WASHINGTON, November 2, 2023 – How states implement cybersecurity rules in the $42.5 billion Broadband Equity, Access and Deployment program could shape internet security regulations more widely, experts said during a virtual panel Wednesday.

The BEAD program, which will provide federal grants to states to disperse for broadband projects, requires providers to submit comprehensive cybersecurity plans based on standards from the National Institute of Standards and Technology. Panelists said flexibility in the plans allows customization but also establishes baseline expectations as critical infrastructure relies more on connected technology.

“I think the way that states and entities interpret these BEAD cybersecurity and supply chain requirements is really going to have a ripple effect across the whole community,” said Savannah Schaefer, an attorney of Wilkinson Barker Knauer, who advises clients on cybersecurity.

Federal Communications Commission rules are beginning to include similar mandates, meaning how states implement BEAD’s requirements could influence cybersecurity regulations more broadly, Schaefer said.

Melissa Newman, vice president of government Affairs at the Telecommunications Industry Association, said BEAD’s cybersecurity stipulations cite lengthy federal guidance documents providers must wade through. Her trade group developed a checklist to help companies understand the rules.

“You cannot be confident in the security of your networks and products without consideration of both cyber and supply chain security,” said Newman, TIA’s vice president of government affairs.

Supply chain management, knowing who provides equipment and software, is critical because cybersecurity threats can be embedded throughout a product’s lifecycle, she said.

Evan Rice, senior vice president of Guide Star, a division of CCI Systems, said providers should start by documenting current cyber practices, identifying gaps and making plans to address them. Cybersecurity must be incorporated holistically, from network construction to long-term operation, he said.

“Everyone understands that piece. The cybersecurity is the same. Once you build it, you have to operate it,” said Rice. Schaefer encouraged viewing BEAD as part of an ongoing process of shaping cybersecurity requirements.

Our Broadband Breakfast Live Online events take place on Wednesday at 12 Noon ET. Watch the event on Broadband Breakfast, or REGISTER HERE to join the conversation.

Wednesday, November 1, 2023 – Cybersecurity and BEAD

To qualify for funding under the Broadband Equity, Access and Deployment program, network operators must submit a comprehensive cybersecurity strategy in line with the National Institute of Standards and Technology’s cybersecurity framework. What impacts do these requirements have on broadband deployers, and what steps can they take to ensure compliance? How can operators strike the right balance between expanding their networks and safeguarding them against cyber threats?

Panelists

• Evan Rice, Senior Vice President, Guide Star
• Savannah Schaefer, Wilkinson Barker Knauer LLP
• Melissa Newman, Vice President of Government Affairs, Telecommunications Industry Association
• Drew Clark (moderator), Editor and Publisher, Broadband Breakfast

As with all Broadband Breakfast Live Online events, the FREE webcasts will take place at 12 Noon ET on Wednesday.

SUBSCRIBE to the Broadband Breakfast YouTube channel. That way, you will be notified when events go live. Watch on YouTube, Twitter and Facebook.

See a complete list of upcoming and past Broadband Breakfast Live Online events.

WASHINGTON, October 26, 2023 – The Joe Biden administration is asking Congress to fill the $3 billion gap in the Federal Communications Commission’s rip and replace program, among other domestic needs.

The ask came Wednesday as part of a $55.9 billion request for domestic aid, including disaster relief and child care subsidies. Also in the White House’s request was $6 billion to continue the Affordable Connectivity Program, the monthly internet subsidy that’s set to dry up in April 2024 without additional funding.

In 2020, Congress required broadband providers to replace equipment from some Chinese companies, including Huawei and ZTE, citing concerns that it could be used for espionage. The effort was funded with $1.9 billion to reimburse companies for the cost of switching out gear.

But in July 2022 the FCC, which oversees the program, said broadband providers would need $4.98 billion to get the work done. There have since been repeated calls from lawmakers and industry to shore up the fund. Bills have been introduced in both the House and Senate to fill the $3 billion gap, but they have yet to be passed.

The deadline for approved companies to request reimbursement for rip and replace work passed on July 15. By default, companies have one year from the approval of that request to remove the Chinese equipment, but the commission has been granting deadline extensions as providers complain of funding troubles.

House Republicans managed to elect a speaker on the same day as the funding request, ending weeks of deadlock.

WASHINGTON, May 25, 2023 – A Cisco executive urged Congress at a Semafor event Thursday to provide more incentives for companies to ensure their cybersecurity posture is up to date. 

While Jeetu Patel, general manager of security at the information technology giant, didn’t specify what types of incentives can be used, he said the incentives must push private infrastructure to have high security standards. 

Both private and public sectors have a part to play in improving the nation’s security, he noted, adding private companies must build products that are secure by design. 

There is “tremendous” need for cross-nation coordination around cyberattacks, said Patel. He urged lawmakers to democratize cybersecurity by simplifying the process, adding the nation must be united to gain traction against attackers.

The cybersecurity industry has not made conversations simple to follow or technology easy to use, he said. Simplifying cybersecurity is the only way we can democratize it and when it’s democratized, it can be made universal, said Patel. 

He warned that the country cannot let the financial constraints of a few companies put the whole system at risk. Regardless of how affluent a country is, the weakest link controls the strength of the chain, he said. 

Artificial Intelligence will change cybersecurity fundamentally, he noted. It is important to remember that AI tools are also available to attackers. Currently, the majority of attacks stem from fraudulent emails which AI can make more personalized and difficult to discern from real communication, he said.  

Cybersecurity defenses must evolve

We need to develop an idea of civic responsibility for tech innovators and students in STEM fields, added Suzanne Spaulding, senior advisor of Homeland Security at the Center for Strategic and International Studies. Civic responsibility is the antidote to disinformation and is the change central to democracy, she continued.  

Spaulding warned companies against relying on existing cybersecurity measures. Resilience is about having layers of plans and assuming they all will fail, she said.  

This comes at a time of Congressional focus on cybersecurity. In March, two bills were introduced by Senators Jacky Rosen, D-Nev., and Marsha Blackburn, R-Tenn., to establish pilot programs in the Department of Defense and Homeland Security that would hire civilian cybersecurity personnel in reserve. 

In 2021, President Joe Biden signed an executive order on improving American cybersecurity capabilities following the Colonial Pipeline ransomware attack and SolarWinds breach in 2020.