Wheeler Details Cyber Plans to Warner
FCC Chairman Tom Wheeler had to “postpone some of the next steps in this combined approach” on cybersecurity -- addressing “a combination of market-based incentives and appropriate regulatory oversight where the market does not, or cannot, do the job effectively”…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
-- due to the “impending change in Administrations,” he told Sen. Mark Warner, D-Va., in a Dec. 2 letter released Wednesday. Warner will be ranking member of the Senate Intelligence Committee starting next year. “Addressing loT threats remains a National imperative and should not be stalled by the normal transition of a new president,” Wheeler told Warner. “I've attached an outline of a program that I believe would reduce the risk of cyber threats to America's citizens and businesses. This program includes collaborative efforts with key Internet stakeholder groups; increased interagency cooperation; and consideration of regulatory solutions by the Commission to address residual risk that cannot be addressed by market forces alone due to market failure.” That attached plan, a page and a half in length, is titled the 5G/IoT Cybersecurity Risk Reduction Program Plan and has three sections: one on Federal Advisory Committee/voluntary stakeholder engagement; one on leveraging interagency relationships; and final one on regulatory and rulemaking activities. The FCC should issue a notice of inquiry “to develop a record and identify residual risk in the IoT commons, with the goal of determining where market failure may exist in the ISP, network element manufacturer, and device manufacturer community” and nail down best practices, the plan recommended. Then the agency should issue an NPRM “to examine regulatory measures the FCC could take to help address cyber risks that cannot be addressed through market-based measures,” it said. “The NPRM could examine changes to the FCC's equipment certification process to protect networks from loT device security risks. … Explore the potential of a cybersecurity certification (possibly self-certification) to create a floor and identifiable risk relevant levels above the floor for device cybersecurity and a consumer labeling requirement to address any asymmetry in the availability of information and help consumers understand and make better decisions regarding the potential cyber risks of a product or service.” This month, an NOI sought comment on cybersecurity for 5G devices (see 1612160063), and the agency's Communications Security, Reliability and Interoperability Council met (see 1612210060). Wheeler had been seen as backing off of pursuing a vote on a draft that would set up framework for the commission to hold confidential meetings with communications sector executives aimed at providing assurances on the firms’ cybersecurity practices (see 1611300063). Wheeler also told Warner the FCC’s authority over broadband empowers its cybersecurity initiatives, and staffers are “actively examining cyber challenges presented by today's end-to-end Internet environment.” A senior Republican staffer for the Senate Commerce Committee recently questioned the FCC’s approach to cybersecurity under Wheeler (see 1612060074).