Warner (center) asked Wheeler about cybersecurity for IoT devices. (Rob Kunzig/Morning Consult)

Wheeler Floats FCC Cybersecurity Certification for IoT Devices

Federal Communications Commission Chairman Tom Wheeler has laid out an unexpected roadmap through which the FCC could directly regulate the security of internet-connected devices.

In a letter to Sen. Mark Warner (D-Va.) dated Dec. 2 and released by Warner on Monday, Wheeler proposed an FCC-mandated cybersecurity certification process for “Internet of Things” devices. The proposal would also require consumer cybersecurity labels for IoT devices and associated services.

Wheeler is set to step down as chairman on Jan. 20, but the new framework could be used to support legislation enhancing the FCC’s ability to regulate IoT devices.

Wheeler’s letter responded to a set of questions that Warner sent to the FCC four days after an Oct. 21 cyberattack directed through IoT devices knocked popular websites offline for several hours. He said in Friday’s letter that he shares Warner’s concern “that we cannot rely solely on the market incentives of ISPs to fully address the risk of malevolent cyber activities.”

In addition to public-private partnerships and interagency cooperation, Wheeler said FCC regulations could also play a role.

The letter marks a shift in perspective from the days immediately following the Oct. 21 cyberattack, when an FCC official said there was little appetite at the agency for increased regulations mandating stricter network security protocols for internet service providers.

Wheeler now seems to be moving the regulatory target to the IoT devices themselves. The FCC already imposes a certification process on all devices that emit or receive spectrum to ensure they don’t interfere with radio communications.

“Equipment authorization is a critical element of the FCC’s regulatory structure to maintain the integrity and usability of spectrum,” Wheeler explained in an outline of a proposed regulatory structure that accompanied the letter to Warner.

Berin Szoka, president of the limited-government group TechFreedom, said Wheeler may be looking at the FCC’s existing certification authority “as a hook for regulating the security of the devices.” But Szoka said that would vastly overstep the commission’s regulatory authority.

An FCC official told Morning Consult on Monday that the proposals floated in Wheeler’s letter would likely require an expansion of the agency’s device certification process to include cybersecurity. “It seems to be a very aggressive take on cybersecurity from the perspective of the FCC’s jurisdiction,” the official said.

It’s highly unlikely that Wheeler himself will be able to issue a proposed rule to expand the FCC’s certification authority, mainly because he’s required to step down as chairman when President-elect Donald Trump takes office.

The FCC official noted that the language in the letter was “wishy-washy” and said the proposal to directly regulate IoT devices is simply demarcating the outer limits of the agency’s authority.

Warner — whose Oct. 25 letter focused on steps the FCC could take to regulate the internet service providers that connect to IoT devices — said he was pleased with Wheeler’s answer.

“The commission’s proposal for a device certification process, either by the agency or through industry self-certification, deserves strong consideration,” Warner said in a statement Monday. “Similarly, the FCC’s suggestion of consumer labeling requirements echoes the call by many security experts for metrics that will empower and educate consumers.”

Briefings

Tech Brief: FTC Files Antitrust Lawsuit Against Qualcomm

The Federal Trade Commission sued Qualcomm Inc. — the world’s largest maker of semiconductors for mobile phones — over unfair licensing practices allegedly designed to maintain a monopoly. Qualcomm said it will fight the FTC’s suit, which the company said is based on flawed legal theory and misconceptions about the cellphone industry.

Tech Brief: Intel Report Includes Unsubstantiated Allegations That Russia Has Compromising Info on Trump

Intelligence officials presented classified documents to President Barack Obama and President-elect Donald Trump showing that Russian operatives say they have compromising personal and financial information about Trump. The unverified allegations were presented last week with the intelligence report on Russian cyber operations aimed at disrupting the 2016 U.S. presidential election.

Tech Brief: Conway Rejects Calls for Independent Panel to Probe Russian Hacks

Kellyanne Conway, a top adviser to President-elect Donald Trump, ridiculed a proposal from congressional Democrats that would establish an independent, bipartisan commission to investigate the Russian hacking and disinformation campaign aimed at interfering in the U.S. election. Conway also said Trump might reconsider some of the punitive actions against Russia ordered by President Barack Obama.

Load More