Admiral Barnett remarked on a recent speech FCC Chairman Tom Wheeler gave at the American Enterprise Institute (AEI) where he urged the private sector to lead cybersecurity improvement efforts. Admiral Barnett said Wheeler’s speech shows he is “pretty confident that he’s got the authority to move forward, and probably on more than one set of authorities.” Most of those authorities, he explained, would fall under Title I of the Communications Act, including the FCC’s “traditional role” on public safety matters and in authorizations related to public safety communications and 911.
Wheeler could also act on cybersecurity through Title II reclassification of broadband as a utility, but most industry observers believe he would reserve this as a “nuclear option,” said Admiral Barnett. Net neutrality advocates have urged the FCC to reclassify broadband to be under Title II because it would allow for stronger net neutrality rules, but most observers believe it's unlikely to happen. “I don’t think that’s the first or second option on this.”
Admiral Barnett further explained that the FCC may institute a status-reporting program as part of its cyber efforts, which could be confidential like current service outage reporting requirements or could take another form. “The question then becomes, will that become voluntary or mandatory?” The FCC has instituted multiple voluntary reporting programs — with varying success — along with mandatory ones, he said. Cybersecurity reporting is likely to begin as a voluntary regime given the sector’s overall preference for voluntary measures. That would fit in with the Obama administration’s pattern of encouraging voluntary cybersecurity efforts like use of the National Institute of Standards and Technology’s Cybersecurity Framework, said Admiral Barnett.
The FCC’s current cyber efforts are built on groundwork established under former Chairman Julius Genachowski and previous FCC chairmen, including previous CSRIC initiatives like the ISPs’ anti-botnet code of conduct (CD March 23/12 p1) and work to protect against website spoofing and Internet route hijacking, Admiral Barnett said.