Connect with us

Cybersecurity

FCC Halts Authorization of Equipment That Threatens National Security

The FCC’s order prevents future authorizations of equipment on the commission’s “Covered List” of national security threats.

Published

on

Photo of FCC Commissioner Brendan Carr

WASHINGTON, November 28, 2022 – The Federal Communications Commission published Friday a modification of certification rules that will bar from United States markets technologies that are considered threats to national security.

The commission’s action seeks to prevent Chinese tech companies deemed to be national security threats – such as Huawei and ZTE – from gathering data on and surveilling American citizens. The Chinese Communist government can force, under law, private companies to hand over data from their products, thus putting Americans at risk, experts and government officials have said.

Friday’s action bars the commission from issuing further authorizations for covered technologies, without which those technologies may not be imported to or marketed in the United States. The action also closes loopholes that would allow certain products to skirt the authorization process.

“That does not make any sense,” said FCC Chairwoman Jessica Rosenworcel in a statement. “After all, there is little benefit in having these lists and these bans in place just to leave open other opportunities for this equipment to be present in our networks. So today we are taking action to align our equipment authorization procedures with the rest of our national security policies.”

The FCC already publishes a list of entities and products, on the advice of Public Safety and Homeland Security,  that pose national security risks. The commission has long shown skepticism toward such risky technologies, notably disallowing the use of universal service funds to buy certain products in 2019.

The rule covers many types of equipment, including base stations, phones, cameras, and Wi-Fi routers.

With this decision, the FCC has fulfilled a congressional mandate to enact a moratorium on equipment on the covered list within 12 months. The statute followed a notice of proposed rulemaking it issued last year.

Congress in 2017 forbade the Department of Defense from using telecommunications equipment or services from Huawei or ZTE. Building on that effort, Congress the next year expanded prohibitions on federal use of technology from those companies and three others. In 2019, in response to concerns over the integrity of communications networks and supply chains, the White House declared a national emergency.

In March 2020, then-President Donald Trump signed into law the Secure Networks Act, requiring the FCC to prohibit the use of moneys it administers for the acquisition of designated communications equipment. The act promoted the removal of existing compromised equipment through a reimbursement program – called Rip and Replace – and further directed the commission to create and maintain the covered list.

FCC Commissioner Brendan Carr, outspoken on national security issues, celebrated Friday’s decision, but called for further action.

“We must also vigilantly monitor compliance with the rules we’ve established today, including by ensuring that entities do not make an end run around our decision by ‘white labeling’ covered gear – a process that involves putting a benign or front group’s name on equipment that would otherwise be subject to our prohibitions,” Carr said in a statement.

Rosenworcel said in her statement that the order covers “re-branded or ‘white label’ equipment that is developed for the marketplace. In other words, this approach is comprehensive.”

Carr also once again called for federal action against TikTok, the Chinese built social media app. The video-sharing app gathers extensive data on users, and despite protestations to the contrary, the platform routinely feeds Americans’ information to the Chinese government, reports say.

“Secure networks mean little if insecure applications are allowed to run, sweep up much of the same sensitive data, and send it back to Beijing,” Carr said.

Cybersecurity

CES 2023: Consumers Need to Understand Personal Cybersecurity, Says White House Cyber Official

Consumers must better understand how to weigh risks and protect themselves in the digital world, said Camille Stewart Gloster.

Published

on

Photo of John Mitchell, Tobin Richardson, Amit Elazari, and Camille Stewart Gloster (left to right)

LAS VEGAS, January 7, 2023 – In addition to building a more robust cybersecurity workforce, policymakers should consider consumer education, said Camille Stewart Gloster, deputy national cyber director for technology and ecosystem for the White House, speaking Saturday at the Consumer Electronics Show.

CES 2023 has featured numerous discussions of cybersecurity in sectors ranging from transportation to Internet of Things home devices. On Thursday, an official from the Department of Homeland Security argued that manufactures should design and pre-configure devices to be secure, thus reducing the security burden on consumers.

For their own protection, consumers must better understand how to weigh risks and protect themselves in the digital world, Stewart Gloster said Saturday. “The sooner that people understand that their physical security and digital security are inextricably linked the better,” she argued. According to the panel’s moderator, Consumer Technology Association senior manager for government affairs John Mitchell, 82 percent of data breaches in 2021 involved “the human element, stolen credentials, phishing, misuse.”

Stewart Gloster’s team is working on a national cyber-workforce and education strategy, she said, which will address the federal cyber workforce, the national cyber workforce, cyber education, and “digital safety awareness.”

Stewart Gloster said workforce initiatives should promote the participation of “people of a diverse set of backgrounds who are highly skilled and multidisciplinary who can take a look at the problem space, who can apply their lived experiences, apply the things they’ve observed, apply their academic backgrounds to a challenging and ever evolving landscape.”

Continue Reading

Cybersecurity

CES 2023: Cybersecurity for IoT Devices Should be Market-Driven

NIST’s cybersecurity guidelines for IoT prescribe desired outcomes, rather than specific and ‘brittle’ standards.

Published

on

Michael Bergman (left) and Katerina Megas

LAS VEGAS, January 6, 2023 – Cybersecurity protocols for Internet of Things devices should be industry-driven, Katerina Megas, program manager of the Cybersecurity for Internet of Things Program at the National Institute of Standards and Technology, said Friday at the Consumer Electronics Show 2023.

The popularization of IoT devices gives cyber-criminals increasing opportunities to breach networks, many say. Network-connected household devices – e.g., lightbulbs and home security devices – can be entry-points if security protocols are lacking. On CES panel on Thursday, a cybersecurity official at the Department of Homeland Security argued that manufacturers should design and preset devices to be safe, shifting much of the burden from the consumer.

“For a long-term, sustainable solution, the best approach really is for demand to be market driven,” she said, adding that NIST is “happy” to support the market when called on. To preserve flexibility, NIST’s cybersecurity guidelines for IoT manufacturers in general prescribed desired outcomes, rather than specific and “brittle” standards, Megas said.

“How you achieve those [outcomes] will vary depending on the maturity of your organization, the architecture of your product, perhaps preferences that you might have for you own internal processes,” she explained.

Megas said manufacturers, who well know their devices’ technical capabilities, often lack an understanding of how consumers actually use their devices. Megas said she has examined how to “help a manufacturer who has no insights into the final contextual use of this product, how can we help them…understand, ‘Here are the risks associated with my device.’”

At an American Enterprise Institute panel held in November, Megas endorsed an “ecosystem approach” to cybersecurity, arguing that network security is also indispensable.

Continue Reading

Cybersecurity

CES 2023: Railroad Industry Needs Cybersecurity Update

Shawn Smith advocated heavily tailored, industry-specific approaches that can address to the unique needs of the rail industry.

Published

on

Photo of Shawn Smith, vice president of business development of Cylus

LAS VEGAS, January 5, 2023 – To keep pace with today’s technological innovations and cyberthreats, the railway industry must retool its cybersecurity defenses, said Shawn Smith, vice president of business development of rail cybersecurity company Cylus.

The railway industry is working to patch old vulnerabilities as well as the new ones that have been create by developing technologies, Smith told Broadband Breakfast at the Consumer Electronics Show on Thursday. The need for enhanced cybersecurity has been a recurring theme at the conference, as have the implications of the ever increasing number of devices and technologies now relying on connectivity.

“We’re really fast-tracking an operator’s ability to keep pace with the change in the digital environment that they’re operating in (and) the interconnectivity that they’re seeing,” Smith said, adding that his team works to provide “visibility, threat detection, and response capability to keep pace with the change in their organizations.”

Smith said that many of the large rail players have developed responses for some cybersecurity risks, but lack the automation and planning tools necessary to maximize their effectiveness. He advocated heavily tailored, industry-specific approaches that can address to the unique needs of the industry.

Governments and industry players worldwide have of late been on high alert for cyberthreats, particularly since Russia invaded Ukraine in February 2022. Railways, like other infrastructure, are potential targets for nefarious actors, Smith said.

Continue Reading

Signup for Broadband Breakfast

Twice-weekly Breakfast Media news alerts
* = required field

Broadband Breakfast Research Partner

Trending