ISPs Need Government Oversight to Reduce Cyber Risk, Says FCC White Paper

and businesses will continue to be taxed,” the bureau said in a white paper. “But shifting this risk oversight responsibility to a non-regulatory body would not be good policy. It would be resource intensive and ultimately drive dramatic federal costs and still most certainly fail to address the risk for over 30,000 communications service providers and their vendor base.” The FCC can’t rely on organic market incentives alone to reduce cyber risk, it said. “As private actors, ISPs operate in economic environments that pressure against investments that do not directly contribute to profit. Protective actions taken by one ISP can be undermined by the failure of other ISPs to take similar actions. This weakens the incentive of all ISPs to invest in such protections. Cyber-accountability therefore requires a combination of market-based incentives and appropriate regulatory oversight where the market does not, or cannot, do the job effectively.” FCC Chairman Tom Wheeler, who steps down Friday, mailed the cybersecurity white paper to Sen. Mark Warner, D-Va. “This whitepaper outlines risk reduction activity engaged in by the Commission during my tenure and suggests actions that would continue to affirmatively reduce cyber risk in a manner that benefits from and incents further competition, protects consumers, and addresses significant national security vulnerabilities,” Wheeler wrote. Earlier, Wheeler was seen as backing off more ambitious cybersecurity plans (see 1611300063).