The National Broadband Plan released by the Federal Communications Commission this week contains several recommendations that are designed to boost the preparedness of communications networks to deal with cyberthreats.
The plan gives the FCC a greatly enhanced role in developing and promoting cybersecurity measures and calls for closer cooperation between the FCC and the U.S. Department of Homeland Security on security matters.
The 360-page broadband plan is a blueprint for modernizing the country's aging communications networks and for delivering broadband services to a majority of U.S. homes over the next decade. It contains six, long-term policy goals and other recommendations for ensuring the availability of affordable 100Mbit/sec. service to 100 million U.S. homes, and 1Gbi/sec. service to institutions such as hospitals and schools, by 2020.
While a vast majority of the recommendations deal with building out the communications infrastructure, several touch on cybersecurity and the survivability of communications networks in the event of a cyber attack.
One key recommendation calls on the FCC to develop a cybersecurity "roadmap" in collaboration with the executive branch. The recommendation gives the FCC 180 days to identify the top five cyberthreats facing the communication infrastructure and to come up with a two-year plan for addressing those threats.
The plan also requires the FCC to enhance its network outage reporting requirements for broadband service providers. The "timely and disciplined" reporting of network outages will help the FCC better understand the causes of cyberattacks and find more effective responses to them.
One recommendation calls for the FCC and the DHS to collaborate on a cybersecurity information reporting system (CRIS). Currently, the FCC, others government agencies and Internet service providers lack the "situational awareness" needed to identify and respond in a coordinated fashion to large scale cyberattacks, the plan noted. Going forward, the FCC and the DHS need to develop an IP network CRIS that would quickly disseminate information to providers about unfolding cyberattacks. The CRIS should be a real-time, voluntary threat-monitoring system, with the FCC acting as a "trusted facilitator" to ensure reciprocal information-sharing among participants in the system, the plan states.
The FCC and the National Communications System will also work on creating priority network access and routing capabilities for broadband users in law enforcement and public safety roles. The goal is to ensure that critical "time-sensitive, safety-of-life information" does not get lost or delayed because of network congestion issues.
The plan also directs the FCC to explore network resilience and preparedness to deal with simultaneous failure or damage to major network components and facilities. As part of the effort, the agency will examine the ability of commercial networks to withstand major traffic overloads that might result from a bioterrorism attack or a pandemic .
The recommendations reflect concern over the perceived susceptibility of U.S. critical infrastructure targets to major cyberattacks. The broadband document refers specifically to the recent attacks on Google and several oil companies as examples of the sort of threats facing the U.S. government and industry. Private sector networks in the U.S. "have been a major target for attacks," the document noted.
"Despite the significant resources that the private sector devotes to cybersecurity, there have been a number of successful attacks on its networks," the document stated while calling for sufficient defenses to protect networks against them.
Read more about network security in Computerworld's Network Security Knowledge Center.
This story, "Broadband plan gives FCC wider cybersecurity role" was originally published by Computerworld.