FCC Commissioners Focus on Cybersecurity at PLI
FCC commissioners and panelists at the Practising Law Institute’s Institute on Telecommunications Policy & Regulation Thursday outlined expectations for 2023 involving employment data collection, enforcement and the USF, but many speakers were focused on cyber and national security, such as compromised apps and obsolete devices. “It’s time to turn our attention to the millions of wireless devices in our country that are insecure,” said Commissioner Nathan Simington. “There’s an industry-wide acquiescence to careless practices.”
Simington said the FCC should require manufacturers to continue providing security updates to wireless devices even after they become outdated, to prevent such devices from being exploited. Outdated wireless devices can be compromised and turned into signal jammers or operated as bot nets, threatening critical infrastructure. That danger persists even after the device makers have moved on to a new product, he said. “The law does not allow you to put a dangerous contraption into the world and then wash your hands,” he said. The matter falls under the FCC’s purview because the agency has the authority to regulate RF-emitting devices to prevent them from causing interference, he said. Simington said he wants to discuss the matter with industry. Requiring security patches for older devices isn’t “unrealistic,” he said. The burden of such requirements is “vastly outweighed in potential by the benefit to society,” but there should be limits on how long a company is required to support a product.
Securing outdated devices is part of a holistic approach to security, but it’s not clear if such measures should be taken by the FCC or by Congress, said Commissioner Brendan Carr at the event. A cybersecurity focus on hardware should be accompanied by a focus on insecure software such as Chinese social media app TikTok, Carr said. Cybersecurity should be a bipartisan issue, he said. “The status quo is we have unchecked data flows going back to Beijing,” Carr said. Apple and Google are prioritizing their self-interest over security and safety by continuing to allow apps such as TikTok in their app stores, Carr said.
The FCC should focus on security risks in domestic data centers, said Commissioner Geoffrey Starks. “Network Security is national security,” he said. The FCC needs additional appropriations from Congress to finalize rip and replace efforts, Starks said. Speaking on a panel of FCC bureau chiefs, Enforcement Bureau Chief Loyaan Egal said the bureau is “very focused” on national security and foreign ownership, particularly when entities have engaged in transactions without FCC permission. The proliferation of cybersecurity reporting requirements from federal agencies and foreign entities threatens to become difficult for companies to keep up with, said Chris Anderson, Lumen principal adviser-national security and emergency preparedness, on a different panel. He said the field needs more “harmonization” rather than “atomization.”
Carr said the FCC should focus on continuing to make progress on 5G and opening up additional spectrum. The agency “cannot afford any lapse” in its spectrum auction authority, he said. That was echoed by CTIA Senior Vice President-Regulatory Affairs Scott Bergmann. Congress has never let the FCC’s auction authority lapse and shouldn’t do so now, he said. Bergman and Wi-Fi Alliance Vice President-World Regulatory Affairs Alex Roytblat disagreed whether the FCC should continue segmenting chunks of spectrum for the exclusive use of specific licensees. Roytblat said the practice is a spectrum policy from the last century, but Bergman said exclusive use spectrum allowed the U.S. to be a leader in 5G. “I don’t know how you can look at the spectrum scarcity problem, and look how difficult it is to open up new bands” and not focus on packing in as many uses as possible, said Shiva Goel, an aide to Starks.
Starks said the agency should champion energy efficiency in 2023 as it does spectral efficiency. “Just like we pack more in every hertz” the agency needs to “pack more bits in every joule,” Starks said. The agency should also scrutinize broadcaster consumer data collection through ATSC 3.0, and act on equal employment opportunity data collection, he said. Media Bureau Chief Holly Saurer said the agency has licensed 359 ATSC 3.0 stations in 82 markets, and the bureau is focused on the issue of 3.0 devices not being backward-compatible. The 3.0 devices currently being manufactured are largely high end, and there’s a lack of cheaper devices that would allow for retrofitting older TVs, she said. The Media Bureau is working internally to streamline its station renewal and foreign ownership processes, she said. The Consumer and Governmental Affairs Bureau is focused on broadband maps, accessibility and slamming enforcement, said Chief Alejandro Roark.
Entities looking to lobby the FCC should strive to meet with both bureau staff and commissioner offices, said Saurer. They should also give FCC staff a clear idea of what topics they plan to address so the correct staffers can attend, she said. “Being upfront” with a specific ask is helpful for such meetings, said Wireless Bureau acting Chief Joel Taubenblatt. He said in-person ex parte meetings picked up briefly after the FCC resumed them but have since tapered off in favor of virtual meetings. Companies with business before the Enforcement Bureau should be aware that meeting with them “earlier is typically better than later,” said Egal.