Public Safety, Emergency Alerts, Cybersecurity on Plate of New CSRIC

The FCC hasn't published a list of CSRIC working groups and the questions they should consider, something that usually happens before the first meeting, said Jeffery Goldthorp, designated federal officer. But FCC officials provided an overview of some of the work expected of CSRIC V.

“We have to continue to deal with emergency services and alerting systems in the middle of evolving networks and we can never forget that Section 1 of the Communications Act says our responsibility is to protect public safety,” Wheeler said. The FCC also needs CSRIC’s advice on infrastructure resiliency, Wheeler said. “As infrastructure changes, the factors that have made it resilient over the years and have evolved over time change as well,” he said. “If the message does not go through then there is no reason to have a network.”

CSRIC V should also follow up on the work of the past CSRIC on cybersecurity, Wheeler said. Threats to cybersecurity are “ever expanding, ever more creative, ever more challenging,” he said. CSRIC IV helped the FCC develop a “new paradigm” for addressing cybersecurity in the nation’s networks, he said. “Now we have to put that into practice,” he said.

Wheeler also offered CSRIC instructions similar to what he provided Tuesday to the FCC’s new Disability Advisory Committee (see 1506230063). CSRIC is “not a debating society,” he said. It must approve “actionable” recommendations for the FCC to consider.

“Fear not, this will be fun,” said CSRIC Chairman John Schanz, chief network officer at Comcast Cable. “We have only started the process here today and there is much more work to be done.”

“This is a really exciting time to be working in telecommunications,” said David Simpson, chief of the FCC Public Safety Bureau. There's ever increasing network functionality and increasing reliance on the cloud, he said. But the threats to networks are also on the rise, he said. “We get either the perfect storm or we get the U.S. marketplace addressing the tension between those three in the best possible, forward-leaning manner.”

One CSRIC working group will look at the most significant technical and legal barriers to cybersecurity information sharing. “Employing a bottom-up sharing perspective the group will seek to understand the existing structures and processes in which cybersecurity information is shared between companies in the communications sector,” said Gregory Intoccia, cybersecurity special counsel at the FCC. Intoccia said companies are often reluctant to share such information. The working group will look at how to remove these that reluctance.

Congress is also looking closely at information sharing, Simpson said. “We do not seek to at all replace that work,” he said. CSRIC also can't override work being done by the Department of Homeland Security. Much of the focus will be on small- and medium-sized companies, Simpson said. “Don’t jump right to create,” he said. “The right answer is adopt wherever you can.”

CSRIC member Richard Perlotto of the Shadowserver Foundation said all the information sharing the FCC wants to encourage is already happening on a daily basis. “I want to make sure we recognize that there are a lot of existing efforts out there in this space already,” he said. “As we create these new policies or new concepts … we have to recognize that the work is being done now. You’re already being saved everyday whether you like it or not.”

A second CSRIC working group will examine how to ensure that network equipment offerings have “baked in” settings and features to encourage network security. “As everyone in this room knows … there are emerging and even current security vulnerabilities in some of the software and hardware products,” said Steven McKinnon, an FCC cybersecurity engineer. “Addressing those security vulnerabilities in the design and development process can reduce the cost and the consequences of addressing security gaps once those products are in the marketplace and ultimately in the network.”

Another working group will focus on the transition to location-based routing of 911 calls on legacy, hybrid and next-generation 911 systems. Simpson said the working group should also examine steps public safety answering points can take to mitigate problems from misrouted calls to 911. Brian Josef, who represents CTIA on CSRIC, said the FCC approved new rules on the location accuracy of wireless calls to 911 in January (see 1501290066). “While this is focused on tightening the routing we wouldn’t want to see some contradictory recommendations,” he said.

A fourth working group will focus on emergency alerts and ways to empower state and local emergency managers to leverage new and emerging technologies to improve current alerting platforms. Simpson said the working group should look at the role of social media. Social media might offer an effective way of “rapidly polling the affected set of consumers in a disaster area so they can provide feedback on the disaster in a manner that is efficient for the emergency operations center or the PSAP,” he said.

Another working group will look at how to make the Emergency Alert System (EAS) adopted by the last CSRIC more secure. “We don’t want to redo CSRIC IV’s work on what the right aim point [is] for EAS security,” Simpson said. “That was great work. We now want to ask you to help us figure out how we facilitate the implementation.” The working group will also examine how alerts can be delivered in various languages and at the development of a new EAS handbook, FCC officials said.

CSRIC also has a working group on submarine cable resiliency. The full CSRIC next meets Sept. 23.