Wheeler Floats FCC Cybersecurity Certification for IoT Devices

Federal Communications Commission Chairman Tom Wheeler has laid out an unexpected roadmap through which the FCC could directly regulate the security of internet-connected devices.

In a letter to Sen. Mark Warner (D-Va.) dated Dec. 2 and released by Warner on Monday, Wheeler proposed an FCC-mandated cybersecurity certification process for “Internet of Things” devices. The proposal would also require consumer cybersecurity labels for IoT devices and associated services.

Wheeler is set to step down as chairman on Jan. 20, but the new framework could be used to support legislation enhancing the FCC’s ability to regulate IoT devices.

Wheeler’s letter responded to a set of questions that Warner sent to the FCC four days after an Oct. 21 cyberattack directed through IoT devices knocked popular websites offline for several hours. He said in Friday’s letter that he shares Warner’s concern “that we cannot rely solely on the market incentives of ISPs to fully address the risk of malevolent cyber activities.”

In addition to public-private partnerships and interagency cooperation, Wheeler said FCC regulations could also play a role.

The letter marks a shift in perspective from the days immediately following the Oct. 21 cyberattack, when an FCC official said there was little appetite at the agency for increased regulations mandating stricter network security protocols for internet service providers.

Wheeler now seems to be moving the regulatory target to the IoT devices themselves. The FCC already imposes a certification process on all devices that emit or receive spectrum to ensure they don’t interfere with radio communications.

“Equipment authorization is a critical element of the FCC’s regulatory structure to maintain the integrity and usability of spectrum,” Wheeler explained in an outline of a proposed regulatory structure that accompanied the letter to Warner.

Berin Szoka, president of the limited-government group TechFreedom, said Wheeler may be looking at the FCC’s existing certification authority “as a hook for regulating the security of the devices.” But Szoka said that would vastly overstep the commission’s regulatory authority.

An FCC official told Morning Consult on Monday that the proposals floated in Wheeler’s letter would likely require an expansion of the agency’s device certification process to include cybersecurity. “It seems to be a very aggressive take on cybersecurity from the perspective of the FCC’s jurisdiction,” the official said.

It’s highly unlikely that Wheeler himself will be able to issue a proposed rule to expand the FCC’s certification authority, mainly because he’s required to step down as chairman when President-elect Donald Trump takes office.

The FCC official noted that the language in the letter was “wishy-washy” and said the proposal to directly regulate IoT devices is simply demarcating the outer limits of the agency’s authority.

Warner — whose Oct. 25 letter focused on steps the FCC could take to regulate the internet service providers that connect to IoT devices — said he was pleased with Wheeler’s answer.

“The commission’s proposal for a device certification process, either by the agency or through industry self-certification, deserves strong consideration,” Warner said in a statement Monday. “Similarly, the FCC’s suggestion of consumer labeling requirements echoes the call by many security experts for metrics that will empower and educate consumers.”

Briefings

Tech Brief: White House Supports FCC’s Net Neutrality Repeal

The White House weighed in on the net neutrality debate, with deputy press secretary Sarah Huckabee Sanders issuing a statement in support of Federal Communications Commission Chairman Ajit Pai’s plan to roll back rules instituted by the 2015 Open Internet Order. President Donald Trump stopped short of filing comments with the FCC on the matter, but Sanders said that the issue should be resolved through congressional legislation.

Tech Brief: Internet Association Asks FCC to Keep Net Neutrality

The Internet Association, a group that represents major tech companies including Alphabet Inc. and Facebook Inc., is officially calling on the Federal Communications Commission to keep net neutrality rules in place. In comments filed with the agency, the Internet Association noted that a net neutrality repeal could cause damage to the markets and limit innovation.

Tech Brief: House Bill Requires Pentagon to Report Russian Hacking

House lawmakers voted to advance an amendment to the 2018 National Defense Authorization Act that would require the Pentagon to report attempts by Russian hackers to break into its network. The amendment was approved by the full House, and comes amid heightened concerns regarding Kremlin-backed cyberattacks and hacks that have targeted the United States and its allies across the world.

Tech Brief: AT&T Joins Net Neutrality ‘Day of Action’

AT&T Inc. announced that it will participate in today’s internet-wide Day of Action to Save Net Neutrality, despite supporting Federal Communications Commission Chairman Ajit Pai’s proposal to roll back the 2015 Open Internet Order. An AT&T executive wrote a blog post saying that the wireless provider wanted to show its support for “preserving and advancing an open internet.”

Tech Brief: Microsoft Plans to Expand Rural Broadband Using ‘White Space’

Microsoft Corp. President Brad Smith is expected to announce support for TV white-space technology, which the company says is a frugal way to tap into unused television bandwidth and bring broadband access to rural communities. The company will also reportedly work with rural telecommunications companies on at least 12 projects in 12 states over the next two years to bring broadband connectivity to at least 2 million rural Americans by July 2022.

Load More