David Simpson

5G will be a physical overhaul of our essential networks that will have decades-long impact. Because 5G is the conversion to a mostly all-software network, future upgrades will be software updates much like the current upgrades to your smartphone. Because of the cyber vulnerabilities of software, the tougher part of the real 5G “race” is to retool how we secure the most important network of the 21st century and the ecosystem of devices and applications that sprout from that network.

[Commentary] President Donald Trump has promised aggressive cybersecurity policy. In a dangerous departure from the president, the Republican chairman of the Federal Communications Commission has taken actions to eliminate its role in addressing cybersecurity.

Chairman Ajit Pai stopped an order addressing known flaws exploited by low-end attackers to “hi-jack” the Emergency Alert System. He pulled cybersecurity considerations out of the new internet protocol-based TV broadcast proposal avoiding public discussion of this backdoor vector to Wi-Fi and broadband connected devices. He halted the cybersecurity provisions in the FCC’s Broadband Privacy order and opposed inclusion of cybersecurity in communications outage reporting. He rescinded a notice of inquiry generating early public dialog regarding cybersecurity risk reduction for next-generation wireless networks and pulled from public view a study by FCC economists highlighting the growing gap between communications sector corporate cybersecurity investment and that needed to properly protect society.

The greatest concern, however, will come from benign neglect, as the chairman asserts cybersecurity risk is somebody else’s problem.

[Rear Admiral (Ret.) David Simpson served as chief of the Federal Communications Commission’s Public Safety and Homeland Security Bureau from November 2013 through January 2017.]

The White Paper describes the risk reduction portfolio of the current Federal Communications Comission and suggests actions to affirmatively reduce cyberrisk in a manner that incents competition, protects consumers, and reduces significant national security risks.

Looking forward, the continued convergence of packet-based communication technology in wireless, wireline, cable, broadcast and satellite coupled with network functional virtualization and software defined radios will lead to hybrid (co-mingled) control elements for many service providers. These interdependencies will be inviting targets for threat actors from nation-states, to criminals, to hacktivists wishing to exploit or disrupt critical infrastructure. The holistic nature of the interdependent services and exposed attack surface suggest that an “all hands on deck” approach for residual risk, utilizing the full range of government expertise and authorities working with commercial providers, is appropriate. This document presents a strategy to promote an acceptable balance between corporate and consumer interests in cyber risk management when elements of market failure are at work. It acknowledges that the Commission’s preference is to work collaboratively with industry using private/public partnerships. However, if market forces do not result in a tolerable risk outcome, the Commission has tools available to make adjustments to restore the balance.

The Federal Communications Commission has launched an interactive webpage with best practices to assist text message providers and 911 call centers with deploying text-to-911.

The webpage contains materials prepared by Vermont, Texas, and other state 911 call centers (known as public safety answering points or PSAPs) that have already successfully integrated text-to-911, with expertise and insight that can ease the deployment process for others.

For example, the State of Vermont has developed a list of “lessons learned” from its highly successful text-to-911 implementation as well as a series of informational videos for potential text-to-911 users. The webpage is a tool enabling text providers and PSAPs to contribute and refer to comments, best practices, and informational materials. It additionally contains documents from public safety organizations, with Frequently Asked Questions, a checklist of issues that 911 call centers should consider, and technological options available to support text-to-911.

[March 10]