• Login
    • Advanced search
    • Title
    • Channel
    • Module
  • Home
  • Industry
    •  

      • Aerospace, Defense, and Government Services
      • Automotive
      • Consumer
      • Manufacturing and Industrials
      • Education
      • Energy and Natural Resources
      • Financial Institutions
    •  

      • Insurance
      • Life Sciences and Health Care
      • Private Capital
      • Real Estate
      • Sports, Media and Entertainment
      • Technology and Telecoms
      • Transport and Logistics
  • Practice
    • Corporate & Finance

      • Banking and Loan Finance
      • Business Restructuring and Insolvency
      • Capital Markets
      • Corporate Governance and Public Company Representation
      • Digital Assets and Blockchain
      • Infrastructure, Energy, Resources, and Projects
      • Leveraged and Acquisition Finance
      • Mergers and Acquisitions
      • Pensions
      • Private Equity, Venture Capital and Investment Funds
      • Real Estate
      • Real Estate Investment Trusts (REITs)
      • Tax
      • Transfer Pricing
    • Global Regulatory

      • Administrative and Public Law
      • Antitrust and Competition
      • Communications, Internet, and Media
      • Education
      • Energy Regulatory
      • Environment and Natural Resources
      • Financial Services
      • Food Law
      • Gaming Law
      • Government Contracts and Public Procurement
      • Government Relations and Public Affairs
      • Health
      • Immigration
      • International Trade and Investment
      • Medical Device and Technology Regulatory
      • New Nuclear
      • Pharmaceuticals and Biotechnology Regulatory
      • Privacy and Cybersecurity
      • Space and Satellite
      • Strategic Operations, Agreements and Regulation
      • Transportation Regulatory
    • Intellectual Property

      • Copyright
      • Designs
      • Domain Names
      • IP and Technology Transactions
      • IP Enforcement
      • Patents
      • Trade Secrets and Confidential Know-how
      • Trademarks and Brands
      • Unfair Competition
    • Litigation, Arbitration, and Employment

      • Business and Human Rights
      • Construction and Engineering
      • Corporate and Securities Litigation
      • Employment
      • International Arbitration
      • Investigations, White Collar, and Fraud
      • Products Law
      • Risks, Disputes, and Litigation
  • Comparative guides
  • Engage Premium
  • Login
  • Register
Hogan Lovells Engage 5.7.7
      • Title
      • Channel
      • Module
    • Hit ENTER to search in content
    • Advanced search
    • Login
  • Home
  • Industry
    •  

      • Aerospace, Defense, and Government Services
      • Automotive
      • Consumer
      • Manufacturing and Industrials
      • Education
      • Energy and Natural Resources
      • Financial Institutions
    •  

      • Insurance
      • Life Sciences and Health Care
      • Private Capital
      • Real Estate
      • Sports, Media and Entertainment
      • Technology and Telecoms
      • Transport and Logistics
  • Practice
    • Corporate & Finance

      • Banking and Loan Finance
      • Business Restructuring and Insolvency
      • Capital Markets
      • Corporate Governance and Public Company Representation
      • Digital Assets and Blockchain
      • Infrastructure, Energy, Resources, and Projects
      • Leveraged and Acquisition Finance
      • Mergers and Acquisitions
      • Pensions
      • Private Equity, Venture Capital and Investment Funds
      • Real Estate
      • Real Estate Investment Trusts (REITs)
      • Tax
      • Transfer Pricing
    • Global Regulatory

      • Administrative and Public Law
      • Antitrust and Competition
      • Communications, Internet, and Media
      • Education
      • Energy Regulatory
      • Environment and Natural Resources
      • Financial Services
      • Food Law
      • Gaming Law
      • Government Contracts and Public Procurement
      • Government Relations and Public Affairs
      • Health
      • Immigration
      • International Trade and Investment
      • Medical Device and Technology Regulatory
      • New Nuclear
      • Pharmaceuticals and Biotechnology Regulatory
      • Privacy and Cybersecurity
      • Space and Satellite
      • Strategic Operations, Agreements and Regulation
      • Transportation Regulatory
    • Intellectual Property

      • Copyright
      • Designs
      • Domain Names
      • IP and Technology Transactions
      • IP Enforcement
      • Patents
      • Trade Secrets and Confidential Know-how
      • Trademarks and Brands
      • Unfair Competition
    • Litigation, Arbitration, and Employment

      • Business and Human Rights
      • Construction and Engineering
      • Corporate and Securities Litigation
      • Employment
      • International Arbitration
      • Investigations, White Collar, and Fraud
      • Products Law
      • Risks, Disputes, and Litigation
  • Comparative guides
  • Engage Premium
  • Login
  • Register
  1. News
  2. The Federal Communications Commission (again) sets its sights on cybersecurity

The Federal Communications Commission (again) sets its sights on cybersecurity

31 October 2022
    • Share by email
    • Share on
    • Twitter
    • LinkedIn
    • Get link
    • Get QR Code
    • Download
    • Print

The field of regulators interested in the cybersecurity practices of private companies is getting crowded, with the Federal Communications Commission (FCC) becoming more and more active in this space.  The FCC, which has jurisdiction over “all interstate and foreign communications by wire or radio,” pursuant to the Communications Act of 1934, as amended, has increasingly found bases for interpreting its authority broadly to encompass the cybersecurity of communications networks and devices.  Three recent examples highlight various paths the FCC is pursuing to regulate cybersecurity—a trend which appears likely to continue.

The FCC launched a broad-reaching inquiry into the vulnerabilities threatening the security and integrity of the Border Gateway Protocol (BGP), which is central to the Internet’s global routing system, their impact on the transmission of data from email, e-commerce, and bank transactions to interconnected Voice-over Internet Protocol (VoIP) and 9-1-1 calls, and how best to address them.  The FCC sought comment on how the agency could help strengthen the nation’s communications networks and critical infrastructure from the vulnerabilities posed by BGP and how it could facilitate implementation of industry standards and best practices to mitigate such harms.  As a next step, the FCC may propose rules on Internet routing security that could impact wireless and wireline Internet Service Providers, Internet Exchange Providers, interconnected VoIP providers, operators of content delivery networks, cloud service providers, and other enterprise and organizational stakeholders.

The FCC has also indicated interest in leveraging its authority to authorize radiofrequency equipment for import, marketing, and sale in the U.S. as a means to address the security risks associated with Internet of Things (IoT) devices.  In a Notice of Inquiry the FCC sought comment on how it could encourage manufacturers to build security into their products, including by permitting voluntary certifications in the equipment authorization process regarding compliance with the NIST IoT Report (NISTIR 8259) guidance.  Securing IoT devices, particularly those in households, remains front of mind for the Administration as well.  The White House recently convened private sector, academic, and government stakeholders to discuss implementing a national cybersecurity labeling program for IoT devices, with a targeted rollout in the Spring of 2023. 

Most recently, on October 27, 2022, the FCC adopted a Notice of Proposed Rulemaking regarding strengthening the nation’s Emergency Alert System (EAS) and Wireless Emergency Alerts (WEA) programs against security threats.  The FCC proposes to require participating alert providers to submit annual certifications that the provider has created, annually updated, and implemented a cybersecurity risk management plan.  The risk management plan would need to address specific security controls, such as requiring multifactor authentication and installing security updates.  Finally, the FCC would require EAS participants to provide the FCC notice of unauthorized access of the EAS equipment, communications systems, or services, within 72 hours of the incident. Comments will be due thirty days after the item is published in the Federal Register.   

FCC observers are also watching the FCC’s increased focus on cybersecurity for signs of whether it may extend the sorts of critical infrastructure regulations that the Cybersecurity and Infrastructure Security Agency (CISA) is developing for other industries into the telecommunications space as well.  The proposed rule regarding EAS and WEA may provide a clue on that question.  Commissioner Starks notes approvingly that the proposed rule aligns the timeframe for cyber incident reporting with the timeframe found in the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), which CISA is administering, and argues that the FCC’s “actions must be within the larger whole-of-government approach to protect our nation’s networks and infrastructure.”

Next Steps

These examples illustrate how the FCC is boldly claiming its place in cybersecurity regulation.  Telecom and technology industry participants including network providers and resellers, device manufacturers, service providers, and retailers, are well advised to monitor FCC activity on cyber.  Sharing industry perspectives on cybersecurity issues with the FCC, through written comments or staff meetings, may help influence whether and how new rules are crafted and implemented—and ensure that the regulatory environment is manageable for industry and promotes innovation.  The Hogan Lovells team  of telecom and cybersecurity experts can help clients understand these developments and advocate for their interests before the FCC and other government regulators.     

Contacts
Katy Milner
Partner
Washington, D.C.
Paul Otto
Partner
Washington, D.C.
Nathan Salminen
Counsel
Washington, D.C.
Keywords Federal Communications Commission, FCC, telecommunications networks, critical infrastructure, cybersecurity, Border Gateway Protocol, Internet of Things, IoT, Emergency Alert System, EAS, Wireless Emergency Alerts, WEA
Languages English
Topics Broadband and Internet, Wireless / Mobile, Spectrum and 5G, Wireline Telecommunications / Fixed Telecoms, Telecommunications Carriers
Countries United States
Delete Comment ?

Are you sure want to delete comment ?

Get link
Embed
Share by email
Get QR Code

Scan this QR Code to share this content

  • Contact us
  • Disclaimer
  • Privacy
  • Cookies
  • Legal Notices
  • Terms of Use

 

This website is operated by Hogan Lovells International LLP, whose registered office is at Atlantic House, Holborn Viaduct, London, EC1A 2FG. For further details of Hogan Lovells International LLP and the international legal practice that comprises Hogan Lovells International LLP, Hogan Lovells US LLP and their affiliated businesses ("Hogan Lovells"), please see our Legal Notices page. © 2022 Hogan Lovells.

Attorney advertising. Prior results do not guarantee a similar outcome.

Thomson Reuters HighQ Logo
© 2023 Hogan Lovells | Privacy Policy | Terms of Service