FCC White Paper on Cybersecurity Risk Reduction

The White Paper describes the risk reduction portfolio of the current Federal Communications Comission and suggests actions to affirmatively reduce cyberrisk in a manner that incents competition, protects consumers, and reduces significant national security risks.

Looking forward, the continued convergence of packet-based communication technology in wireless, wireline, cable, broadcast and satellite coupled with network functional virtualization and software defined radios will lead to hybrid (co-mingled) control elements for many service providers. These interdependencies will be inviting targets for threat actors from nation-states, to criminals, to hacktivists wishing to exploit or disrupt critical infrastructure. The holistic nature of the interdependent services and exposed attack surface suggest that an “all hands on deck” approach for residual risk, utilizing the full range of government expertise and authorities working with commercial providers, is appropriate. This document presents a strategy to promote an acceptable balance between corporate and consumer interests in cyber risk management when elements of market failure are at work. It acknowledges that the Commission’s preference is to work collaboratively with industry using private/public partnerships. However, if market forces do not result in a tolerable risk outcome, the Commission has tools available to make adjustments to restore the balance.