Inconsistent Guidance on Wireless Cybersecurity Tech 'Threatens' Consumer Data, Johnson Says

Secretary Jeh Johnson seeking clarification of contradictory guidance from DHS and the FCC on the use of wireless intrusion detection systems (WIDS) and wireless intrusion prevention systems (WIPS) to protect wireless networks from cyberattacks. That “conflicting information” hampers federal cybersecurity efforts, the chairmen said in the letters, sent Wednesday and obtained Thursday (see 1506180061). A Jan. 27 FCC Enforcement Bureau advisory said a wireless local area network (WLAN) violates federal law if it uses WIDS/WIPS technology to block a wireless network access point that's being used to launch a cyberattack, while DHS WLAN guidance from 2011 says WIDS/WIPS technology is “critical to the WLAN security and operation, and therefore is required.” The Enforcement Bureau “is out of control,” Johnson said in a news release. He said the bureau “is not the expert bureau in policymaking at the FCC and the FCC is not the expert agency in cybersecurity. That is why it comes as no surprise that the FCC's so-called ‘guidance’ threatens the security of consumer data and is inconsistent with best practices outlined by other, more experienced agencies." DHS and the FCC are “saying vastly different things on how to secure wireless networks,” McCaul said in the news release. “The bottom line is that American companies need the ability to protect their customers, rather than bureaucratic confusion from the U.S. government that puts consumers at risk.” The FCC had said it was reviewing the letter. DHS didn't comment.