5G, 911 Security, Alerts Among Focuses of Reconstituted CSRIC
The FCC Communications Security, Reliability, and Interoperability Council started Friday at its first public meeting in this iteration. The focus was on promoting security for 5G and 911 networks, broadcaster resiliency and strengthening emergency alerting. The agency plans a notice asking for volunteers for the six working groups, agency officials said.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
“As CSRIC's name conveys, our goal is to promote the security and interoperability of the nation’s communications networks,” said Public Safety Bureau Chief Lisa Fowlkes. CSRIC has “a lot of hard work” ahead, she said. Fowlkes said Chairman Ajit Pai had other business and couldn’t attend.
Commissioner Jessica Rosenworcel urged a focus on 5G security before the meeting started. “It's not enough to be first to 5G -- the networks we deploy must also be secure,” she tweeted: “@FCC needs to reinvigorate” CSRIC “& have it focus on #5G security. This council meets today. We can start right here & now.” CSRIC Chair Charlotte Field, Charter Communications senior vice president-platform application operations, declined to comment.
Field detailed the focus of the working groups. One will look at managing security risks in the transition to 5G, she said. As fifth generation is widely developed “its evolutionary design will incorporate a number of existing standards” from previous wireless generations, Field said: “This approach risks the persistence in 5G of security issues that exist in currently deployed networks.” The FCC directed CRSIC to review the risks for a report on best practices, with a report due in June, she said. A second report will look at recommended updates to 3rd Generation Partnership Project (3GPP) standards and a comparison of risks and remediation costs, and is due December 2022, she said.
Another working group will focus on managing security risks in 5G implementations, with an eye on 3GPP release 16, due early next year, Field said. “The potential risks introduced into core 5G network elements by weaknesses in this release of these 3GPP standards must be understood so that appropriate mitigation can be undertaken. CSRIC is charged with looking at the risks and mitigation. The working group will have two reports -- on the risks introduced, scheduled for September 2020, and mitigation, due March 2021.
An alert originator standard operating procedures working group will look at how to make alerts work better, Field said. “Complete and well-developed SOPs, that incorporate all stakeholders … enable faster and more effective response during emergencies." The working group is to recommend model SOPs, she said, with a focus including “redundant and effective” lines of communication between stakeholders and the elements in messages that retract or correct false alerts. CSRIC will launch a final report at its September meeting, she said.
Another working group will focus on 911 security vulnerabilities during the IP transition, Field said. The group will identify risks in legacy and transitional 911 networks and recommend best practices to mitigate them, she said. A report on the risks is due in June and one on risk magnitude and remediation costs in December 2020, she said. The commission also created a working group on resiliency of broadcast networks during disaster, Field said. The group is to update best practices for how broadcasters prepare for natural disasters, and develop additional ones “that would improve the resilience of broadcast infrastructure and allow for more rapid recovery,” she said. A final working group will examine session initiation protocol.