Rodney's blog

EDUCAUSE joined the American Council on Education (ACE) in comments to respond to a Notice of Proposed Rulemaking regarding the Family Educational Rights and Privacy Act (FERPA). The EDUCAUSE contribution addressed the proposed rules treatment of Social Security Numbers (SSN's), Student ID Numbers, and Student User ID's in the context of "directory information." The comments state:

Governor Timothy M. Kaine of Virginia has signed several General Assembly bills that arose from the Virginia Tech tragedy of a year ago "that will improve protections for our citizens and treatment for people with mental illness" according to a press release. Among the signed legisation is Senate Bill 538 that imposes new requirements for emergency notifications:

The U.S. Department of Education has issued a Notice of Proposed Rulemaking with proposed regulations pertaining to the Family Education Rights and Privacy (FERPA). Among other things, "the proposed regulations respond to changes in information technology and address other issues identified through the Department's experience administering FERPA," according to the Notice. Additionally, the regulations are needed to implement amendments to FERPA contained in the USA Patriot Act and the Campus Sex Crimes Prevention Act, to implement two U.S. Supreme Court decisions interpreting FERPA, and to make other necessary changes.

Among the IT-related changes are:

The Center for Strategic and International Studies (CSIS) has established a Commission on Cyber Security for the 44th Presidency – the administration that will take office in January 2009.  The goal of the nonpartisan Commission is to develop recommendations for a comprehensive strategy to improve cyber security in federal systems and in critical infrastructure.

The EDUCAUSE/Internet2 Security Task Force has been invited to provide input to the Commission and welcomes your comments in the following areas:

The Security Task Force has created a resource page that provides information about security certifications, including links to known security certifications (under the heading of "Community Resources"). Please contact us if we are missing any known security certifications.

According to the 2006 security survey conducted by the EDUCAUSE Center for Applied Research (Safeguarding the Tower: IT Security in Higher Education), the following information is available regarding security certifications by IT security staff at colleges and universities:

On December 10 and 11, 2007, the Federal Trade Commission will host a public workshop, “Security in Numbers: SSNs and ID Theft,” to explore the uses of Social Security numbers in the private sector and the role of SSNs in identity theft.  This workshop continues the work of the President’s Identity Theft Task Force, and, in particular, its recommendation to explore ways to reduce unnecessary uses of the SSN. 

The workshop will provide a forum for public-sector, private-sector, and consumer representatives to discuss the various uses of SSNs by the private sector, the necessity of those uses, alternatives available, the challenges faced by the private sector in moving away from using SSNs, and how SSNs are obtained and used by identity thieves.  The workshop will be free and open to the public.

For more information, visit http://www.ftc.gov/bcp/workshops/ssn/index.shtml

The Congressional Internet Caucus Advisory Committee's State of the Net Conference will be held on January 30, 2008, in Washington, D.C. The conference offers attendees unparalleled opportunities to network and dialogue on key technology and information policy issues. Attendees include a mix of academics, consumer groups, industry, and government. In 2007, over 50 percent of the attendees were policy staff from Congressional offices and governmental agencies. There is a significant registration discount for non-profit and academic organizations. For more information or to register, go to http://netcaucus.org/conference/2008/

In a hearing before the U.S. House of Representatives Homeland Security Committee Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology, subcommittee chair Rep. James R. Langevin (Dem.-RI) said, “I have great apprehension about the current framework DHS is creating with the sector specific plans (SSP’s) as they relate to cybersecurity.”  He continued, “The Federal government and the American people want to ensure there is a high level of cybersecurity protections on our critical infrastructure.

Rep. Jim Langevin (Dem.-RI) and Rep. Michael McCaul (Rep.-TX) along with The Center for Strategic and International Studies (CSIS) have announced the formation of a bipartisan Commission on Cyber Security for the 44th Presidency – the administration that will take office in January 2009.  This nonpartisan Commission will develop recommendations for a comprehensive strategy for organizing and prioritizing efforts to secure America’s computer networks and critical infrastructure.  Rep. Langevin is the chair and Rep. McCaul the ranking member of the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology of the Homeland Security Committee of the U.S. House of Representatives. Scott Charney, corporate vice president for trustworthy computing at Microsoft and retired Navy Admiral Bobby Inman, Lyndon B. Johnson National Policy Chair at the University of Texas at Austin will co-chair the Commission.

In response to the tragedy at Virginia Tech, Chairman Patrick Leahy of the Senate Judiciary Committee has combined several pre-existing bills into a comprehensive package that would provide for improvements in school safety and law enforcement. This legislation was approved by Committee and is waiting for full consideration by the Senate.

The Senate package -- titled The School Safety and Law Enforcement Improvement Act of 2007 ("SSLEIA") -- combines four bills previously reported to or by the Senate Judiciary Committee, with some modifications:

• The School Safety Enhancements Act (S.1217)
• The NICS Improvement Amendments Act (H.R. 2640)
• The Equity in Law Enforcement Act (S.1448)
• The Law Enforcement Officers Safety Act of 2007 (S.376)

The bill would, among other things,:

The U.S. House of Representatives has introduced H. Res. 716 "expressing the sense of Congress with respect to raising awareness and enhancing the state of computer security in the United States, and supporting the goals and ideals of National Cyber Security Awareness Month." The resolution was presented by Rep. James R. Langevin (Dem-RI), chair of the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology of the House Homeland Security Committee.

While introducing the resolution on the House floor, Rep. Langevin said:

A Federal Register Notice has been published for the Department of Homeland Security's "Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Framework for IT Security Workforce Development." The deadline for comments is December 7, 2007.

According to the Notice:

More information, including a downloadable version of the IT Security EBK, is available at http://www.us-cert.gov/ITSecurityEBK/

The following summary is from http://oja.wi.gov/section.asp?linkid=1147&locid=97:

The Governor's Task Force on Campus Safety is focused on ensuring the safety of college campuses across Wisconsin. At the direction of Governor Jim Doyle, the Task Force is reviewing and compiling criteria for developing best practices from universities, colleges, and other higher education institutions in Wisconsin and across the nation. This information will be submitted to the governor and will serve as a resource for college administrators, law enforcement officers, and emergency preparedness officials.

The Task Force delivered an Interim Report to Governor Doyle on August 15. A final report will be published on November 1st.   

The Federal Trade Commission (FTC) has announced that it is seeking comments on the use of Social Security Numbers (SSNs) in the private sector. This inquiry is in response to a recommendation in the President’s Identity Theft Task Force Strategic Plan that called for the development of a comprehensive record on the uses of the SSN in the private sector and evaluate the necessity of those uses.

The Critical Infrastructure Partnership Advisory Council (CIPAC) held its first open session since its establishment in March of 2006.  The CIPAC, co-chaired by Robert B. Stephan, Assistant Secretary for Infrastructure Protection in the U.S. Department of Homeland Security, and Michael Wallace, President of the Constellation Generation Group, represents a partnership between government and critical infrastructure/key resource (CI/KR) owners and operators and provides a forum in which they can engage in a broad spectrum of activities to support and coordinate critical infrastructure protection.