FCC on Cybersecurity: Service Providers Need to Beef Up Defenses
The growing threat of cybersecurity has drawn many new faces into the battle. It isn't just hackers and victims anymore — there are governments involved now, too. The FCC is the latest arm of the U.S. government to join the fray, offering to provide regulatory guidance to network service providers if they can't step up security for their customers.
Although the FCC does not have direct control over cybersecurity practices (in reality, no government agency does), FCC chairman Tom Wheeler addressed the American Enterprise Institute Thursday about the matter.
"The challenge is that this private sector-led effort must be more dynamic than traditional regulation and more measurably effective than blindly trusting the market or voluntary best practices to defend our country," Wheeler said. "The new paradigm for the communications sector must be real and meaningful. It has to work. The Commission's commitment to market accountability will help ensure that it does work. And, while I am confident that it will work, we must be ready with alternatives if it doesn't."
The issue at hand? Red tape and fear of public backlash that doesn't only exist in government.
Wheeler acknowledged the balance that must be struck: the threat is large, but there is no precedent for strict regulation. Instead, the FCC is urging network service providers like AT&T and Verizon to beef up their defenses. What needs to happen in order for these ramparts to hold out hackers, however, is cooperation. The nature of today's interconnectivity demands that, Wheeler insisted.
"Companies large and small within the communications sector must implement privacy-protective mechanisms to report cyber threats to each other, and, where necessary, to government authorities," Wheeler said. "We cannot continue on a path that lets individual networks put other networks, American businesses and consumers at risk. We need to develop market accountability that doesn't currently exist."
Wheeler and the FCC aren't the first government agents to acknowledge this "paradigm." Both the White House and the National Institute of Standards and Technology (NIST) have said the same thing: cooperation within the private sector, and between the private and public sector, is necessary for a proper framework against cyber criminals. Following an executive order passed in 2013, the White House released the "Cybersecurity Framework" earlier this year, urging firms to adopt a veil of transparency, rather than secrecy, when dealing with such a new and widespread threat. The NIST, on the other hand, has asked for companies to integrate cybersecurity into the foundation of services rather than as an afterthought.
"My first car had seat belts and no airbags," said NIST fellow Ron Ross, one of the three co-authors of the paper detailing the agency's suggestions. Ross was referring to the fact some safety features that were initially add-ons and later became standard.
"We'd like to have the same level of confidence in our software and systems. By integrating our best practices into a well-established engineering process, we then can start to communicate with the system engineers who speak a different language than security engineers. That dialogue is important to understanding what each discipline does and how they can work together to achieve a common goal."
The question remains whether the government itself can showcase the kind of bipartisanship concerning cybersecurity it is touting.
For more stories like this, follow us on Twitter!
Subscribe to Latin Post!
Sign up for our free newsletter for the Latest coverage!