Executives Optimistic About FCC Cybersecurity Approach
Executives who are members of Communications Security, Reliability & Interoperability Council (CSRIC) Working Group 4 said they're optimistic about ongoing FCC efforts to improve the communications sector’s cyber-risk management. Public Safety Bureau Chief David Simpson said during an FCBA event Tuesday night that FCC work on cybersecurity via CSRIC and other efforts “won’t be a recipe for perfection,” but he hopes it will improve the resiliency of 911 and other communications networks. “I think we'll see that in the outage reports” and other data, he said. Working Group 4 updated CSRIC Wednesday on its work to adapt the National Institute of Standards and Technology (NIST) Cybersecurity Framework for communications sector use. (See separate report in this issue.) Working Group 4 Co-Chairman Robert Mayer had told us before the CSRIC meeting that the group had made “substantial progress” on that work (CD Sept 24 p4).
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
Industry interest in Working Group 4’s efforts is “an indication that what the FCC has said they were working for -- industry running with the ball, taking the initiative -- is happening,” said Mayer, USTelecom vice president-industry and state affairs, during the FCBA event. “It’s not happy talk, it’s not smoke and mirrors.” More than 100 industry representatives have participated in Working Group 4 meetings, which are preparation for a report the group expects to release in March to recommend ways for communications companies to apply the NIST framework to their cyber-risk management policies, and appropriate metrics, he said.
AT&T Assistant Vice President-Global Public Policy Chris Boyer, who leads Working Group 4’s wireline segment, said he believes FCC efforts are going “in the right direction.” The FCC is giving industry “room to work together in a collaborative way to come up with solutions” that are mutually beneficial, he said. AT&T has been a strong supporter of the NIST framework, but other companies within the communications sector are also motivated to act in part because of the rise in data breaches and other cyber incidents, Boyer said. “Nobody wants to be the next Target.” A data breach of Target’s payment system compromised millions of credit cards used at Target stores Nov. 27-Dec. 15.
The FCC approach to improving cybersecurity is “dramatically different from anything I've seen before, but I'd go so far as to say that in cybersecurity you only have one direction to go, which is forward,” said CTIA Vice President-Cybersecurity and Technology John Marinho, who leads Working Group 4’s wireless segment. FCC work on cybersecurity is “putting the spotlight” on commercial satellite services’ cybersecurity, while “even bringing the industry together to have this discussion is important,” said Iridium Vice President-Regulatory Engineering Donna Bethea-Murphy, who leads Working Group 4’s satellite segment.
The FCC is taking a “new approach” to cybersecurity, but the NIST framework was what fundamentally “changed the dialogue,” Marinho said. NCTA Senior Director-Broadband Technology Matt Tooley, who leads Working Group 4’s cable segment, said the NIST framework created a common taxonomy for cyber-risk management, while FCC focus on the issue has “raised the bar” for cybersecurity within the sector.