FCC Should Consider Requiring Security Updates for Authorized Devices: Simington
FCC Commissioner Nathan Simington said Tuesday the FCC should consider rules requiring gear makers to provide security updates for wireless devices authorized by the agency for sale in the U.S. “Currently our rules don’t explicitly require a software update mechanism,…
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
but it is questionable whether the purpose of the equipment authorization rules is being fulfilled when consumer devices with software-controlled transmitters are being put to market and then promptly abandoned by their manufacturers and retailers, not receiving security updates throughout the expected lifespan of the device,” Simington said in a speech to the Rural Wireless Association. “I don’t think it’s too much for the government to ask, that if you sell a wireless device, you make sure you have a way of fixing any later-discovered flaws that would allow an attacker to commandeer the transmitter and use it to attack the availability of our wireless networks,” he said. Manufacturers “shouldn’t have to support devices forever, and you shouldn’t have the obligation to deliver new features, but letting security vulnerabilities linger on devices with large install bases is not an acceptable state of affairs for the security of our wireless networks.” Simington said he's focusing on the issue and invites meetings with industry and the public. Carriers shouldn’t draw the wrong lesson from the rip-and-replace program, that “you should buy the cheapest device you can find, no matter the source, and that the US government will bail you out if it turns out to have been a bad decision,” he said.