Let Companies Alert Users on Cybersecurity Threats, FCC Hears
The FCC should tweak regulations so that communications companies can alert customers that their computers are infected with botnets and other malware, Neustar Senior Technologist Ronald Joffe said Friday. He spoke on a panel on cybersecurity at FCC headquarters. Neustar and other companies have been prevented from alerting customers about computer infections, and the FCC should consider changing those regulations, Joffe said. He cited Holland, where the government has recently been sending out pop-up ads to warn owners of infected consumers.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
A member of the audience asked the panel if the FCC should be more aggressive in tracking down malware at end-users -- the way, for instance, the agency will track down unlicensed radio operators. In response, AT&T Chief Security Officer Ed Amoroso said that the real problem was not with enforcement but with “the sorry state of software engineering.” He drew laughs when he suggested that “a music major shouldn’t be a software engineer” and that he would make it as difficult to be a software engineer as it is to be a surgeon. Amoroso is convinced that malware attacks on wireless are the next major move by hackers, but he said few were thinking of how to handle those attacks. Cybersecurity experts aren’t being proactive enough, Amoroso said.
Government’s real power is in procurement, not regulation, said Akamai Chief Security Architect Andy Ellis. That drew broad assent from the panel and the audience. If government agencies begin buying DNS Security Extensions, for instance, companies will invest more heavily and then sell them to the public, Ellis said.
PayPal Technology Evangelist Bill Smith urged the FCC to take a more active role in preventing malware attacks. The law already lets the commission require ISPs to drop traffic with packet headings that show they're malware, he said. The FCC ought to be active in enforcing that law, Smith said.
Comcast already alerts customers when the company is suspicious they've been “botted,” said Distinguished Engineer Michael O'Reirdan. He said the trouble is a matter of social engineering: “If someone really believes someone in Nigeria wants to give them $42 million, there’s not much that can be done.” Friday’s panels were part of the FCC’s efforts to craft a cybersecurity “roadmap” as outlined in the National Broadband Plan. Each panel was moderated by Associate Chief Jeffery Goldthorp of the Public Safety Bureau.