FCC Seeks Input as It Embarks on Crafting Cybersecurity Plan

WASHINGTON, August 12, 2010 – The Federal Communications Commission is seeking public comment on a cybersecurity roadmap to identify vulnerabilities to communications networks and end users as it endeavors to help craft a national plan to protect the nation.

The agency recommended creating a Cybersecurity Roadmap in its National Broadband Plan released in March.

The agency has a big job ahead of it. The Government Accountability Office this month publicized a report saying the federal agencies have not provided top-level leadership on cybersecurity issues and criticized the nation’s leaders for lack of a cohesive, national plan.

The FCC’s National Broadband Plan recommended that the FCC coordinate with the executive branch to create a plan to address cyber security. The initiative is supposed to identify the five “most critical” cyber security threats to the communications infrastructure and to establish a two-year plan for the FCC to address those threats.

“Cybersecurity is a vital topic for the commission because end user lack of trust in online experiences will quell demand for broadband services, and unchecked vulnerabilities in the communications infrastructure could threaten life, safety and privacy,” said the FCC in its request for public comment.

Cybersecurity expert Brian Krebs, author of the KrebsonSecurity blog, sees ISPs as having a unique position to clean up the experience of the average internet user when it comes to e-mail viruses and other cyber security issues.

“Although some ISPs are taking actions to improve the user experience when it comes to cyber security there’s really no incentive for them to do that and so many of them don’t,” he said.

He believes that if the ISPs were required to report information like bot infections and spam incidents in aggregate to the FCC “a lot of this problem would take care of itself.”

“It’s good that the FCC is focused on rolling out faster and better and more connections to the world, but the reality is that they’ve got no way to measure at all how big the cyber security problem is and how best to handle it,” said Krebs.