FCC Commissioner Simington Calls for Higher Cybersecurity Standards on Devices
Simington advocated mandating ongoing cybersecurity updates on wireless devices already in consumer hands.
David B. McGarry
WASHINGTON, December 15, 2022 – The Federal Communications Commission should require manufacturers to better maintain cybersecurity on their wireless devices, Commissioner Nathan Simington said Thursday, addressing the 40th annual Institute on Telecommunications Policy and Regulation conference.
The FCC in November ended new authorizations for foreign-made devices deemed to pose national security risks, but further regulation of domestically produced devices is necessary, Simington argued. He advocated mandating ongoing, as-needed cybersecurity updates to mitigate risks on wireless devices already in the hands of consumers. Nefarious actors can exploit vulnerable devices to compromise entire networks, a danger that grows as Internet of Things devices proliferate, experts say.
Simington analogized the proposed update regime to recalls of defective physical products, but argued the former poses only minimal compliance burdens on industry and consumers.
To avoid mismanagement by federal regulators, Simington favors a reasonableness standard that relies on industry best practices, he told Broadband Breakfast after the announcement. The commissioner said regulators usually lack the ability to micromanage industry. “We’ve got to be really humble about the extent of the knowledge in the federal government,” he said.
“If a reasonable tech company would have updated under these circumstances, and a tech company chose not to do so simply because of bad design or because of an inadequate threat detection [or] insufficient concern or responsiveness of customers, then we start saying that perhaps they were acting unreasonably,” the commissioner said.
“We’ve got to recognize that a lot of the expertise lies in industry,” he added.
Simington said he hopes the commission will act in the first half of 2023.