Rep. Mike Rogers (R-MI), Chairman of the House Intelligence Committee, yesterday issued a red flag against last week's move by Federal Communications Commission Chairman (FCC) Tom Wheeler to broaden the agency's involvement in communications companies' cybersecurity practices. In a letter signed by fellow Republican panel member Mike Pompeo (R-KS), Rogers expressed concern that Wheeler's approach, while relying primarily on the market to manage cybersecurity issues, verges too close to increased regulation.
The letter states that a speech Wheeler gave last week, in which he outlined a "new paradigm" for cybersecurity, as well as statements by Commission staff, "lead us to be concerned that the Commission may be preparing to implement a new regulatory scheme that would significantly impact Internet service providers and other web service providers." In his speech, Wheeler said that if the new paradigm doesn't work, "we must be ready" with "alternatives if it doesn't."
The letter also raised objections to little-noticed cybersecurity-related budget additions in the FCC's FY 2015 budget. "We also question why the FCC's Fiscal 2015 budget requested a substantial funding increase for cybersecurity activities, including funding for 'Big Data Cybersecurity Analytics and a Cybersecurity Metrics' program. While we support efforts to ensure that the Commission's internal systems are secure from cyber-attack, these initiatives appear to be outward, or industry, facing."
The FCC's FY 2015 budget asks for $700,000 for a big data cybersecurity analytics program. In the budget the Commission states that "Big Data Cybersecurity Analytics will be a disruptive technology in the
Cybersecurity arena, as traditional analysis and forensics techniques will be superseded by
automation conveniences that reduce the burden of work on the analyst." The $700,000 is aimed at helping the FCC conduct root cause analysis, such as reverse engineering of malware on computer networks.
The FY 2015 budget also asks for $575,000 for the metrics program referenced in the letter. The budget states that "FCC has initiated planning efforts to collect and analyze monthly metrics related to the cybersecurity threats addressed using data obtained from commercial sources," with the metrics to be provided to the Commission's newly formed Cybersecurity and Communications Reliability Division for analysis and baseline tracking.
Once that's done, the metrics program will be used to create a "Cybersecurity Dashboard" to "help the FCC track the ongoing progress of cybersecurity initiatives."
The appearance of the letter from Rogers and Pompeo indicates some level of concern among certain affected communications providers over Wheeler's new paradigm. Following last week's speech by Wheeler, some telco industry representatives expressed unhappiness over some statements in the speech, presumably those that indicated the FCC would need to see "demonstrably effective" results and metrics under the new paradigm, perceived to be code for quasi-official monitoring and a possible precursor to regulatory action.
However, cable companies seemed warmer to the idea of the new cybersecurity paradigm. Comcast issued a statement supporting Wheeler's new approach. "Comcast will continue working with the Chairman, his fellow Commissioners, and the dedicated staff at the FCC to help achieve these important goals," Myrna Soto, senior VP and chief information and infrastructure security officer, for Comcast Cable, said.