According to a speech given by the chairman of the FCC, Tom Wheeler, the U.S. Federal Communications Commission will begin to consider a harsher stance on network providers that refuse to improve their cybersecurity. Regulation is not a first option, as the FCC would rather work with companies to improve cybersecurity, but will be on the table if organizations do not make the suggested changes or fall short in implementation.
"The challenge is that this private sector-led effort must be more dynamic than traditional regulation and more measurably effective than blindly trusting the market or voluntary best practices to defend our country," Chairman Wheeler said during his speech. "We believe there is a new regulatory paradigm where the commission relies on industry and the market first while preserving other options if that approach is unsuccessful."
The FCC's new direction coincides with the ongoing furor over proposed Net Neutrality regulations, which have placed a spotlight on changing technologies and responsibilities of the FCC's mandate. The most significant change being the move from a primarily analog-based communication technology that is highly regulated by the FCC to a more Internet Protocol-based network that is less regulated and in question.
IP networking and the FCC's expanding role
In 2011, the FCC made a series of recommendations covering differing aspects of cybersecurity. These recommendations were designed to support increased security on IP-based networks and included and anti-botnet code of conduct, domain name security, and Internet hijacking measures.
The FCC will now review major national network suppliers to gauge the implementation of the recommendations, as well as study the effectiveness of recommendations which were adopted.
Wheeler stands by the FCC's expanded involvement in the emerging IP-based network ecosystem, "The FCC cannot abdicate its responsibilities simply because the threats to national security and life and safety have begun to arrive via new technologies," he said. "If a call for help doesn't go through, if an emergency alert is hijacked, if our core network infrastructure goes down, are we really going to say, 'Well, that threat came through packet-switched IP-based networks, not circuit-switched telephony, so it's not our job?'"