Last week, the FCC’s Public Safety and Homeland Security Bureau released a Public Notice (“Notice”) urging communications service providers to review and assess how they can incorporate the recommendations from Communications Security, Reliability, and Interoperability Council (“CSRIC”) V, Working Group 10 March 2017 Report to abate security signaling system 7 (“SS7”) protocol vulnerabilities(the “SS7 Report”).  SS7 is a communications protocol used within telephone networks to aid call setup, routing, billing and other functions between fixed and mobile service providers.

Continue Reading Communications Service Providers Asked to Adopt the FCC CSRIC Guidance on Signaling System 7 Vulnerability Reduction

Late last week, the FCC released a Public Notice requesting comment on existing best practices for Internet Service Providers (ISPs) to combat cybersecurity threats.  The inquiry is a follow up to the FCC’s New Cybersecurity Initiative focused on developing a voluntary, private-sector driven approach to cyber risk management.  Comments from this inquiry will support and inform the work of Communications, Security, Reliability and Interoperability Council IV (CSRIC IV) to create cybersecurity best practices that align with the National Institute of Standards and Technology (NIST) framework across the broader communications sector.

The inquiry is focused on what steps the industry has taken voluntarily to combat certain cyber threats.  However, the FCC acknowledged that the vulnerabilities addressed by these recommendations remain active threats and sought comment on how to address these concerns and create cyber assurances across the industry.  As Chairman Wheeler noted in his June 12 speech, the FCC is open to considering other options if a voluntary, market-driven approach fails to yield measurable, accountable results.
Continue Reading FCC Seeks Comment on Cybersecurity Best Practices for ISPs

In the wake of a number of high-profile cybersecurity events — from the Heartbleed bug to the Target breach — cybersecurity has become a red-hot issue in Washington, D.C.  Earlier this month, in a major address delivered at the American Enterprise Institute, Federal Communications Commission Chairman Tom Wheeler announced a new cybersecurity initiative to create a “new paradigm for cyber readiness” in the communications sector.

As described by Wheeler, the FCC’s cybersecurity initiative will be led by the private sector, with the Commission serving as a monitor and backstop in the event that the market-led approach fails. In particular, the FCC will “identify public goals, work with the affected stakeholders in the communications industry to achieve those goals, and let that experience inform whether there is any need for next steps.” Chairman Wheeler stressed that the new paradigm must be dynamic, more than simply new rules, and the Commission will rely on innovation by the private sector.

Continue Reading What to Watch For With The FCC’s New Cybersecurity Initiative