Government // Cybersecurity
News
6/13/2014
10:05 AM
50%
50%

FCC Wants More Cybersecurity Collaboration, Less Regulation

In a speech to the American Enterprise Institute, FCC Chairman Tom Wheeler outlined principles for a market based approach.

 Government Data + Maps: 10 Great Examples
Government Data + Maps: 10 Great Examples
(Click image for larger view and slideshow.)

FCC Chairman Tom Wheeler on Thursday laid out his vision of the Federal Communications Commission's role in network security, calling for a more market-based approach, with industry assuming responsibility and leadership.

The new approach he described would be based on collaboration rather than regulation, but Wheeler noted that the FCC still has regulatory authority to back up its goals. "We believe there is a new regulatory paradigm where the commission relies on industry and the market first while preserving other options if that approach is unsuccessful," he said in a speech to the American Enterprise Institute.

In his talk, Wheeler said that changes in technology have outpaced the ability of legislation and regulation to keep up with the new functionality of the world's communications networks and the threats facing them.

[Drones overhead? Read FAA Approves First Commercial Drone Flight Over Land.]

The companies operating those networks "must step up to assume new responsibility and market accountability for managing cyber risks," he said. "This begins with private sector leadership that recognizes how easily cyberthreats cross corporate and national boundaries."

Although the FCC's charter is to promote public safety and the national defense through protection of the nation's communications systems, the rapid evolution of the Internet is being driven by commercial incentives and innovation, and these same drivers are more readily adapted to meeting rapidly evolving threats, Wheeler said. "This new paradigm must be based on private sector innovation, and the alignment of private interests in profit and return on investment with public interests like public safety and national security."

Tom Wheeler (Source: FCC)
Tom Wheeler (Source: FCC)

Although the chairman took pains to assure listeners that he was not advocating new regulations for the Internet, he said that the Commission already has authority under existing law to exercise its responsibilities, even if the technology has changed since the law was written.

The technology has changed. The Communications Act was last updated in 1996, an Internet lifetime ago, and the traditional "prescriptive regulatory approach" no longer is adequate to address advances such as mobile Internet-connected devices and all-IP communications, Wheeler told the audience. But the traditional approach remains an option if the new paradigm fails.

Spearheading development of a collaborative security framework for the FCC will be chief of the Public Safety and Homeland Security Bureau Admiral Dave Simpson and chief counsel for cyber security Clete Johnson. The effort will build on existing efforts, such as the Framework for Improving Critical Infrastructure Cybersecurity, released earlier this year by the National Institute of Standards and Technology, which will be adapted for the communications sector. The commission also will leverage its work with existing Information Sharing and Analysis Centers and examine legal and practical barriers to sharing threat and attack information.

Wheeler said FCC cyber security policy will be guided by four broad principles:

  • A commitment to preserve the freedom and openness of the Internet
  • A commitment to privacy, which is essential to consumer confidence
  • A commitment to cross-sector coordination, rather than silos of security
  • A multi-stakeholder approach to global Internet governance

"We will oppose any efforts by international groups to impose Internet regulations that could restrict the free flow of information in the name of security," Wheeler said.

Programs established under the new policy must be "demonstrably effective," which will require transparency and the ability to show that policies and actions work in the real world, he said. "Companies must have the capacity to assure themselves, their shareholders and boards -- and their nation -- of the sufficiency of their own cyber risk management practices."

New standards, new security, new architectures. The Cloud First stars are finally aligning for government IT. Read the Cloud Hits Inflection Point issue of InformationWeek Government Tech Digest today.

William Jackson is a technology writer based in Washington, D.C. He has been a journalist for more than 35 years, most recently covering the $80 billion federal government IT sector for Government Computer News. His coverage has ranged from architecture to international ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
David F. Carr
50%
50%
David F. Carr,
User Rank: Author
6/13/2014 | 11:14:18 AM
What's your bet?
Will the FCC give industry-led cybersecurity a chance to succeed before adding more regulation?
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 16, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.