The FCC wants us to know it’s not developing cybersecurity rules for 5G in a vacuum. In a Notice of Inquiry, the agency says its new effort on this issue is meant to complement similar efforts already underway.
Indeed, several trade associations and at least one carrier have urged the Commission to eliminate requirements that companies disclose their network security plans in their 5G plans (see story above.) 5G communications technology could be particularly useful in enabling the growing number of high capacity networks necessary for transformative business and consumer services, as well as backhaul, and communications related to the “Internet of Things” (IoT) technology, according to the agency.
“We have an opportunity at this stage to ensure that these new technologies and networks are secure by design. Therefore, while the Commission is moving quickly to make the spectrum needed for 5G available in the near term, it is also seeking to accelerate the dialogue around the critical importance of the early incorporation of cybersecurity protections in 5G networks, services, and devices,” says the FCC in the NOI.
Devices and other network elements may be furnished by the service provider, third parties, and consumers themselves. Who should be responsible for cyber protections for a device, or should responsibility be shared in some recognizable manner across the 5G ecosystem, the Commission asks.
The agency appreciates that 5G is not apt to be a separate network, but rather will be integrated with existing previous generation networks, perhaps indefinitely. The Commission invites comments on questions such as: Do questions about the cyber protections of 5G networks inherently implicate the other networks associated with them? Where should the lines between networks be drawn relative to responsibility for 5G cybersecurity?
The agency gets into the nitty-gritty with queries about authentication, encryption, device security, patch management and protecting 5G networks from Denial-of-Service or Distributed Denial of Service attacks. Public comments to PS Docket No. 16-353 will be due 90 days after Federal Register publication.
December 20, 2016
Reader Interactions