Daily Archives: December 16, 2015

Drone Registration Rules Are Announced by F.A.A.

Posted on December 16, 2015 | Leave a comment
A vendor showing off the Micro Drone at this year's International Consumer Electronic show in Las Vegas

A vendor showing off the Micro Drone at this year’s International Consumer Electronic show in Las Vegas

WASHINGTON — The Federal Aviation Administration on Monday announced new rules that will require nearly all owners of remote-controlled recreational drones to register the machines in a national database, an attempt by the agency to address safety fears.

Federal officials have rushed to issue new rules on drones before the holidays, when an estimated 700,000 new drones are expected to be bought. Drone owners will be required to submit their names, home addresses and email addresses to the F.A.A., disclosures meant to encourage users to be more responsible, officials said.

“Unmanned aircraft enthusiast are aviators, and with that title comes a great deal of responsibility,” Anthony Foxx, the secretary of the Transportation Department, said in a conference call. “Registration gives us an opportunity to work with these users to operate their unmanned aircraft safely.”

The federal rules are the first of their kind for users of recreational drones, also known as unmanned aircraft systems. The prices for the machines have fallen sharply in recent years, making them popular tools for aerial photography and videography, among other uses.

The government is taking more steps to address safety concerns and regulate the aerial vehicles.

The government is taking more steps to address safety concerns and regulate the aerial vehicles.

In recent months, though, drones have been flown more frequently over parks, sports stadiums and backyards, and lawmakers and the public have grown more vocal about the need for new regulations.

The agency’s effort is limited by practical realities. A drone that collides with an aircraft would be destroyed, including the registration markings required by the new rules. And drone users who plan to use the machines for nefarious purposes may avoid registering at all.

“In practice, the F.A.A. doesn’t have the resources to police all illegal activity,” said Lisa Ellman, a partner at the Hogan Lovells law firm in Washington. “But the broader hope is that it will create a culture of accountability, and people will willingly participate.”

The F.A.A.’s registration rules, outlined in a 211-page document, generally follow recommendations submitted by a task force last month. The group included drone makers, aviation experts and hobbyist groups.

The rule applies to owners of drones weighing between half a pound and 55 pounds, and only American citizens will be allowed to register. The F.A.A. said it would introduce the website for registration, faa.gov/uas/registration, on Dec. 21; registering will be free for the first 30 days. After that period, the fee for each individual drone user will be $5 for a three-year certificate of registration.

As expected, the F.A.A. laid out its rules for requiring almost everyone with a recreational drone to register the machine with the government.

As expected, the F.A.A. laid out its rules for requiring almost everyone with a recreational drone to register the machine with the government.

Anyone who owned a drone before Dec. 21 will be required to register a machine by Feb. 19, 2016. People who get a drone after Dec. 21, which includes anyone who receives a drone over Christmas, will be required to register before their first flight. There will be an option for owners to register by mail or in person, and the rules apply only to people over the age of 13, though children are permitted to fly under a parent’s registration.

The users are then required to put their registration numbers on any drone they own and have their registration card on them when they take a drone out for a flight.

Many questions remain on how the rules will be enforced and how consumers will be informed, though the F.A.A. said it would promote the new rules online and work with retailers and hobby groups to inform the public.

“I’m sure retailers and others are scrambling right now,” Ms. Ellman said.

Drone manufacturers and hobby groups have warned that the $5 for registration in the United States will harm their businesses and discourage new users. But the F.A.A. said it was necessary to charge a fee to cover the costs of running the database.

A camera drone in Manhattan. Lawmakers and the public have grown more vocal about the need for new regulations

A camera drone in Manhattan. Lawmakers and the public have grown more vocal about the need for new regulations

Critics of the registration said the minimum weight of half a pound — the equivalent of two sticks of butter — would include too many small toy drones that are most popular with children and are generally harmless.

Failure to comply with the rules could result in criminal penalties of up to three years’ imprisonment, or $27,000 in fines. The F.A.A. said it would work with local law enforcement to enforce its rules. The agency already has guidelines that restrict drones to be flown above 400 feet, at night and within five miles of an airport.

Experts said they doubted the agency would impose heavy penalties on first-time hobbyists.

“In reality, they aren’t going to go after the uninformed innocent new user,” said Michael E. Sievers, a lawyer at the Hunton & Williams firm.

Regulators in Europe are also trying to figure out how best to guarantee the safe operation of remotely piloted aircraft.

But unlike in the United States, where Congress and the F.A.A. have the power to regulate the types of vehicles that are allowed to fly and where, the reach of Brussels has been limited.

The European Parliament passed a resolution in October calling on the European Commission to draft European-wide guidelines that address not only safety, but also the privacy concerns raised by the use of drones that are able to collect and store photo or video images. The resolution also called for drones to be equipped with unique identity chips and for user registration requirements.

Leave a comment

Posted in Technology

Cybersecurity Information Sharing: What You Need to Know

Posted on December 16, 2015 | 5 comments

The Latest

We are in “the red zone” for the Senate’s Cybersecurity Information Sharing Act (CISA), one of the first significant cybersecurity bills, currently in conference with a House version. So what does this mean for U.S. companies?

Under CISA, companies would receive liability protection for

  • Monitoring information systems (including their own and those of their customers when given permission), and
  • Voluntarily sharing cyber threat information with other companies and the government.

However, major concerns still plague the process, and some of the biggest names in technology (think Apple, Microsoft, LinkedIn, Facebook, Google, and others) vehemently oppose the bill. We outline some of the pros and cons here and what the bill means for U.S. businesses:

The Pros

  • Better Baseline: New liability protections under CISA will likely raise the bar for security practices. Defining liability implies setting a baseline, and enterprise due care will expand in response. Liability protections also enable companies to set up their own network defenses to repel attackers.
  • Real-Time Data: The quality of threat information and enterprise response could improve significantly. Companies that share and receive real-time threat information would be better informed about the threat environment, and could take action quickly.

The Cons

  • Privacy, the Casualty (Again): Industry groups and privacy advocates fear the law would skirt multiple privacy concerns. As companies share threat information with each other and with government, there is a high likelihood that on occasion, personal data would accidentally be included. CISA’s liability protection would cover companies that run into this type of situation, putting customer privacy at risk. So far there has been little thought paid to the consequences of a slip-up.
  • Government Duplication: Others fear heavy government involvement in developing plans for cyber incidents that affect critical networks. In general, heavy government centralization of information sharing is seen as unnecessary and too sweeping, when companies like Facebook are already building their own information sharing capabilities like Threat Exchange.

Despite the cons, we are still nearing the final stages of a significant cybersecurity bill. So what can we do moving forward?

The Takeaways

We discuss a few takeaways here for how to take action, but as CISA evolves, so will the implications for U.S. businesses. Here are the actions we think will stay constant:

  • Develop a company position on handling information sharing, stating whether real-time information sharing or data sanitization and privacy is the highest priority. Small and medium businesses in particular should take a hard look at participating if they don’t have the infrastructure to support privacy best practices and stringent data security.
  • Invest in educating network defenders. Sharing and receiving threat information and erecting network defenses requires ongoing education, strong network design and security practices, and organizational oversight.
  • Update and streamline identity and access management, and ensure granular access controls for those interacting with information sharing portals.

As security guru Bruce Schneier has stated, we’re still squarely in the “response era” of cybersecurity. We’ve evolved from learning about the threat landscape, we’ve seen government and industry collaborate to build the NIST Cybersecurity Framework, and now the national dialogue is focused on breach response and information sharing. The conversation about CISA reinforces that, but will have to make privacy a core component for us to evolve further.

5 Comments

Posted in Security