FCC seeks information on survivability and security of nation’s broadband nets
First step toward security certification program
- By William Jackson
- Apr 22, 2010
The Federal Communications Commission is taking the first steps toward a proposed voluntary security certification program for service providers and a study of the survivability of the nation’s broadband infrastructure, both of which were recommended in the National Broadband Plan.
The commission yesterday approved notices of inquiry seeking comment on each of these programs.
“As network attacks and the level of risks increase, it is beyond important that we fully understand the implications of this evolution in communications and that we take all necessary and appropriate steps to ensure the survivability of our voice and broadband communications networks,” FCC Chairman Julius Genachowski said in announcing the inquiries.
The FCC has not proposed any rules on broadband security and the inquiries do not involve proposals for mandatory programs. The goal is to encourage better security practices and provide consumers with more information about the security status of service providers.
“If consumers receive adequate information, the knowledge about the tools and techniques used by their service provider to combat criminals and hackers, they will no doubt be more comfortable with their broadband experience,” Commissioner Robert McDowell said in a statement.
FCC assesses impact of Comast ruling on National Broadband Plan
Mobile data volume exceeds voice traffic for the first time
Universal access to broadband Internet has been designated as a key part of the nation’s economic recovery, and Congress mandated in the Reinvestment and Recovery Act last year that the FCC develop a national plan for ensuring access to broadband capability for all Americans. “The proliferation of Internet Protocol-based communications requires stronger cybersecurity,” the FCC concludes in that plan, delivered to Congress last month.
One of the plan’s recommendations was to establish a cybersecurity certification program for network operators. The cybersecurity certification program would be voluntary, part of an effort to create market incentives for securing networks, and the commission would not have the authority to mandate security standards for privately owned networks.
Under the proposed program, participating carriers would be audited either by the FCC or by accredited outside auditors for compliance with a set of best security practices that would be developed by a broad-based group of public and private sector experts. Complying companies would be able to use their stamp of approval in marketing.
The notice of inquiry seeks comments on the cost and benefits of such a program, whether increased public awareness would effectively drive adoption of better security practices, and the mechanics of the accreditation and certification processes.
The plan also recommends that FCC work with the administration to release a cybersecurity roadmap within 180 days, identifying the five most critical cybersecurity threats to the communications infrastructure and establishing a two-year plan to address them. Assessing the survivability of the infrastructure is one of the early steps in such an effort.
The FCC is seeking comment on the ability of existing broadband networks to withstand significant damage or severe overloads as a result of malicious disruptions or natural disasters. This is becoming increasingly critical as more of the nation’s commerce and emergency communications are being carried on core IP networks.
“Network survivability has a lot to do with national survivability when tragedy strikes,” Commissioner Michael J. Copps said in a statement.
The FCC is asking for comment and analysis on:
- Major single points of failure in broadband networks.
- Measures to minimize single points of failure.
- Survivability of cell sites on which first responders rely.
- Prioritizing traffic for first responders on networks.
- Ensuring redundancy and diversity in physical networks.
- Network management practices for dealing with network overloads.
The inquiry does not anticipate establishing minimum requirements or best practices for carriers, and at least some commissioners question the need or the FCC’s authority to do so. Commissioner Meredith Attwell Baker said in a statement that although it is appropriate for the commission to evaluate current conditions, “I am pleased that we have not prejudged any affirmative regulatory role for the commission in addressing network survivability. It is in the clear commercial interest of all network operators to ensure their operations are reliable and resilient.”
There will be a 45-day comment period on each subject following the publication of the Notice of Inquiry in the Federal Register, with 75 days for responding to comments. Information on submitting comments will be included in the Federal Register notices.
William Jackson is a Maryland-based freelance writer.