, May 03, 2013 1:56 PM

Attached please find the FCC response to the Incentives to Adopt Cybersecurity Practices NOI.

Sincerely

Steve Wildman
FCC Chief Economist
202/418-2031

 

AttachmentSize
20130502_fcc_response.pdf 323.53 KB

SCE Comments

From: Mark.Casas@sce.com [mailto:Mark.Casas@sce.com]
Sent: Tuesday, April 30, 2013 9:02 PM

Southern California Edison (SCE) apologizes for the late submittal of comments to the Department of Commerce NOI, and thanks the DoC for the opportunity to respond.

Thank You,

Mark Casas
External Requirements & Analysis
Cybersecurity and IT Compliance
Southern California Edison
Office: 626 543-6880
PAX: 36880

AttachmentSize
sce_comments.pdf 232.58 KB

CACI Response

From: Marsha Cook - US [mailto:mcook@caci.com]
Sent: Tuesday, April 30, 2013 12:17 PM

Department of Commerce:

Please find attached comments regarding Notice of Inquiry Response.  The hardcopy will follow by Federal Express delivery for tomorrow.  Please contact us if you have any questions or concerns. Thank you.

Regards,

Marsha Cook
(sent on behalf of Hilary Hageman)

Marsha Cook

Executive Administrator for Hilary Hageman CACI International Inc Legal Division
Ph: 703.841.7989
Fax: 703.841.2850
mcook@caci.com

AttachmentSize
caci_response_29_apr_2013.pdf 545.97 KB

Robin Ore Response

From: Robin Ore [mailto:robnore@gmail.com]
Sent: Monday, April 29, 2013 11:59 PM
To: cyberincentives
Subject: Incentives to adopt cybersecurity practices

Response attached;

--

*
*
*
*

AttachmentSize
robinore_response.pdf 31.84 KB

A2LA Response

From: Samatha Dizor [mailto:sdizor@a2la.org]
Sent: Monday, April 29, 2013 9:46 PM

Please see the attached response the NOI - Incentives To Adopt Improved Cybersecurity Practices.  Thank you for your time reviewing this response.

Sincerely,

Samantha Dizor Carter
Senior Accreditation Officer
American Association for Laboratory Accreditation (A2LA)
Direct Line: 301.644.3220
sdizor@A2LA.org

5301 Buckeystown Pike, Suite 350
Frederick, MD. 21704
Main Line: 301.644.3248
Fax: 240.454.9449
www.A2LA.org

AttachmentSize
a2la_response.pdf 48.36 KB

ISA Response

From: Clinton, Larry [mailto:lclinton@isalliance.org]
Sent: Monday, April 29, 2013 7:46 PM

To Whom It May Concern:

I am attaching the Internet Security Alliance’s (ISA’s) response to the March 28th Dept. of Commerce NOI on Cyber Incentives.  The ISA submission consists of a response document and 4 separately attached appendices labeled Appendices A-D, all of which are attached to this email.

If you have any questions, please feel free to contact me.

Regards,

Larry Clinton
President & CEO
Internet Security Alliance
2500 Wilson Boulevard, #245
Arlington, VA 22201
Email: lclinton@isalliance.org
Work: (703) 907-7090

AttachmentSize
2013-04-29_isa_response.pdf 325.95 KB

LADWP Response

From: Guardado, Mauricio [mailto:Mauricio.Guardado@ladwp.com]
Sent: Monday, April 29, 2013 6:42 PM

Hello:

Please find attached Los Angeles Department of Water and Power’s response to the Notice of Inquiry issued by the National Telecommunications and Information Administration, and published in the Federal Register on March 28, 2013.

Regards,

Mauricio Guardado
Electrical Engineering Associate
Regulatory Standards and Compliance
Los Angeles Department of Water and Power
E-Mail: Mauricio.Guardado@ladwp.com
Tel: (213) 367-0375

AttachmentSize
042913_ladwp_comments.pdf 750.64 KB

NRECA Comments

From: Lawson, Barry R. [mailto:barry.lawson@nreca.coop]
Sent: Monday, April 29, 2013 6:23 PM

Please see the attached file for comments from the National Rural Electric Cooperative Association (NRECA) on the above referenced NIST NOI.

Please contact me if you have any questions.

Regards,

Barry Lawson

Barry R. Lawson
Associate Director, Power Delivery & Reliability
Government Relations
National Rural Electric Cooperative Association (NRECA)
4301 Wilson Blvd., Mail Code GR11-253
Arlington, VA 22203
PH 703.907.5781
FX 703.907.5517
CELL 703.966.3123
barry.lawson@nreca.coop

AttachmentSize
nreca_comments_april_29_2013.pdf 119.25 KB

SDG&E/So Cal Gas Response

From: Chavez, Mariah [mailto:MCChavez@semprautilities.com]
Sent: Monday, April 29, 2013 6:20 PM

Please find the San Diego Gas & Electric and Southern California Gas Company response to the Department of Commerce Inquiry on Cyber Incentives in the attached document. 

Thank you,

Mariah Chavez
San Diego Gas & Electric
(858) 880-8346

AttachmentSize
sdge_so_cal_gas_response_04292013.pdf 158.69 KB

IT SCC Response

From: Clinton, Larry [mailto:lclinton@isalliance.org]
Sent: Monday, April 29, 2013 6:20 PM

Attached are comments to the Dept. of Commerce NOI on cyber incentives submitted on behalf of the IT Sector Coordinating Council.

If you have any questions please feel free to contact me.

Larry Clinton
Chair
IT Sector Coordinating Council

AttachmentSize
2013-04-29_-_it_scc_response.pdf 58.9 KB

NCTA Comments

From: Gretchen Lohmann [mailto:GLohmann@NCTA.com]
Sent: Monday, April 29, 2013 5:59 PM
To: cyberincentives
Subject: NCTA Comments - Incentives to Adopt Improved Cybersecurity Practices

Attached are NCTA’s comments in the Incentives to Adopt Improved Cybersecurity Practices.

Gretchen M. Lohmann
Legal Assistant
National Cable & Telecommunications Association
25 Massachusetts Ave., N.W., Suite 100
Washington, D.C.  20001-1431
Ph: 202-222-2445; 202-222-2452 (Direct)
Fax: 202-222-2446

Cable.  It’s more than TV.  It’s how we connect.
www.cableconnectsus.com

AttachmentSize
042913_ncta_comments.pdf 54.69 KB

BSA Comments

From: Chris Hopfensperger [mailto:chrish@bsa.org]
Sent: Monday, April 29, 2013 5:45 PM

Find attached the comments of BSA | The Software Alliance in response to the March 29, 2013, notice by the National Institute of Standards and Technology and the National Telecommunications and Information Administration, “Incentives To Adopt Improved Cybersecurity Practices.”

Chris Hopfensperger
Technology Policy Counsel
BSA | The Software Alliance
P
(202) 530-5135
M (202) 306-9083
W bsa.org

AttachmentSize
bsa_comments.pdf 121.31 KB

APPA Comments

From: Mosher, Allen [mailto:AMosher@publicpower.org]
Sent: Monday, April 29, 2013 5:11 PM

Dear Mr. Lee,

Please do not hesitate to contact me should you have any questions.

Allen Mosher
Vice President, Policy Analysis and Reliability Standards
American Public Power Association
1875 Connecticut Ave. NW, Suite 1200
Washington, DC 20009-5715
Phone: 202-467-2944
Mobile: 301-767-6652
amosher@publicpower.org
www.publicpower.org

AttachmentSize
appa_comments_4-29-13.pdf 54.07 KB

August Tunca Comments

From: tunca01@gmail.com [mailto:tunca01@gmail.com]
Sent: Monday, April 29, 2013 4:59 PM

Attached, please find our comments on the NOI on Incentives To Adopt Improved Cybersecurity Practices (Docket Number: 130206115-3115-01). Please let us know if you have any questions.

Sincerely,

Terrence August and Tunay I. Tunca


--
Tunay I. Tunca
Associate Professor of DOIT
4361 Van Munching Hall
Robert H. Smith School of Business
University of Maryland
College Park, MD 20742-1815
(301) 405-0628

AttachmentSize
august-tunca-comments-4-29-2013-v2.pdf 53.2 KB

Edison Electric Institute Comments

From: Comer, Ed [mailto:EComer@eei.org]
Sent: Monday, April 29, 2013 4:55 PM

Attached please find EEI’s comments in this matter on incentives. 

Edward Comer
Vice President, General Counsel
and Corporate Secretary
Edison Electric Institute
701 Pennsylvania Avenue NW
Washington DC 20004
(202) 508-5615 (work)
(202) 258-2909 (cell)
(202) 508-5673 (fax)

AttachmentSize
eei_comments.pdf 1.97 MB

atsec Comments

From: Fiona Pattinson [mailto:fiona@atsec.com]
Sent: Monday, April 29, 2013 4:55 PM

atsec welcomes the solicitation of comments by NIST on the topic of Incentives To Adopt Improved Cybersecurity Practices.

The attached document is a comment from atsec on the topic of incentives to adopt improved cybersecurity practices as solicited in the NIST RFI published in the Federal Register on March 23rd, 2013.

With best regards,

Fiona Pattinson

--

Fiona Pattinson, CISSP
Director of Strategy & Business Development

PH +1 512 6157382, CELL +1 512 825 3083  www.atsec.com atsec information security, 9130 Jollyville Rd #260, Austin, TX 78759

Join us at the International Cryptographic Module Conference http://www.icmc-2013.org/

AttachmentSize
atsec_comments_20130429.pdf 109.1 KB

Microsoft Response

From: Aaron Kleiner [mailto:Aaron.Kleiner@microsoft.com]
Sent: Monday, April 29, 2013 4:32 PM

To Whom It May Concern:

Attached is the response of the Microsoft Corporation to the Notice of Inquiry (NOI) issued by the United States Department of Commerce concerning incentives to adopt improved cybersecurity practices (docket number 130206115–3115–01).

We appreciate the opportunity to provide comments to Commerce and look forward to continued engagement on this important topic.

Sincerely,

Aaron Kleiner

Aaron Kleiner | Senior Cybersecurity Strategist | Microsoft Global Security Strategy & Diplomacy | direct +1 425.707.9470 | mobile +1 206.310.4666 | aaron.kleiner@microsoft.com | website

AttachmentSize
microsoft_response.pdf 604.07 KB

Telecommunications Industry Association Comments

From: Brian Scarpelli [mailto:BScarpelli@tiaonline.org]
Sent: Monday, April 29, 2013 4:23 PM

Please find attached the comments of the Telecommunications Industry Association in response to the Department of Commerce’s Notice of Inquiry on ‘Incentives To Adopt Improved Cybersecurity Practices’ (Docket Number 130206115-3115-01). We urge you to contact us using the information below with any questions.

Brian Scarpelli
Sr. Manager, Government Affairs

Telecommunications Industry Association (TIA)

d: 703.907.7714 | m: 517.507.1446
BScarpelli@tiaonline.org | tiaonline.org | address/directions

AttachmentSize
tia_comments_042913.pdf 191.25 KB

Electric Power Supply Association Comments

From: Jack Cashin [mailto:JCashin@epsa.org]
Sent: Monday, April 29, 2013 4:33 PM

Attached.

If you have any questions please call.

Jack Cashin
Director of Regulatory Policy
Electric Power Supply Association
1401 New York Avenue, NW
Washington DC, 20005

(202) 349-0155
(202) 253-5566
(301)908-8396
www.epsa.org
jcashin@epsa.org

AttachmentSize
epsa_comments.pdf 91.34 KB

USTelecom Comments

From: Rupy, Kevin [mailto:krupy@ustelecom.org]
Sent: Monday, April 29, 2013 4:14 PM

USTelecom submits the attached comments in response to the Department of Commerce’s proceeding on ‘Incentives to Adopt Improved Cybersecurity Practices’ (Docket Number 130206115–3115–01).  Should you have any questions, please contact the undersigned.

Regards, Kevin

Kevin G. Rupy
Senior Director, Law & Policy
USTelecom
607 14th Street, NW
Suite 400
Washington, DC 20005
Phone: (202) 326-7276
krupy@ustelecom.org

AttachmentSize
ustelecom-comments-2013-04-29-final.pdf 186.93 KB

Donald M Edwards Response

From: donald.m.edwards@gmail.com [mailto:donald.m.edwards@gmail.com] On Behalf Of Donald M. Edwards
Sent: Monday, April 29, 2013 4:14 PM

My original response to the earlier RFI addressed incentives for small businesses. I am respectfully submitting it again as a response to the NOI in the event that different teams handle the responses.

AttachmentSize
developing_a_framework_to_improve_critical_infrastructure_cybersecurity.pdf 167.69 KB

NEMA Comments

From: Creevy, Jim [mailto:Jim.Creevy@Nema.org]
Sent: Monday, April 29, 2013 4:14 PM

Mr. Lee,

Please find NEMA’s comments attached.

Thanks,

Jim

________________________________________

Jim Creevy

Director, Government Relations
NEMA - National Electrical Manufacturers Association
1300 North 17th Street, Suite 1752
Rosslyn, VA 22209
703.841.3265 (direct)

AttachmentSize
2013-04-29_nema_comments.pdf 112.78 KB

NTCA Comments

From: Jesse Ward [mailto:JWard@ntca.org]
Sent: Monday, April 29, 2013 3:53 PM

Good afternoon,

Attached please find comments from NTCA–The Rural Broadband Association in response to the Notice of Inquiry on Incentives to Adopt Improved Cybersecurity Practices, Docket No. 130206115-3115-01.

Please send confirmation of receipt, and please contact me with any questions or concerns.

Regards,

Jesse

Jesse Ward
Industry & Policy Analysis Manager
4121 Wilson Boulevard, Suite 1000
Arlington, VA 22203
Phone: 703-351-2007

AttachmentSize
04.29.13_-_ntca_comments.pdf 158.81 KB

AIA Comments

From: Gleason, Angela [mailto:agleason@aiadc.org]
Sent: Monday, April 29, 2013 3:32 PM

Attached for your review are comments from the American Insurance Association in response to the Department of Commerce’s “Notice of Inquiry: Incentives To Adopt Improved Cybersecurity Practices,” Docket Number 130206115-3115-01. 

Thank you for the opportunity to comment and if you have any questions, please contact me.

Regards,

Angela Gleason
Associate Counsel
American Insurance Association
agleason@aiadc.org
(202) 828-7181

AttachmentSize
aia-comments-042913.pdf 326.55 KB

U.S. Chamber of Commerce Comment

From: Beauchesne, Ann [mailto:ABeauchesne@USChamber.com]
Sent: Monday, April 29, 2013 3:32 PM

Dear Mr. Lee:

The Chamber appreciates the opportunity to comment on the U.S. Department of Commerce’s notice Incentives to Adopt Improved Cybersecurity Practices.  Please find our enclosed comment letter.

Sincerely,

Ann

Ann M. Beauchesne
Vice President
National Security & Emergency Preparedness
U.S. Chamber of Commerce
1615 H Street NW | Washington, DC | 20062
202.463.3100 office
abeauchesne@uschamber.com

AttachmentSize
29apr13_chamber_comments.pdf 143.09 KB

Encryptics Response

From: Briana Hoffman [mailto:bhoffman@encryptics.com]
Sent: Monday, April 29, 2013 3:04 PM

Good afternoon,

Please see the attached response regarding the NIST Security Incentive Inquiry.

Regards,

Briana Hoffman
Technical Writer
Encryptics
972.338.3546
bhoffman@encryptics.com

AttachmentSize
encryptics_response.pdf 131.36 KB

Covington & Burling LLP and The Chertoff Group Response

From: Eichensehr, Kristen [mailto:keichensehr@cov.com]
Sent: Monday, April 29, 2013 2:35 PM
To: cyberincentives
Subject: Comments from representatives of Covington & Burling LLP and The Chertoff Group

Attached please find comments from representatives of Covington & Burling LLP and The Chertoff Group in response to the Notice of Inquiry on Incentives To Adopt Improved Cybersecurity Practices, Docket Number 130206115-3115-01.

Regards,

Kristen E. Eichensehr
Covington & Burling LLP
1201 Pennsylvania Avenue, NW
Washington, DC  20004 | www.cov.com
keichensehr@cov.com
Office: 202-662-5312
Fax: 202-778-5312

AttachmentSize
covington_burling_llp_the_chertoff_group_response.pdf 15.85 KB

Booz Allen Hamilton Response

From: McGowan, Marcia [USA] [mailto:McGowan_Marcia@bah.com]
Sent: Monday, April 29, 2013 1:14 PM

Mr. Lee,

Attached please find Booz Allen’s response to Commerce/NTIA’s Notice of Inquiry regarding Incentives to Adopt Improved Cybersecurity Practices.

Thank you very much for the opportunity to provide comments and we look forward to continuing the dialogue on this important topic with Commerce and other partners across government and industry. 

If you have any questions or wish to discuss further, please let us know. 

Thanks,

Marcia

Marcia L. McGowan, CISSP
Senior Associate
Booz Allen Hamilton
703-984-3715 (office)
703-568-1079 (mobile)
Mcgowan_marcia@bah.com

AttachmentSize
bah_response_042913_final.pdf 465.04 KB

AGA Response

From: Linn, Jim [mailto:JLinn@aga.org]
Sent: Monday, April 29, 2013 12:10 PM

Alfred Lee
Office of Policy Analysis and Development
National Telecommunications and Information Administration
U.S. Department of Commerce
1401 Constitution Avenue N.W., Room 4725
Washington, DC 20230

RE:          Incentives To Adopt Improved Cybersecurity Practices

Dear Mr. Lee:

The American Gas Association (AGA) is pleased to submit comments in response to the Request for Information issued by the U.S. Department of Commerce in the Federal Register (78 FR 18954, pages 18954 -18955) on March 28, 2013, seeking input on Incentives To Adopt Improved Cybersecurity Practices.

AGA, founded in 1918, represents more than 200 local energy companies that deliver clean natural gas throughout the United States. There are more than 71 million residential, commercial and industrial natural gas customers in the U.S., of which 92 percent — more than 65 million customers — receive their gas from AGA members. AGA is an advocate for local natural gas utility companies and provides a broad range of programs and services for member natural gas pipelines, marketers, gatherers, international gas companies and industry associates. Today, natural gas meets almost one-fourth of the United States’ energy needs. For more information, please visit www.aga.org.

AGA surveyed a number of its natural gas distribution and transmission utility companies, and their collective comments are incorporated in the attached document.

AGA and its members are eager to continue to engage with the U.S. Department of Commerce in the development of the Incentives To Adopt Improved Cybersecurity Practices.

Please confirm receipt of this message.

Respectfully submitted,

James F. Linn, Jr.
Managing Director, Information Technology
American Gas Association
400 N. Capitol St, NW
Washington, DC   20001
202-824-7272
jlinn@aga.org

AttachmentSize
aga_response.pdf 390.58 KB

VOXEM Response

From: Jo-Ann Polise [mailto:joann@voxem.com]
Sent: Monday, April 29, 2013 10:20 AM

Greetings –

Attached are VOXEM’s comments on the Department of Commerce Notice of Inquiry on Incentives to Adopt Improved Cybersecurity Practices,  Docket Number 130206115-3115-01.  If you have any questions, please contact me at  joann@voxem.com.  

Please confirm the receipt of this submission.   

Thank you,

Jo-Ann Polise
President
VOXEM, Inc.
joann@voxem.com

AttachmentSize
voxem_noi_response.pdf 217.74 KB

FSSCC Comments

From: Schimmeck, Karl [mailto:kschimmeck@sifma.org]
Sent: Monday, April 29, 2013 9:10 AM

Please find the attached submission for the Financial Services Sector Coordinating Council in response to the Department of Commerce’s Notice of Inquiry: Incentives to Adopt Improved Cybersecurity Practices.

Please contact me if you have any questions about this submission.

Thank you for the opportunity to contribute to this important issue.

Karl

Karl Schimmeck
Vice President, Financial Services Operations
SIFMA
120 Broadway, 35th Floor  New York, NY 10271
Office: 212-313-1183
Cell: 646-430-1014
Fax: 212-313-1272
kschimmeck@sifma.org
www.sifma.org

AttachmentSize
fsscc_response_-_doc_noi.pdf 177.57 KB

Dong Liu Comments

From: Dong Liu [mailto:elit3ch.ksp@gmail.com]
Sent: Monday, April 29, 2013 3:25 AM

Comments for <<Incentives To Adopt Improved Cybersecurity Practices>> at https://www.federalregister.gov/articles/2013/03/28/2013-07234/incentives-to-adopt-improved-cybersecurity-practices#addresses

AttachmentSize
itaicp_res.pdf 59.96 KB

Emmanuel Adeniran Comments

From: EMMANUEL TOKS ADENIRAN [mailto:eadenira@andrew.cmu.edu]
Sent: Sunday, April 28, 2013 11:53 PM

Office of Policy Analysis and Development, Please see the attached PDF for my suggestions/comments on Incentives To Adopt Improved Cybersecurity Practices.

Regards,

Emmanuel Adeniran

AttachmentSize
adeniran_comments.pdf 55.35 KB

AFPM Comments

From: Dan Strachan [mailto:DStrachan@afpm.org]
Sent: Saturday, April 27, 2013 5:40 PM

Attached are comments from the American Fuel & Petrochemical Manufacturers on “Incentives to Adopt Improved Cybersecurity Practices” docket # 130206115-3115-01

Daniel J. Strachan
Director
Industrial Relations & Programs

American
Fuel & Petrochemical
Manufacturers

1667 K Street NW
Suite 700
Washington, DC 20006
202.457.0480       office
202.552.8475       direct
202.457.0486       fax

Dstrachan@afpm.org

Learn more about AFPM, “The new NPRA” at afpm.org

AttachmentSize
afpm_commerce_noi_incentives.pdf 241.23 KB

Internet Infrastructure Coalition Response

From: David Snead [mailto:david.snead@dsnead.com]
Sent: Friday, April 26, 2013 4:54 PM
To: cyberincentives
Subject: Response of the Internet Infrastructure Coalition to Notice of Inquiry: Incentives To Adopt Improved Cybersecurity Practices

Please see attached.

AttachmentSize
iic_04-26-13_response.pdf 411.35 KB

Monsanto Comments

From: HOLLAND, MIKE (AG/1920) [mailto:mike.holland@monsanto.com]
Sent: Friday, April 26, 2013 3:37 PM
To:                Office of Policy Analysis and Development
                      National Telecommunications and Information Administration

Attention:     Alfred Lee

RE:      Incentives to Adopt Improved Cybersecurity Practices

Monsanto appreciates the opportunity to provide our comments on the important issue of cybersecurity.  To that end, attached please find attached comments in response to federal register notice that was published on March 28, 2013 on “Incentives to Adopt Improved Cybersecurity Practices.”

Best,

Mike Holland
_______________________________

Michael D. Holland, Esq.
Director, Government Affairs
Monsanto Company
1300 I Street, NW
Suite 450 East
Washington, DC  20005
Main Phone:  202-783-2460
Direct Line:  202-383-2845
Cell Phone:  202-400-1350
Fax:  202-789-1867
Email:  Mike.Holland@monsanto.com

AttachmentSize
monsanto_comments-04-26-13.pdf 53.07 KB

API NOI Response

From: Walter Retzsch [mailto:RETZSCH@api.org]
Sent: Friday, April 26, 2013 1:53 PM

April 26, 2013

To: Office of Policy Analysis and Development
National Telecommunications and Information Administration
U.S. Department of Commerce
1401 Constitution Avenue NW, Room 4725
Washington, DC 20230

Re: Incentives to Adopt Improved Cybersecurity Practices – Notice of Inquiry

The American Petroleum Institute (API) welcomes the opportunity to respond to the National Institute of Standards and Technology and National Telecommunications and Information Administration’s Notice of Inquiry issued by the U.S. Department of Commerce in the Federal Register on March 28, 2013 to obtain answers to a series of questions on Incentives to Adopt Improved Cybersecurity Practices.

API is a national trade association that represents all segments of America’s oil and natural gas industry.  Its more than 500 members include large integrated companies, exploration and production, refining, marketing, pipeline, and marine businesses, and service and supply firms.  The industry also supports 9.2 million U.S. jobs and 7.7 percent of the U.S. economy, delivers $85 million a day in revenue to our government, and, since 2000, has invested over $2 trillion in U.S. capital projects to advance all forms of energy, including alternatives.

Oil and gas industry members face various cybersecurity risks ranging from unsophisticated, unskilled opportunistic hackers to highly skilled and resourced organized crime and nation-state entities seeking monetizable information and/or destruction of valued information technology and operational technology cyber systems. Incentives are not required for oil and natural gas companies to address these cyber risks.   Most companies have integrated cyber risks into their corporate risk management systems and address them like any other business risk.   Although there are items (like sharing actionable information regarding threats) that can facilitate companies management of cyber risks, the oil and natural gas industry does not “require” incentives to cause us to address these risks.

The attachment to this letter provides specific answers to each of the questions posed in the Notice of Inquiry.   API looks forward to working with NIST to clarify and build upon these responses to support the voluntary adoption by critical infrastructure owners and operators the Cybersecurity Framework being developed by NIST.

Should you have any questions or would like to discuss further, please feel free to contact me at (202) 682-8598 or Retzsch@api.org.

Sincerely,

Walter C. Retzsch

Walter C. Retzsch
Senior Policy Advisor – International & Cybersecurity
Tax & Accounting Policy Department
American Petroleum Institute
1220 L Street, NW
Washington, DC 20005-4070
Tel: 202-682-8598
Fax: 202-962-4719
Email: retzsch@api.org

AttachmentSize
api_noi_response_f26apr13.pdf 489.86 KB

Romanosky response to comment

From: Sasha Romanosky [mailto:sromanos@andrew.cmu.edu]
Sent: Friday, April 26, 2013 10:59 AM
 

To whom it may concern,

Please see the attached comment on the Notice of Inquiry on Incentives to Adopt Improved Cybersecurity Practices, Docket Number 130206115-3115-01.

Cheers,

Sasha Romanosky
www.romanosky.net

AttachmentSize
romanosky_comments.pdf 140.92 KB

Honeywell International Inc

From: Kostiw, Steve [mailto:Steve.Kostiw@Honeywell.com]
Sent: Friday, April 26, 2013 10:06 AM
 

To: Office of Policy Analysis and Development
        National Telecommunications and Information Administration
        Attention: Alfred Lee

Mr. Lee,

Honeywell International Inc. (Honeywell), through its Global Security division, is pleased to respond to the National Telecommunications and Information Administration’s inquiry regarding Incentives to Adopt Improved Cybersecurity Practices (Docket Number 130206115-3115-01).  Our comments are contained in the attached file.

Please contact Steve Kostiw if you have any questions about this submission.

Thank you for the opportunity to contribute to this important issue.

Regards,

Steve Kostiw
Honeywell Global Security
973 216 4590

AttachmentSize
honeywell_4_26_13f.pdf 252.43 KB

UTC NOI Response

From: Nadya Bartol [mailto:nadya.bartol@utc.org]
Sent: Thursday, April 25, 2013 3:00 PM

Greetings,

Attached please find Utilities Telecom Council (UTC) response to the Department of Commerce Notice of Inquiry regarding Cybersecurity Incentives.  Please feel free to contact me if you have any questions.

Sincerely,

Nadya Bartol

Nadya Bartol, CISSP, CGEIT
Senior Cybersecurity Strategist
Utilities Telecom Council
202-833-6809 (office)
301-922-9537 (cell)

Nadya.bartol@utc.org

AttachmentSize
utc_noi_response.pdf 368.4 KB

Cybersecurity Framework on Critical Infrastructure

From: Gaynor, Winn [mailto:wgaynor@dcscorp.com]
Sent: Tuesday, April 23, 2013 12:53 PM

Incentives:

An important incentive that could help to promote the adoption of proven efforts to address cybersecurity vulnerabilities is lowered premiums for cybersecurity first-party insurance, that would distribute risk across the industry pool.  The Framework could address this incentive as follows:

  • NIST could undertake in the framework responsibility for further refining actuarial information needed by providers
  • NIST could refine existing intrusion reporting format to accomplish efficient application to meet actuarial needs
  • NIST could offer to study the cost/benefits of federal government re-insurance to further incentivize carriers to offer this insurance

Results:

  • Businesses would be incentivized to join the Framework, but as well to mitigate risks to further reduce premiums
  • Businesses could comply with intrusion reporting formatting to direct their intrusion reporting towards actuarial needs

Please consider these incentives in the preparation of the Cybersecurity Framework on Critical Infrastructure

Regards

Winn Gaynor
Chief Scientist
DCS Corp

Advanced Cyber Security Center

From: William Guenther [mailto:wguenther@massinsight.com]
Sent: Tuesday, April 16, 2013 12:45 PM
 

To Whom It May Concern:

On behalf of the Advanced Cyber Security Center (www.acscenter.org), I am writing to provide feedback for the Department of Commerce’s notice, “Incentives To Adopt Improved Cybersecurity Practices”.

The Advanced Cyber Security Center (ACSC), submitted a response (below) to the National Institute of Standards and Technology (NIST) on April 8th highlighting the Center’s unique regionally-based, cross-sector threat sharing model.  With leadership from senior representatives of ACSC member organizations, frontline IT security practitioners meet on a bi-weekly basis under an NDA (http://www.acscenter.org/initiatives/acsc_participation_agreement_august_2012.pdf) for a half-day to exchange threat indicators and strategies for responding to APT-style attacks.

We believe that this non-profit collaboration model provides the most effective strategy to establish private sector engagement with government to improve cybersecurity practices. The ACSC’s success in building trusted relationships among diverse private and public sector stakeholders has demonstrated the value in propagating a national network of federated threat-sharing collaborations based on the ACSC model. As described in our response, a matching program providing $1 to $1 in federal funding to match industry funding would incentivize the creation of four (4) regional entities in key areas of the country.

The ACSC and its members commend the important work undertaken by NIST to strengthen the nation’s cyber defense posture. We proposed in our April 9th letter to Director Gallagher that the Cyber Framework Team hold a workshop in the Boston area to be hosted by the ACSC.  A roundtable with New England’s leading corporations, research universities and defense non-profits would build on this feedback by facilitating discussion with NIST representatives around effective strategies to bolster private-public cybersecurity coordination.  

We look forward to future collaboration and would be pleased to answer questions.

 

Best regards,

William Guenther
Chairman of the Board of Directors, Advanced Cyber Security Center

ACSC Feedback re: “Developing a Framework to Improve Critical Infrastructure Cybersecurity” (April 8th, 2013)

To Whom It May Concern,

On behalf of the Advanced Cyber Security Center (www.acscenter.org),  I am writing to provide feedback for the recent RFI,  “Developing a Framework to Improve Critical Infrastructure Cybersecurity”.

Recognizing the increasing urgency of improving the nation’s cyber defenses, President Obama highlighted the need for new approaches to address the most sophisticated cybersecurity threats. His Executive Order states that the “Cybersecurity Framework shall incorporate voluntary consensus standards and industry best practices to the fullest extent possible.” As an already nationally-recognized model for cross-sector, public-private partnerships focused on the advanced cyber threats (http://www.acscenter.org/news-events/white_house_staff_calls_/) the Advanced Cyber Security Center (ACSC) believes that our innovative threat-sharing, R+D, and education initiatives could be replicated with federal support as critical collaboration vehicles.

The ACSC - a non-profit consortium based in Massachusetts and launched and supported by Mass Insight Global Partnerships - brings together industry, university, and government organizations to address the most sophisticated cybersecurity challenges impacting critical infrastructure. The attached proposal, as described below, urges the creation of 4 regional collaborations in key areas of the country to leverage ACSC-developed best practices and lessons learned.

In order to develop a comprehensive framework for reducing cyber risks to critical infrastructure, we must move beyond sector-by-sector threat sharing efforts. The ACSC has developed an effective new threat sharing model that fills an important gap in the commercial marketplace through cross-sector, in-person regional collaboration among a manageable-sized group of trusted individuals. The ultimate goal is to develop a federated network of similar organizations.

With leadership from senior representatives of member organizations, frontline IT security practitioners from member organizations meet on a bi-weekly basis under an NDA (http://www.acscenter.org/initiatives/acsc_participation_agreement_august_2012.pdf) for a half-day to exchange threat indicators and strategies for responding to APT-style attacks. Significant private funding supports these “Cyber Tuesday” meetings in addition to a secure cyber threat repository and bi-monthly Technical Exchange Meetings  that convene frontline security analysts with CISO-level members.

In the “Current Risk Management Practices” section, NIST solicits feedback from private sector organizations on “standards, guidelines, best practices, and tools [used] to understand, measure, and manage risk at the management, operational, and technical levels”. By drawing from expertise and insights across financial services, defense, healthcare, biotech/pharma, high-tech, universities and state government, the ACSC plays a vital role in increasing members’ situational awareness and promoting visibility into the advanced threats targeting critical infrastructure.

In parallel with threat-sharing activities, the Center has initiated partnerships with six major Massachusetts research universities in Research and Education. Initial “prime the pump” R+D planning projects are building industry-university relationships and scoping work for larger-scale R+D partnerships to address federal government and industry priorities. UMass and MIT partners, with ACSC support, jointly filed a $1.6M NSF proposal, “Cybersecurity Risk Analysis based on Financial Engineering and Big-Data Analytics (CRAFA)” that was shaped by nine months of ACSC-facilitated research and planning efforts for two projects.  (http://www.acscenter.org/resources/cybersecurity_risk_analysis_summary_(2).pdf)

The ACSC Education Working Group, chaired by David Luzzi, Executive Director of Northeastern University’s Strategic Security Initiative, has also initiated programs aimed at strengthening member universities’ cybersecurity curricula and building the talent pipeline for industry members.  Harvard and MIT faculty are leading discussions to develop a model “two semester arc” curriculum that would address gaps in course offerings and provide shared teaching resources. Separately, a university-industry subcommittee led by Liberty Mutual’s CISO, John McKenna, is working to expand industry connections to leading undergraduate and graduate IT students for security-focused internships/co-op opportunities.

Recommendations

The Chief Information Security Officer (CISO) from a Fortune 500 ACSC member company articulated one of the “greatest challenges in improving cybersecurity practices across critical infrastructure” [Framework for Reducing Cyber Risks to Critical Infrastructure, Current Risk Management Practices, Question #7]: “There are plenty of security solutions available. The problem is that they all focus on one thing. To deal with today’s attackers, It’s imperative to look across the stack & connect the dots…This is hard. We need to figure out how to do it.“  

In response to the “Request for Comment”, the ACSC proposes two primary recommendations to advance the nation’s cyber defense capabilities. Implementation of these two recommendations would significantly enhance private-public cybersecurity coordination and strengthen protection of critical infrastructure through cross-sector collaboration.

1)     Matching grant program, as illustrated in the attached proposal, to incentivize industry players to invest in their own cyber defenses.  Support for four regional ACSC entities in key regions of the country will provide a cross-industry focal point for cyber security information sharing and collaboration while supporting R&D and educational programs that promote technology innovation, drawing top students and producing talented graduates in the process. We have already engaged with groups in Texas, Colorado, Virginia, and the west coast that are in earlier stages of development and turned to the ACSC for guidance.

2)      Elimination of legal impediments that restrict information sharing around the advanced cyber threats. In order to strengthen our collective defenses, new policy incentives are needed to expand public-private and cross-sector sharing while  safeguarding proprietary and sensitive information.

 I would be pleased to answer any questions and look forward to discussing next steps.

Regards,

William Guenther

 Chairman of the Board of Directors, Advanced Cyber Security Center

 

William H. Guenther

Chairman, CEO and Founder

Mass Insight Global Partnerships

18 Tremont Street, Suite 1010

Boston, MA 02108

 

AttachmentSize
acsc_rollout_proposal_april_2013.pdf 671.78 KB

Fresen Response

From: Gary Fresen [mailto:gary.fresen@zurichna.com]
Sent: Sunday, April 14, 2013 4:46 PM
 

Response to Secretary of Commerce
"Set of Incentives" for NIST RFI:
"Developing a Framework to Improve Critical Infrastructure Cybersecurity"

Submitted by

Gary W. Fresen
   2540 Violet Street
   Glenview, Illinois 60026

Comments and Opinions in this Response are Personal and not related to my employer.

Contact Information:

   Personal Email: gfresen1@gmail.com
   Work Email: gary.fresen@zurichna.com
   Work Phone: 312-775-9754

(See attached file: 2013 - Response to Secretary of Commerce.pdf)

 

AttachmentSize
fresen_response.pdf 989.98 KB

incentives for sharing with the federal government

From: Bryan Rich [mailto:bryan.w.rich@gmail.com]
Sent: Monday, April 08, 2013 9:12 AM

Hello,

A tool designed to encourage private owners and operators of critical infrastructure information to share with the federal government is the Protected Critical Infrastructure Information Program, created under the Critical Infrastructure Information Act of 2002. If private owners and operators want to voluntarily share their sensitive proprietary information with the federal government to be used for vulnerability assessments, risk assessments and to plan, prepare and respond to natural and man-made attacks, this information can be protected from civil litigation, regulatory requirements and from requests under the Freedom of Information Act and States' sunshine laws.

Sincerely,

Bryan Rich