As cyber week continues in Washington, Federal Communications Commission Chairman Tom Wheeler traveled to the west coast to speak about cybersecurity at the RSA Conference in San Francisco. Wheeler noted that the FCC has several charges to protect against cyber-attacks and similar threats, including the agency’s responsibility to protect the safety of communications networks generally, as well as its responsibility to protect the privacy of consumer data collected by communications providers.
Wheeler centered his remarks on information sharing and accountability by the private sector. He suggested that the communications industry’s approach to 911 calls – a combination of industry best practices and rules requiring that network outages be reported to the government – could serve as a model for cybersecurity information sharing. Cyber-attacks should be subject to similar reporting requirements.
He praised the work of the National Institute of Standards and Technology for its Critical Infrastructure Framework, and the FCC’s cybersecurity advisory committee, the Communications Security, Reliability and Interoperability Council (“CSRIC”) for its recommendations, released last month, to assist and encourage communications providers with implementing NIST’s voluntary framework. He focused specifically on one of CSRIC’s accountability proposals – that members of the communications sector periodically meet with the FCC to discuss their companies’ cyber-risk management efforts. He acknowledged that the FCC’s goal is not to micromanage implementation of the NIST framework by communications companies, but instead to learn whether the framework and companies’ efforts are actually working to mitigate risk. He stated that the meetings will not be framed as depositions and sensitive information shared would be protected from public disclosure, but that many of the details regarding the meetings still need to be worked out. The FCC is seeking comment on this and the other CSRIC recommendations until June 26, 2015.
And, back in Washington, the House of Representatives passed the Protecting Cyber Networks Act on a 307-116 vote over the concerns of civil liberties groups. Read more: