USTelecom CEO Jonathan Spalter urged the House and Senate intelligence committees' leaders Monday to “pay special attention to the FCC’s mission creep into the cybersecurity space” because of the draft net neutrality NPRM reclassifying broadband as a Communications Act Title II service (see 2309280084). Further FCC involvement in cybersecurity “will lead to confusion and conflicts over which committee and agency has jurisdiction in specific cyber-related matters,” Spalter said in a letter to Senate Intelligence Chairman Mark Warner, D-Va., House Intelligence Chairman Mike Turner, R-Ohio, and the panels’ ranking members. “This will create legal and regulatory uncertainty, hampering effective national security oversight and cooperation. It could also lead to redundancy and fragmentation of efforts, making it harder to coordinate and implement a cohesive security strategy and respond quickly to emerging threats.” There’s “nothing in the Communications Act or any other statute that gives the FCC general authority to impose prescriptive cybersecurity regulations on ISPs,” Spalter said.
The FCC hopes to have a voluntary cybersecurity labeling program for smart devices in place by late next year, the agency said Tuesday as it announced a draft NPRM being circulated before the regular commissioners. Chairwoman Jessica Rosenworcel said the U.S. Cyber Trust Mark would help consumers "make smart choices about the devices they bring into their homes, just like the Energy Star program did when it was created to bring attention to energy-efficient appliances and encourage more companies to produce them in the marketplace." The agency said the draft NPRM lays out a voluntary labeling program that uses National Institute of Standards and Technology cybersecurity criteria. It said the NPRM asks questions ranging from the scope of devices for sale in the U.S. that should be eligible for inclusion in the labeling program and who should oversee and manage the program to developing the security standards and demonstrating compliance. CTIA and its members support “voluntary, flexible and harmonized efforts” on enhanced IoT security based on industry certification programs, such as CTIA’s IoT Cybersecurity Certification Program, CTIA said. “We look forward to working with the White House and other stakeholders to ensure that the White House labeling program is implemented based on the NIST Core Baseline using existing industry certifications, that the program provides a safe harbor for companies that participate, provides a consistent application of IoT security capabilities at the federal level, and enhances consumer understanding of the importance of IoT security,” the group said.
A draft NPRM on proposals to increase cybersecurity requirements for wireless emergency alert and emergency alert system participants is expected to be unanimously approved at Thursday’s FCC commissioners' meeting, with few changes from the draft version, industry and FCC officials told us. The item seeks comment on proposals including cyberattack reporting rules and requirements that participants certify cybersecurity plans. No changes have been made so far, though a few tweaks are possible before the vote, officials said. Experts said they expect the agency to take likely costs of any new rules into consideration.
The FCC will revisit wireless emergency alerts and the emergency alert system in an NPRM teed up for a vote by commissioners, Chairwoman Jessica Rosenworcel said Wednesday. “It is critical that these public safety systems are secure against cyber threats, which means that we must be proactive,” Rosenworcel said of EAS: “The draft proposals shared today will help ensure that our national alerting systems work as intended during emergencies and the public can trust the warnings they receive.” Among the issues teed up are the amount of time EAS participants “may operate before repairing defective EAS equipment,” the need for participants to report compromises of their equipment and the need for security requirements and annual certification of cybersecurity risk management plans. The NPRM also asks about requirements that carriers “take steps to ensure that only valid alerts are displayed on consumer devices.” The FCC said last week 42 state and local government agencies will conduct local WEA tests Monday and Tuesday (see 2208300046).
FCC Chairwoman Jessica Rosenworcel circulated a notice of inquiry seeking comment on the cybersecurity vulnerabilities of the internet’s global routing system, said an FCC release Friday. “Earlier this week, the Department of Homeland Security warned U.S. organizations at all levels that they could face cyber threats stemming from the Russia-Ukraine conflict,” the release said. The draft NOI concerns “the security and integrity of the Border Gateway Protocol (BGP),” which is “the routing protocol used to exchange reachability information among independently managed networks on the Internet.” Due to vulnerabilities in BGP, it's possible to deliberately falsify “BGP reachability information” to redirect internet traffic, the release said. “Russian network operators have been suspected of exploiting BGP’s vulnerability to hijacking in the past,” the release said. That can lead to exposure of personal information, theft, extortion, “and state-level espionage,” the release said. The draft NOI also focuses on vulnerabilities in “the transmission of data through email, e-commerce, bank transactions, interconnected Voice-over Internet Protocol (VoIP), and 911 calls,” the release said.
FCC officials told us 4-0 approval is likely at Thursday's monthly meeting of a draft NPRM on SIM swapping and port-out fraud (see 2109230080). Commissioner Brendan Carr's office said it expressed support for the item when it was on circulation, before being added last week to the September agenda. Commissioner Geoffrey Starks' office told us he's seeking two changes to the order. One is a request for comment about whether the FCC, when looking at authentication standards, should incorporate National Institute of Standards and Technology standards or opt for another set. Another change would be a request for comment about subsequent audits for compliance for any requirements adopted.
The FCC remains focused on ensuring that 5G and other networks are secure, acting Chairwoman Jessica Rosenworcel said Monday at a virtual workshop on supply chain security, held in conjunction with the Office of the Director of National Intelligence. Rosenworcel said the FCC is exploring whether untrusted vendors should be excluded from the FCC equipment authorization program. Commissioners Brendan Carr and Nathan Simington urged more focus on device security.
Experts welcomed a proposed FCC notice of inquiry on open radio access networks during an Open RAN Policy Coalition webinar Wednesday. The draft NOI, set for a vote March 17 (see 2102240063), will help “white board … what these opportunities are” and figure out gaps, said Jayne Stancavage, Intel global executive director-digital infrastructure policy. “It is an important step to sort of gather these thoughts.” The world won't necessarily be divided into two 5G -- one built on ORAN and another on equipment from the major Chinese carriers, she said. “The operators are taking different steps on different timelines, and some will go one path, some will go another,” Stancavage said: “Some might go with traditional architecture.” Uptake rates will vary, she said: Variations on when enough spectrum is available for 5G will mean different timelines. As ORAN becomes more prevalent, Huawei and ZTE will also likely incorporate it, said Christopher Roberti, U.S. Chamber of Commerce senior vice president-cyber, intelligence and security policy. Government funding of ORAN research would help accelerate deployment, said Mehran Hadipour, Robin vice president-business development and tech alliances: “It would really open the floodgate … and get a lot more ORAN infrastructure in place. You have to reduce the transition costs by creating open standards … then also add models that bring incremental revenue.” Roberti wants funding from Congress: “The administration should continue to foster open, public-private dialogues … with like-minded governments.” The launch of 4G “was the dawn of Netflix and Facebook,” Roberti said. “With 5G, we’ll have to see.” There will be gradual growth and then “a huge explosion … things that we can’t imagine right now, but we won’t be able to live without in two years,” he said. Providers are trying to figure out how ORAN fits with the way they deliver service, Hadipour said. “It’s beyond just deploying antennas and ORAN infrastructure on top of that,” he said: “It has really become, 'How can I integrate this new model and technology into my infrastructure?’”
Sen. Mazie Hirono, D-Hawaii, is circulating online content-related legislation for potentially addressing civil rights violations in housing markets, Fordham University law professor Olivier Sylvain said Tuesday at the State of the Net conference. Hirono has been in discussions with Virginia Democratic Sens. Mark Warner and Tim Kaine about Communications Decency Act Section 230 (see 1908060064). Her office didn’t comment about a potential bill.
SAN ANTONIO -- The FCC seems poised to allow unlicensed devices including Wi-Fi to use at least part of the 6 GHz band that utilities and some others occupy to monitor infrastructure like power grids. Even though utilities and state telecom regulators have concerns about that approach, the federal regulator seems ready to act in coming months, said stakeholders on all sides that we spoke with on the sidelines of NARUC.