FCC to IoT Device Vendors: Implement Cybersecurity Now or We May Force You To
The agency is advocating cyber accountability to reduce cyber risk in the communications sector.
Jan 30, 2017—
In its recently released white paper "Cybersecurity Risk Reduction," the Federal Communications Commission (FCC) expressed serious concern about the "burgeoning – and insecure IoT market [that] exacerbates cybersecurity investment shortfalls [because] the private sector may not have sufficient incentives to invest in cybersecurity beyond their own corporate interests." Noting that insecure wireless devices have shut down service to millions of users by attacking critical control utilities that are not FCC-regulated, the agency is advocating "cyber accountability"—a combination of market-based incentives and regulatory oversight—to reduce cyber risk in the communications sector.
RF Equipment Suppliers Must Implement Security by Design
The FCC avers that regulatory oversight of this process would likely be required, in part because of the "large and diverse numbers of IoT vendors - who are driven by competition to keep prices low – hinders coordinated efforts to build security by design into the IoT on a voluntary basis." Accordingly, the FCC states that, among other things, changes to its equipment certification rules may be necessary to protect networks from IoT and other RF devices' security risks.
Federal Cybersecurity Regulatory Proceedings
The U.S. Department of Commerce (DoC) is conducting a companion regulatory proceeding that solicits comments on proposed federal government IoT cybersecurity guidelines. IoT privacy issues are also teed up for comment in the DoC proceeding. Comments are due on or before Feb. 27, 2017.
UPDATE, Feb. 6, 2017: The FCC has rescinded the white paper in question, but the comment period for the Notice of Inquiry is still in effect.
IoT attorney Ronald E. Quirk is the head of the Internet of Things & Connected Devices Practice Group at Marashlian & Donahue PLLC, The CommLaw Group, where he focuses his practice on serving the comprehensive needs of the burgeoning and complex Internet of Things industry, including contracts and commercial law, privacy and cybersecurity, spectrum access, equipment authorization, tax, regulatory compliance planning and more. His career has spanned more than 20 years, including several years at AMLAW 100 firms and the FCC. He can be reached at email@example.com or (703) 714-1305. Mr. Quick recently published the "Global Guide to Radiofrequency Equipment Authorization," detailing what you need to know to ensure that your RF devices are compliant with applicable regulations before bringing them to market in the United States and internationally. This guide is available at RFID Journal's online store.
ASK THE EXPERTS
Simply enter a question for our experts.
Sign up for the RFID Journal Newsletter
We will never sell or share your information
|RFID Journal LIVE!||RFID in Health Care||LIVE! LatAm||LIVE! Brasil||LIVE! Europe||RFID Connect||Virtual Events||RFID Journal Awards||Webinars||Presentations|