As the White House rolled out its cybersecurity framework last week, the Federal
Communications Commission launched its own inititative, initially targeted at
small businesses. FCC chairman Julius Genachowski responded via e-mail to some
questions from Multichannel News Washington bureau chief John Eggerton about the
agency’s role in enforcing broadband security. An edited transcript follows.
MCN: The National Broadband Plan called
for a cybersecurity road map within 180 days,
expanded reporting requirements, a voluntary
certification program, and
working with the Department
of Homeland Security
on a cybersecurity-information
reporting system. What
is the status of those?
Julius Genachowski: We
are working with our partners
across government, as
the plan called for, on cybersecurity
issues. We have taken
steps where appropriate.
MCN: What should the
cybersecurity takeaway advice be for ISPs like
Comcast or Cox, or small cable operators who
are both small businesses and ISPs?
JG: As larger ISPs may better protect themselves,
small businesses, including small
cable operators, are often becoming the low
hanging fruit for cyber criminals. The big
take-away advice from today
is that educating business
owners on simple steps to
protect themselves can go a
long way to helping them secure
their businesses. … The
10 tips we’ve put together is a
great place to start. So is the
new FCC web page devoted to
cybersecurity for small businesses.
MCN: So, this would seem to
argue for an FCC interpretation
of reasonable network management
under the network-neutrality rules that leaves
plenty of room for dealing with malware,
viruses and cyber-attacks?
JG: The Open Internet Order says, ‘Broadband
providers may implement reasonable practices
to ensure network security and integrity,
including by addressing traffic that is harmful
to the network.’ [A] footnote [in the order] cites
‘spam, botnets, distributed denial of service
attacks, worms, malware, and viruses that exploit
end-user system vulnerabilities as threats
[or] harmful traffic that can be blocked].’
MCN: Can and will the FCC make security
breach notifications or advice on personal
cybersecurity part of its transparency requirement
for network-neutrality rule enforcement?
JG: At this point it is undetermined, but in
general, a resilient, reliable and secure communications
infrastructure is vital to safe
online transactions, and the FCC is working
hard to make sure the public communication
networks are hardened and robust.