The FCC's other relevant work in this area involved the Network Reliability and Interoperability Council (and included Y2K work)

• FCC CHAIRMAN JULIUS GENACHOWSKI PREPARED REMARKS ON CYBERSECURITY, BIPARTISAN POLICY CENTER, WASHINGTON, DC.  OCHJG TXT 
  
  
• FCC LAUNCHES SMALL BIZ CYBER PLANNER, A NEW EASY-TO-USE ONLINE RESOURCE TO EMPOWER SMALL BUSINESSES WITH CYBERSECURITY PLANS.  News Release. News Media Contact: Neil Grace  OCHJG TXT
• FACT SHEET: FCC CHAIRMAN GENACHOWSKI ANNOUNCES SMALL BIZ CYBER PLANNER - A NEW ONLINE RESOURCE TO EMPOWER SMALL BUSINESSES WITH CYBERSECURITY PLANS.  News Release  OCHJG TXT
• FCC CHAIRMAN GENACHOWSKI ANNOUNCES SMALL BIZ CYBER PLANNER - A NEW ONLINE RESOURCE TO EMPOWER SMALL BUSINESSES WITH CYBERSECURITY PLANS. FACT SHEET  OCHJG

Broadband Plan Recommendations

• Recommendation 4.18 FCC consumer online security efforts should support broader national online security policy, and should be coordinated with the Department of Homeland Security (DHS), the FTC , the White House Cyber Office and other agencies. Federal agencies should connect their existing websites to OnGuard Online to provide clear consumer online security information and direction.

Proceedings

"By this Public Notice , the Federal Communications Commission 's (FCC or Commission) Public Safety and Homeland Security Bureau (PSHSB) seeks public comment on the creation of a Cybersecurity Roadmap to identify vulnerabilities to communications networks or end-users and to develop countermeasures and solutions in preparation for, and response to, cyber threats and attacks in coordination with federal partners. The FCC's Cybersecurity Roadmap was recommended as an initial step forward in the area of cybersecurity as part of the Commission's National Broadband Plan (NBP). Specifically, the NBP recommended that the FCC issue, in coordination with the Executive Branch , a plan to address cybersecurity . The NBP further stated that the roadmap should identify the five most critical cybersecurity threats to the communications infrastructure and its end users and establish a two-year plan, including milestones, for the FCC to address these threats. In making this recommendation, the NBP stated that "[t]he country needs a clear strategy for securing the vital communications networks upon which critical infrastructure and public safety communications rely."

"The Cybersecurity Roadmap will establish a plan for the FCC to address vulnerabilities to core Internet protocols and technologies and threats to end-users, including consumers, business enterprises, including small businesses, public safety and all levels of government. Cybersecurity is a vital topic for the Commission because end-user lack of trust in online experiences will quell demand for broadband services, and unchecked vulnerabilities in the communications infrastructure could threaten life, safety and privacy . The NBP originally called for completion of the Cybersecurity Roadmap within 180 days (e.g., September 13, 2010). In order to ensure a complete and robust record in response to this Public Notice, we anticipate completion of the Cybersecurity Roadmap by November 2010.

"We welcome public input on these matters and the overall roadmap from interested parties. For example, commenters could offer responses to: What are the most vital cybersecurity vulnerabilities for communications networks or users? How can these vulnerabilities be addressed? What role should the Commission play in addressing them? What steps should the Commission take, if any, to remediate them? If the FCC does not play a role in addressing these vulnerabilities and problems, what agency or entity would fulfill that role? How should the Commission coordinate its efforts with other agencies of government?

. . . . .

8/9/10 FCC Seeks Public Comment on National Broadband Plan Recommendation to Create a Cybersecurity Roadmap.
Public Notice: Word | Acrobat

PS Docket No. 10-146

GN Docket No. 09-51

Comments Due: September 23, 2010

Press Release: "The Federal Communications Commission (FCC) today adopted a Notice of Inquiry (NOI) that seeks public comment on the proposed creation of a new voluntary cyber security certification program that would encourage communications service providers to implement a full range of cyber security best practices. This National broadband Plan recommendation serves as a first step to implementing a comprehensive roadmap to help counter cyber attacks and better protect America's communications infrastructure.

"Enhancing the cyber security of the nation's infrastructure is critical to the proper functioning of communications networks serving America's financial institutions, national energy grid, medical institutions, educational system, and public safety. Yet, broadband communications networks are susceptible to malicious attack. Despite the increasing threat of cyber attacks, many communications end-users do not consider cyber security a priority. In 2008, a Data Breach Investigations report concluded that 87-percent of cyber breaches could have been avoided if reasonable security controls had been in place.

The goals of a voluntary cyber security certification program would be to:

• Increase the security of the nation's communications infrastructure;
• Promote a culture of more vigilant cyber security among participants in the market for communications services; and
• Offer consumers (or end-users) more complete information about their communication providers' cyber security practices and ability to better protect their personal computer hardware and online activity from cyber attacks.

The NOI seeks comment on a voluntary certification program under which private sector auditors or the FCC would conduct security assessments of participating communications service providers' networks, including their compliance with stringent cyber security practices developed by a broad-based public-private partnership. Providers whose networks successfully completed this assessment would then be able to market their networks as complying with these FCC network security requirements.

Further, the NOI includes the following questions regarding the proposal:

• The benefits and costs of such a program.
• Whether such a program will create a significant incentive for providers to increase the security of their systems and improve their cyber security practices.
• Whether public knowledge of providers' cyber security practices would contribute to broader implementation by industry.
• Whether the scope of the certification program should be open to all communications service providers or should be limited to certain types of providers. If the latter, how should this be limited?
• What the overall framework should be for the certification criteria.
• The composition of a certification authority and whether it should be open to all segments of the potentially affected industries.
• The operating procedures of a certification authority.
• Who should be responsible for establishing the requirements that auditors must meet to be accredited to conduct cyber security assessments under the proposed program?
• What should be the appropriate certification criteria, accreditation procedures, and requirements to maintain certification once obtained?
• Whether the network security criteria should be definitive and objectively measurable or established on a case-by-case basis.
• The development and application of assessment standards.
• The form and duration of the security certificate, the renewal process, and permissible uses by providers of the security certificate.
• How appeals of certification issues should be handled.
• Whether any Commission enforcement process should be implemented for this program.

The NOI seeks comment on other actions, including voluntary incentives the Commission can take to improve cyber security and asks about actions the Commission can take to better educate consumers, businesses and government agencies about cyber security.

Action by the Commission, April 21, 2010, by Notice of Inquiry (FCC 10-63). Chairman Genachowski, and Commissioners Copps, McDowell, Clyburn and Baker. Separate Statements issued by Chairman Genachowski, and Commissioners Copps, McDowell, Clyburn and Baker. PS Docket No. 10-93. Public Safety and Homeland Security Bureau (PSHSB) contact is Jeff Goldthorp, Chief of the Communications Systems Analysis Division, at (202) 418-1096.

4/21/10 FCC Launches Inquiry on Proposed Cyber Security Certification Program for Communications Service Providers. News Release : NOI

News Release: "The Federal Communications Commission (FCC) today launched an inquiry on the ability of existing broadband networks to withstand significant damage or severe overloads as a result of natural disasters, terrorist attacks, pandemics or other major public emergencies, as recommended in the National Broadband Plan.

As Americans increasingly rely on broadband services for so many aspects of their lives, including public safety and national security, it is critical for the FCC to gain a better understanding of the survivability of existing networks and explore potential measures to reduce network vulnerability to failures in network equipment or severe overload conditions in emergencies.

Although core broadband networks are generally presumed to be quite resilient, there may be weaknesses closer to the network edge. Accordingly, today's Notice of Inquiry (NOI) seeks comment, analysis and information on the present state of the resiliency and redundancy of broadband networks to withstand physical damage and severe network overload. This is a vitally important first step in ensuring that the FCC can take all necessary actions to ensure ongoing broadband communications in times of disaster or crisis.

The NOI includes the following questions related to the resiliency of broadband networks:

• What are the major single points of failure in broadband architectures?
• What measures do communications providers already take to minimize the potential for single points of failure?
• What provisions are made by communications providers to ensure the survivability of cell sites relied on by first responders?
• What are the most effective and widely deployed physical security best practices?
• Should traffic to and from critical emergency response agencies and for critical services be prioritized on the networks during emergencies?
• What steps have been taken to ensure redundancy and diversity of physical network links to hardware?
• Is the capacity of residential access networks sufficient to handle sudden surges or overloads in traffic during, for example, a pandemic emergency?
• What network management practices are in place to handle overloads during emergencies?

The FCC looks forward to reviewing the record and exploring how best to further improve and secure America's broadband infrastructure into the future. The deadline for comments on the issues presented by the NOI will be 45 days and reply comments 75 days after publication in the Federal Register.

Action by the Commission, April 21, 2010, by Notice of Inquiry (FCC 10-62). Chairman Genachowski, and Commissioners Copps, McDowell, Clyburn and Baker. Separate Statements issued by Chairman Genachowski, and Commissioners Copps, McDowell, Clyburn and Baker. PS Docket No. 10-92.

Public Safety and Homeland Security Bureau (PSHSB) contact is Jeff Goldthorp, Chief of the Communications Systems Analysis Division, at (202) 418-1096.

4/21/10 FCC Commences Inquiry on Survivability of America's Broadband Infrastructure. News Release: NOI:

Other Activities

REORGANIZATION OF THE PUBLIC SAFETY AND HOMELAND SECURITY BUREAU.   To promote a more effective organizational structure and to enhance the agency's capablities to address critical communications issues for the nation's first responders. Action by:  the Commission. Adopted:  02/07/2011 by ORDER. (FCC No. 11-18).  OMD TXT: To promote a more effective organizational structure and to enhance the agency's capabilities to address critical communications issues for the nation's first responders, the Commission has concluded that the proper dispatch of its business and the public interest will be served by reorganizing the Public Safety and Homeland Security Bureau (Bureau or PSHSB). This reorganization will convert the Emergency Response and Interoperability Center (ERIC) into a division-level office within the Bureau and will rename the Bureau's current Policy Division, Communications Systems Analysis Division, and Public Communications Outreach and Operations Division to, respectively, the Policy and Licensing Division, the Cybersecurity and Communications Reliability Division, and the Operations and Emergency Management Division.

News

• FCC TO HOLD WORKSHOP ON CYBERSECURITY ROADMAP, FCC 10/21/2010
• FTC Files Comments on FCC's Proposed Cyber Security Certification Program, FTC 10/12/2010
• USTelecom Comments on FCC Cybersecurity Roadmap, USTelecom 9/24/2010