Industry Groups Worried About Security of Outage Reports
Industry groups are concerned about FCC proposals to relax restrictions on sharing disaster reporting information with public safety authorities and the public but are broadly supportive of agency plans to streamline the disaster information reporting system (DIRS), according to comments filed in docket 21-346. Public disclosure of outage reporting data “could compromise public safety and network security, particularly at a time when vandalism of communications network infrastructure is on the rise,” said ACA Connects. The FCC should focus on more education and engagement with state public safety officials, “not a lowering of standards for protecting sensitive information from public disclosure.” But Public Knowledge said wider dissemination of outage data could improve public safety and enhance competition by giving the public another category in which to compare providers.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
The FCC’s NPRM on streamlining DIRS sought comment on eliminating barriers to sharing outage information to make it easier for state, federal and tribal public safety agencies and the public to access the data. While industry groups differed on the specifics, nearly all said opening up access could lead to security issues.
The FCC should “decline any reduction or relaxation of the requirements that govern sharing or confidentiality of outage reporting information, as it could undermine the security of U.S. networks,” NCTA said. The FCC “should not change course, particularly while network security and national security concerns are only increasing due to, for example, a spike in criminal activity that has impacted the availability of communications services,” said CTIA. NTCA said public safety entities with access to outage information should be required to commit to following best practices for information security. Outage information shouldn’t be shared with the public, beyond the DIRS status reports the FCC already issues during disasters, NTCA said. “This information, if made more broadly available, could create risks to both network security and competitive interests,” USTelecom said.
The FCC should make both DIRS and network outage reporting system (NORS) data “fully available to the public, so that consumers may ‘vote with their feet’ for networks which invest in reliability,” said Public Knowledge. The current treatment of data as confidential makes it difficult to collect data over time by region and by carrier, PK said. “Unfortunately, this does more than simply protect carriers from the repercussions of insufficient investment. It prevents states and researchers from identifying patterns which may help to harden networks going forward.” NAB “disagree[d] with the suggestion that increasing the transparency of filers’ data will spur competition between providers.” DIRS data “should not be used as a tool for enhancing competition among providers,” said NTCA.
Disasters such as the 2023 Maui wildfires demonstrate the danger of agencies and public safety officials having access only to “fragmented information,” said the Foundation for Defense of Democracies. DIRS “is only as effective as its capacity to deliver timely insights to the number of agencies and organizations able to use it in real time,” the FDD said. “At present, participation is low among emergency management agencies due to cumbersome authorization and training requirements.”
Most commenters were supportive of FCC efforts to streamline DIRS reporting. The reporting framework is “cumbersome, inefficient, burdensome for providers that are in the middle of disaster response and restoration efforts, and requires the submission of information that does not provide any significant value for emergency response and management purposes,” said WISPA. Numerous commenters agreed with an agency proposal to do away with DIRS final reports after disasters are resolved. “The requirement to submit a final report can delay and divert critical personnel and resources” from restoration efforts, said NCTA. The agency “should ensure that any changes do not unnecessarily complicate the process or require duplicative reporting,” T-Mobile said. The FCC should delegate authority to the Public Safety Bureau to work with industry to design a new reporting platform, Verizon said.
The FCC should exempt entities that aren’t facilities-based -- such as mobile virtual network operators (MVNOs) and resellers -- from DIRS reporting, said many industry groups. “Providers of nomadic interconnected VoIP services typically do not provide their customers with the type of physical connectivity that would be affected by disasters,” said the Voice on the Net Coalition. Public Knowledge disagreed: “Blackouts can come from a variety of sources, not simply from infrastructure failure.” Emergency coordinators need all available information on which customers are affected by outages, PK said. Resellers “lack physical control of facilities and therefore cannot supply reliable network restoration data,” said ACA. “Imposing reporting on entities without operational visibility is not only burdensome but also risks degrading DIRS data quality by inviting the submission of duplicative or speculative information.”
ACA also called on the FCC to eliminate mandatory DIRS filing requirements for cable providers. “We doubt that the recent conversion of DIRS from a voluntary to a mandatory program will produce benefits that outweigh the harmful impact on smaller providers,” ACA said. The mandatory requirement has been in place for less than a year, PK said. “It is far too soon for the Commission, or emergency managers and public safety responders, to judge the benefits of mandatory DIRS reporting.”