The FCC’s approach to cybersecurity is to “break down the...

by the FCC Thursday. Commercial networks, the FCC’s primary focus, are “increasingly integrated” with networks that sustain vertical industries like financial services and the energy grid, he said. The commission tackled small-business security problems -- 83 percent in the U.S. don’t have cybersecurity protection plans -- by bringing together the Small Business Administration and business groups to develop “basic materials with easy-to-understand steps small businesses could take to improve their security,” Genachowski said. He made a “deliberate choice” in a multistakeholder initiative with ISPs, to focus on specific areas -- botnets, “Internet route hijacking” and domain name fraud -- rather than a “general charge” on cybersecurity, he said. That led the FCC’s Communications Security, Reliability and Interoperability Council, including Verizon, Amazon and PayPal, to develop an “anti-bot code of conduct,” recommend ISPs implement “expert-designed security improvements” for the domain name system, and come up with technical standards for ISPs to secure Internet routing through an “authoritative registry,” he said. As a result ISPs serving about 90 percent of the country have committed to implement the council’s recommendations, Genachowski said. The FCC’s work has been guided by the broader values of Internet freedom and privacy, which is “complementary” to security because “both are essential to consumer confidence in the Internet and to adoption of broadband.” A newer FCC focus is mobile device security, because the commission is “concerned that consumers are generally not taking adequate precautions against the threats that can harm their devices and exploit the information on their devices,” he said: The FCC will announce “concrete steps” to protect such devices “in the coming weeks.” The commission’s approach is to recruit “top talent” in each of these areas, coordinate with stakeholders including businesses and other federal agencies, and give them “concrete problems” to solve, he said. It used the same approach in the government response to Superstorm Sandy, supporting the Federal Emergency Management Agency and other agencies by reporting “daily” on communications networks’ status in New York and New Jersey, and regarding the 2010 Haiti earthquake where the FCC collaborated with FEMA and the U.S. military to restore communications there, he said. Genachowski said that approach should also be used regarding “cable landing stations,” often controlled by private licensees and “under protected” as pieces of critical infrastructure. The chairman discussed cybersecurity’s role in the World Conference of International Telecommunications (WCIT) taking place in Dubai next month, “which poses real challenges to these values” of Internet freedom and market-based approaches: “Calls to add cybersecurity provisions in the International Telecommunication Regulations are misplaced and ultimately counterproductive. International regulations are simply too broad, too inflexible, and too slow to change to effectively address cybersecurity issues.” WCIT will succeed by taking a “pragmatic, flexible, and real-world approach” and avoiding “extreme positions,” he said. Genachowski said the FCC is committed to “greater transparency … and making information about our policies and practices available online.” It’s “actively engaged” in the region the U.S. Central Command directs for the military, and the FCC has hosted 28 delegations from countries including Egypt, Iraq, Qatar and Yemen in the past two years, he said.