Written byShaun Waterman
The trade group that represents cable television and internet providers is pushing back against a planned FCC rule that requires the providers of 5G — the next generation of wireless communications service — to publish their cybersecurity plans.
In a letter dated Jan 4, NCTA – The Internet & Television Association, tries to go over the head of the FCC in opposing the regulation, telling the White House Office of Management and Budget that the proposal is overly burdensome and will be unproductive. OMB has to approve the rule before it can take effect.
“Requiring licensees to publicly disclose their network security plans will either: (1) produce reports that are at a high enough level of generality to avoid compromising network security by providing details that create vulnerabilities, but therefore offer the FCC information with no practical use; or (2) expose information that could reveal network risks and vulnerabilities, and thereby decrease the security of 5G networks and increase cybersecurity threats,” write NCTA officials Rick Chessen and Danielle Pineres.
In the letter, they complain the rule “creates a substantial new reporting burden that is not ‘necessary for the proper performance of the [FCC’s] functions,’ and has no ‘practical utility.'”
The agency’s required estimate of the regulatory burden the new rule would impose also “grossly understates the time and effort required to compile, review, and publish a public statement on a company’s cybersecurity practices.
“For these reasons, OMB should not approve this information collection,” the authors conclude.
The proposed rule follows the FCC’s 5G “spectrum frontiers” report and order published by the agency last July.
Then last month, the FCC’s Bureau of Public Safety and Homeland Security released a wide-ranging set of questions for industry about the cybersecurity of 5G. The Notice of Inquiry poses 130 questions — covering a huge variety of topics from encryption, authentication and security-by-design, to the availability of remote software upgrades, defense against DDoS attacks and network awareness.
Comments are due within 90 days of the Dec. 16 publication date and replies to those comments by 120 days after publication.