FCC will push network providers on cybersecurity, Wheeler says

If private companies don't improve their security efforts, the agency will step in with regulations, the FCC's chairman said

U.S. President Barack Obama has nominated Tom Wheeler to be chairman of the U.S. Federal Communications Commission.

U.S. President Barack Obama has nominated Tom Wheeler to be chairman of the U.S. Federal Communications Commission.

The U.S. Federal Communications Commission is threatening to step in with regulations if network providers don't improve cybersecurity.

The FCC will take steps to encourage cybersecurity in the coming months, acting first as a promotor of company-led initiatives instead of a regulator, in keeping with its congressionally defined mission to promote the national defense and public safety, FCC Chairman Tom Wheeler said. But if that doesn't lead to improvements, the agency is prepared to act.

"The challenge is that this private sector-led effort must be more dynamic than traditional regulation and more measurably effective than blindly trusting the market or voluntary best practices to defend our country," Wheeler said during a speech at the American Enterprise Institute for Public Policy Research. "We believe there is a new regulatory paradigm where the commission relies on industry and the market first while preserving other options if that approach is unsuccessful."

Echoing the current debate over the FCC's authority to enforce net neutrality rules, Wheeler promised that the agency will push network operators to improve cybersecurity even as those companies move more of their traffic from the more heavily regulated analog telephone network to more lightly regulated Internet Protocol-based networks.

"The FCC cannot abdicate its responsibilities simply because the threats to national security and life and safety have begun to arrive via new technologies," he said. "If a call for help doesn't go through, if an emergency alert is hijacked, if our core network infrastructure goes down, are we really going to say, 'Well, that threat came through packet-switched IP-based networks, not circuit-switched telephony, so it's not our job?'"

The FCC will push operators of U.S. communications networks to adopt cybersecurity best practices developed by the FCC's advisory committee, the Communications, Security, Reliability and Interoperability Council [CSRIC], Wheeler said.

The FCC, in coming weeks, will look at whether network operators have implemented these 2011 recommendations, which include domain name security, Internet route hijacking measures and an antibotnet code of conduct, Wheeler said. The agency will also study whether the recommendations, where adopted, have been effective, he said.

Wheeler challenged Internet companies to focus more resources on cybersecurity risk management and on public safety, saying the results of that private effort need to be "more demonstrably effective than blindly trusting the market."

A new private-sector focus on cybersecurity "can't be happy talk about good ideas -- it has to work in the real world," he added. "We need market accountability on cybersecurity that doesn't exist today."

In addition to promoting the CSRIC recommendations, the FCC will consider better ways to enable cyberthreat sharing among communications companies, Wheeler said. The agency will look at whether there are legal and practical barriers to information sharing, he said.

And the agency will explore ways to encourage new cybersecurity research and development, working with private companies, universities and the U.S. National Institute of Standards and Technology [NIST], he said.

Broadband provider Comcast, in a statement reacting to Wheeler's speech, said it already focuses heavily on cybersecurity.

"The success of our business depends upon providing customers with a safe and secure network environment," the statement said. "For that reason, Comcast and other communications providers view cybersecurity as a key component of our overall enterprise risk management. We have and will continue to be committed to taking a leadership role in establishing practices that meet the dynamic and ever-changing nature of these threats."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the CSO newsletter!

Error: Please check your email address.

Tags regulationsecurityTom WheelercomcastAmerican Enterprise Institute for Public Policy ResearchU.S. Federal Communications Commissiongovernment

More about Comcast CableFCCFederal Communications CommissionIDGTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts