Democratic FCC commissioner Jessica Rosenworcel suggests the FCC is stuck in a bit of "digital age paralysis" when it comes to promoting cybersecurity.
In a speech at the National Institute of Standards and Technology (NIST) Friday (Sept. 27), Rosenworcel said that the FCC could and should do more to insure cybersecurity, including using NIST IoT deivce security recommendations to inform its device certification process, rewarding tech in compliance with those by expediting those authorizations or adopt its own cybersecurity stamp of approval.
"[W]hy not have the FCC use this equipment authorization process to encourage device manufacturers to build security into new products?," she said.
Rosenworcel also said that while the focus on supply chain security is on Chinese companies like Huawei, she thinks efforts must be broader.
"[T]he situation with this company is just a symptom of a larger problem—and all of our activity so far is about treating the symptom, not the disease," she said. "The disease is that there is not a broader market for secure 5G wireless equipment. If we want to make sure that no one company can undermine our national security, it’s time for the United States to develop policies that help spur its creation."
That was also a topic of discussion at a Hill hearing on 5G security Friday in the House Communications Subcommittee, which pointed to the lack of U.S. product to replace foreign suspect tech in networks that need retrofitting to "sanitize" them.
In the process, Rosenworcel urged the FCC to complete its rulemaking on suspect tech and broadband subsidies ASAP. FCC chair Ajit Pai said the FCC is hard at work on the item, which remains a top priority. He has signaled in the past that the holdup was getting input from other agencies about how to define the suspect tech that would be denied broadband stimulus funds.
Rosenworcel also said the FCC could do more to educate the public about its role in making the Internet of Things into the Internet of Secure Things. Given that the FCC already regularly interacts with consumers, organizations and state and local officials, "we need to do more outreach that touches on the basics of cyber hygiene—from downloading software upgrades for devices to assessing connection security when using unlicensed airwaves," she said.