Consumer Electronics Daily was a Warren News publication.
'Moving Machine'

FCC Advisory Group Urges Agency to Go Slow on National Security Rules

December 14, 2018 by Howard Buskirk|Top News

The FCC Communications Security, Reliability and Interoperability Council approved a recommendation Thursday that new rules aimed at protecting the national security of networks be narrowly tailored to prevent disruptions. Commissioners approved an NPRM in April that would bar use of money in any USF program to buy equipment or services from companies that “pose a national security threat” to U.S. communications networks or the communications supply chain (see 1804170038). Chairman Ajit Pai said Wednesday those security concerns remain a commission focus (see 1812120043).

CSRIC agreed that if the FCC takes further action based on the April NPRM, “the focus should be as narrow as possible to alleviate or prevent any broader impacts across the supply chain.” CSRIC also said the FCC should work with the Department of Homeland Security and the National Institute of Standards and Technology before acting. In comments on the NPRM, CTIA and others said the FCC doesn’t have as much expertise as DHS on national security issues (see 1807050028).

"There's a lot of work currently happening” at DHS and NIST, said Travis Russell of Oracle, chair of the network reliability working group, who presented the recommendations. “We strongly encourage not just following that, but also participating in that" work. The working group also recommended the FCC, other agencies and Congress allow time for various public and the private partnerships, now making assessments on supply chain risk management “to get through those assessments … prior to any regulatory actions,” Russell said.

Russell said the working group has lots of work ahead. Fifth-generation wireless is a “moving machine right now,” he said. “We are still years away from fully defined standards so there's a lot of things that are in motion right now. I think we've just scratched the surface to date and most certainly will have to come back and revisit this continuously.”

CSRIC approved additional recommendations by its Network Reliability and Security Risk Reduction working group building on a report from September on mitigating security risks to 5G networks.

The group dived deeper into emergency alerting security. In September, it approved (see 1806290065) a working group report on the "Re-imagining of Emergency Alerting." CSRIC got an update from Farrokh Khatibi, Qualcomm director-engineering, chairman of the EA working group on recommendations to make alerts more secure.

The working group recommends all messages intended for transmission as emergency alert system messages must have a valid digital signature to guarantee they’re secure, Khatibi said. It’s working through questions, such as should the system allow only messages with a digital signature by the Federal Emergency Management Agency/Integrated Public Alert and Warning System, he said: “This is compared to allowing alternates, like for example from state, territorial, tribal, local” sources. “This is an open issue that needs further discussion,” Khatibi said. “Given our limited time, we couldn't go too detailed, but we captured the framework of what really needs to be done and it requires the next level of diving deep.”

The group is also evaluating the cost-benefits of security for alerts. “Security doesn't come for free,” Khatibi said. “There's always a cost associated with it.” Work continues, he said: “This is not the end, but this is basically creating a framework that we can use for the future.”