At NIST, Rosenworcel Says Feds Should Craft More-Detailed Cybersecurity Standards
Devote more attention to standardizing decision-making practices for cybersecurity policy, FCC Commissioner Jessica Rosenworcel said Friday, at the National Institute of Standards and Technology in Gaithersburg, Maryland. Rosenworcel urged the FCC to complete a rulemaking to ensure USF support for broadband deployment in rural areas isn't used to buy insecure network equipment, as she said the day before (see 1909260032). It would be a mistake to focus all cybersecurity concerns on Huawei 5G technology, she said: "The situation with this company is just a symptom of a larger problem -- and all of our activity so far is about treating the symptom, not the disease." The FCC should create policies to stimulate a broader market for 5G technology, she said, so "no one company can undermine our national security." If the FCC devotes more mid-band spectrum to 5G, she said, vendors would follow to expand the market for secure equipment. Rosenworcel warned secure U.S. networks could still connect to insecure networks abroad: "The FCC should start a proceeding to investigate the best practices carriers can employ to mitigate that risk. We need to research how we build secure networks that can withstand connection to equipment vulnerabilities around the world." She said her agency should "explore dedicated network segmentation, cross-layer security standards, the role of encryption, and routing validation." She said the FCC might ask licensees to use the NIST cybersecurity framework. Rosenworcel said cyber vulnerabilities multiply as the industry transitions to the IoT. The commissioner wants the FCC to use recent NIST draft security recommendations for IoT devices for use in updating FCC equipment authorization standards. "We should transform the Internet of Things into the Internet of Secure Things," she said.