The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee

FCC Proposes Cyber Security Certification Program

Leave a comment




            On April 21, 2010, the Federal Communications Commission ("FCC") issued a Notice of Inquiry  that kicks off  a proceeding seeking comment on a "cyber security" certification program designed to encourage communication service providers (i.e., those entities providing communications services by radio, wire, cable, satellite, or lightguide for a fee to one or more unaffiliated entities) to implement a full range of cyber security best practices.  The FCC is reviewing this potential program, which was recommended under the Commission’s National Broadband Plan, in an effort to counter cyber attacks and protect the communications infrastructure in the U.S.  Among other things, the FCC cites a 2008 Data Breach Investigation Report that found that 87% of cyber breaches could have been avoided if reasonable security controls had been in place.

            The proposed voluntary certification program would involve security assessments of service providers’ networks, to be conducted by the FCC or private sector auditors.  The audit would entail a review of whether the networks comply with "stringent cyber security practices" to be developed by a public-private partnership.   Those providers who successfully complete the audit would receive a special certification and then be able to market their networks as complying with these FCC network security requirements.

            The inquiry is being led by the FCC’s Public Safety and Homeland Security Bureau.  The FCC’s Notice of Inquiry seeks comment on a variety of topics, including:

·        the costs/benefits of the program

·        whether the program will really lead to an increase in security and improved cyber security practices

·        whether the certification program should be open to all communication providers, or only certain types

·        the composition and operating procedures of a certification authority

·        whether the security criteria should be definitive or established on a case-by-case basis.

·        assessment standards

·        form and duration of the security certification, and the renewal process

·        FCC enforcement process, if any, for the program

·        education process regarding cyber security  for consumers, businesses, and government agencies 

Author: ABA Antitrust

Learn more about the ABA Section of Antitrust Law:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s