The FCC is AWOL on cybersecurity, according to former chairman Tom Wheeler. Writing at Brookings, he says the Department of Defense, Department of Homeland Security, and the intelligence community have stepped up in support of the NIST Cybersecurity Framework.
In contrast, Wheeler quotes current FCC members as saying that the commission’s role in cybersecurity is “relatively circumscribed” and “extremely limited.”
Writes Wheeler, “That’s not what the law provides, however”—that law being the Communications Act that gives the FCC its authority. “The statute instructs the FCC to act in furtherance of ‘national defense, [and] for the purpose of promoting safety of life and property through the use of wire and radio communications.’ That mandate to deal with threats to national defense and public safety surely encompasses the current cyber threats to national and individual security.”
Wheeler notes that in the age of the IoT, with everything connected in our digital economy, everything is at risk of a cyberattack. But instead of addressing this risk, he says, the new chairman pulled a white paper addressing cyber risks as well as a notice of inquiry that sought to incentivize industry and academia to secure 5G networks.
Advises Wheeler, “It would make sense if the FCC’s certification of electronic devices (required of every device from cellphones to connected coffeepots to assure non-interference with other radio devices) expanded to include cyber-certification.”
Wheeler says that cybersecurity requires a “whole-of-government” response. “The Department of Defense, intelligence community, and the Department of Homeland Security can only go so far—and they have no regulatory authority over commercial networks,” he concludes. “In this time of national cyber threats, everything the FCC does should be viewed through the lens of cybersecurity. The regulator responsible for commercial communications should include risk-informed cybersecurity deliberation throughout the discharge of its duties.”
See related articles:
