FCC to push network providers on cybersecurity
If private companies don't improve their security efforts, the agency will step in with regulations, FCC Chairman Wheeler says
IDG News Service - The U.S. Federal Communications Commission is threatening to step in with regulations if network providers don't take steps to improve cybersecurity.
The FCC will take steps to encourage cybersecurity in the coming months, acting first as a promotor of company-led initiatives instead of a regulator, in keeping with its congressionally defined mission to promote the national defense and public safety, FCC Chairman Tom Wheeler said. But if that doesn't lead to improvements, the agency is prepared to act.
"The challenge is that this private sector-led effort must be more dynamic than traditional regulation and more measurably effective than blindly trusting the market or voluntary best practices to defend our country," Wheeler said during a speech at the American Enterprise Institute for Public Policy Research. "We believe there is a new regulatory paradigm where the commission relies on industry and the market first while preserving other options if that approach is unsuccessful."
Echoing the current debate over the FCC's authority to enforce net neutrality rules, Wheeler promised that the agency will push network operators to improve cybersecurity even as those companies move more of their traffic from the more heavily regulated analog telephone network to more lightly regulated Internet Protocol-based networks.
"The FCC cannot abdicate its responsibilities simply because the threats to national security and life and safety have begun to arrive via new technologies," he said. "If a call for help doesn't go through, if an emergency alert is hijacked, if our core network infrastructure goes down, are we really going to say, 'Well, that threat came through packet-switched IP-based networks, not circuit-switched telephony, so it's not our job?'"
The FCC will push operators of U.S. communications networks to adopt cybersecurity best practices developed by the FCC's advisory committee, the Communications, Security, Reliability and Interoperability Council [CSRIC], Wheeler said.
The FCC, in coming weeks, will look at whether network operators have implemented these 2011 recommendations, which include domain name security, Internet route hijacking measures and an antibotnet code of conduct, Wheeler said. The agency will also study whether the recommendations, where adopted, have been effective, he said.
Wheeler challenged Internet companies to focus more resources on cybersecurity risk management and on public safety, saying the results of that private effort need to be "more demonstrably effective than blindly trusting the market."
A new private-sector focus on cybersecurity "can't be happy talk about good ideas -- it has to work in the real world," he added. "We need market accountability on cybersecurity that doesn't exist today."
In addition to promoting the CSRIC recommendations, the FCC will consider better ways to enable cyberthreat sharing among communications companies, Wheeler said. The agency will look at whether there are legal and practical barriers to information sharing, he said.
- Agility & Scalability for Oracle EBS R12 and RAC on VMware vSphere 5 This white paper outlines extensive performance and scalability testing of Oracle EBS applications on a Vblock™ Systems with vSphere 5.
- Oracle and VCE: The Next Step in Integrated Computing Platforms In this ESG Lab review you will learn how a VCE system driven by Oracle, delivers the perfect blend of high performance and...
- Migrate Oracle Apps from RISC/UNIX to Virtualized x86 Ready to move Oracle to a virtualized environment? This brief explains how true converged infrastructure can help you migrate from a RISC/UNIX environment...
- Step Out of the Bull's-Eye Learn about the evolution of targeted attacks, the latest in security intelligence, and strategic steps to keep your business safe.
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Gov't Legislation/Regulation White Papers | Webcasts