March 19, 2013
Large Telecommunications Companies, Internet Providers Oppose Strict Security Measures
U.S. telecom representatives managed to talk an FCC advisory panel — the Communications, Security, Reliability, and Interoperability Council (CSRIC) — out of pursuing the rigorous measures meant to increase defenses against the ever-increasing threat of cyber attacks.
According to the The Wall Street Journal, which viewed the CSRIC’s original report, the document recommended a list of stringent security suggestions for major telecommunications and cable companies such as controlling which employees have administrative privileges on company networks.
But the communications industry representatives on the panel stood against the suggested measures making a consensus among the members impossible. The result, the WSJ reports, is that a much-diluted list of security recommendations will be submitted to the FCC.
“The user community within Working Group 11 would prefer for the FCC to encourage industry to use the 20 Controls,” the panel’s recommendation to the FCC reads.
“However … the communications sector participants believe that some unique aspects of managing diverse multi-tenant communications networks will require additional evaluation in order to determine the extent to which the 20 Control protect network infrastructure directly; as well as, to determine the applicability of the 20 Controls to communications sector.”
According to the final report, which can be viewed here, the FCC should push for further review of cyber-security practices to better determine those that should be applied to the U.S. telecom industry and those that should not.
Cyber-security reform remains a key issue for the Obama administration in the wake of persistent cyber attacks against American companies and defense contractors. Many of these hacking incidents are thought to originate from China.
U.S. President Barack Obama signed an executive order Feb. 12 to increase information sharing between the government and private companies and organizations. Dubbed Improving Critical Infrastructure Cyber-Security, the executive order addresses protocol during cyber-threat situations as well as a number of privacy concerns.
Under the executive order, the Secretary and the Attorney General must identify infrastructure at the greatest risk of cyber-attacks. The government will then work with the identified organizations to diminish cyber-attack risks.