Jessica Rosenworcel wants members of a key advisory group to help the FCC “sort through some of the toughest security problems facing our country’s communications networks.”
The acting chairwoman recently reconstituted the Communications Security, Reliability and Interoperability Council, seeking to “revitalize” it. And on Wednesday she spoke to the group to lay out her vision for its work.
She opened her remarks by citing a litany of recent notable cybersecurity events: a wireless carrier in the Netherlands whose traffic was susceptible to monitoring; a security breach of Exchange software that left bank, health and government servers vulnerable; the SolarWinds Breach that allowed hackers affiliated with the Russian government to access government and private networks undetected; the theft of data on millions of T-Mobile customers; and the ransomware attack on an Iowa farming co-op this month.
“This needs our attention because enough is enough,” Rosenworcel told the CSRIC members.
She said the FCC is pursuing a multipronged strategy to assure security as the use of 5G expands.
“In this environment, rechartering CSRIC was a no-brainer. This council is one of the nation’s most impactful cybersecurity partnerships. But we didn’t want to do it same-old, same-old. We wanted to make it better.”
She explained that for the first time the group will be co-chaired by the Cybersecurity and Infrastructure Security Agency, which leads a national effort to enhance the safety of the cybersecurity and communications infrastructure. “Earlier this year, CISA co-authored a leading report on potential threat vectors to 5G infrastructure. Their partnership here will help ensure a unity of effort between those responsible for protecting the country and those who own and operate the infrastructure that is so critical to that mission.”
She said the group also will reflect more participation from the public interest community. “The public and consumers also will have a voice on issues that ultimately affect their safety and security along with private sector stakeholders.”
The group is to prioritize 5G.
“That means we have a working group to explore the security and resiliency of Open RAN. We have a working group looking at more broadly leveraging virtualization technology to enhance network security. We have a working group looking at the technical issues involving the security of 5G signaling protocols. And building on CSRIC’s earlier work to remove untrusted hardware from our communications and infrastructure and building on lessons learned from the SolarWinds hack, we have a working group looking at the software side of supply chain security.”
Rosenworcel noted that Hurricane Ida knocked cell sites offline in Louisiana, so she wants the group also to make progress on the resiliency of communications networks. “We’ve got a working group to look at improving 911 — specifically 911 service over Wi-Fi. And we have yet another working group that will be looking at ways to improve Wireless Emergency Alerts.”
She called this “a to-do list of security challenges that we already know about,” and she asked the members of the group to be “on the lookout for threats that are just around the bend.”
Sectors represented on the group include local emergency officials, transportation, wireless and broadband companies, consumer electronics manufacturers, chip makers, public broadcasting and government agencies.