Broadband plan would make FCC a player in cybersecurity framework

Under the National Broadband Plan released today by the Federal Communications Commission, the FCC would assume new responsibilities for helping to secure the nation’s privately owned communications infrastructure.

“As the world moves online, America’s digital borders are not nearly as secure as its physical borders,” the FCC said in the report. “The country must do better. In a broadband world, there is a unique opportunity to achieve a comprehensive vision for enhancing the safety and security of the American people.”

The plan calls for the FCC to create a cybersecurity roadmap for the nation, establish an Emergency Response Interoperability Center (ERIC) and a Cybersecurity Information Reporting System (CIRS), and establish a cybersecurity certification program for network operators.

Related story:

FCC wants faster Internet for government buildings

Many recommendations in the plan require congressional approval and funding before going into effect.

Universal access to broadband Internet access has been designated as a driver for the nation’s economic recovery and Congress, in the Reinvestment and Recovery Act last year, mandated that the FCC develop a national plan for ensuring broadband access all Americans. FCC began the process by issuing a notice of inquiry in April 2009 seeking input on the development of the plan. The document originally was due in February, but FCC Chairman Julius Genachowski last month requested a one-month extension.

In addition to securing the nation’s private information infrastructure, the plan also makes recommendations for deploying a national public safety broadband network and encouraging development of next-generation 911 and public alert systems.

“The proliferation of Internet Protocol (IP)-based communications requires stronger cybersecurity,” the FCC concludes in its report. The commission’s responsibilities in this area would focus largely on cooperating with existing programs in the Homeland Security Department and the National Institute of Standards and Technology. The cybersecurity certification program would be voluntary, part of an effort to create market incentives for securing networks, and the commission would not have the authority to mandate security standards for privately owned networks.

The plan recommends that FCC work with the administration to release a cybersecurity roadmap within 180 days. “The FCC roadmap should identify the five most critical cybersecurity threats to the communications infrastructure and its end users,” the plan states. “The roadmap should establish a two-year plan, including milestones, for the FCC to address these threats.”

The Cybersecurity Information Reporting System would help to provide the situational awareness in the IP infrastructure that FCC says the government and Internet service providers now lack, and which is needed to coordinate responses to attacks.

“The FCC and DHS’ Office of Cybersecurity and Communications together should develop an IP network CIRS to accompany the existing Disaster Information Reporting System,” the plan states. “CIRS will be an invaluable tool for monitoring cybersecurity and providing decisive responses to cyberattacks.”

CIRS would be a real-time voluntary monitoring system for cyber events and would disseminate information quickly to service and network providers during major events.

The other major security objective in the plan is establishing a nationwide, interoperable public safety network.

“Unfortunately, the United States has not yet realized the potential of broadband to enhance public safety,” the report states. “Today, first responders from different jurisdictions and agencies often cannot communicate during emergencies” because their equipment does not interoperate and there is no common network for their use.

Congress in 1997 mandated that FCC make spectrum for a nationwide network available, and portions of the 700 MHz band were freed up for this purpose by the shift from analog to digital broadcasting by the nation’s TV stations. But a spectrum auction in 2007 failed to produce an acceptable bid for the D-Block band set aside for this network.

The broadband plan recommends that the block be licensed for commercial use, with more flexible requirements for partnering with public safety agencies in its use. Public safety agencies would have priority access, and public and private operators would be required to share common air interface standards.

“The emerging consensus of the public safety community and carriers is that 700 MHz networks will use the Long Term Evolution (LTE) family of standards,” the report says. “The FCC should consider designating this standard.”

A standard technology would also help ensure interoperability, and this would be furthered by an Emergency Response Interoperability Center.

“ERIC will develop common standards for interoperability and operating procedures to be used by the public safety entities licensed to construct, operate and use this nationwide network,” the plans says. “To establish a common vision, ERIC must exist before any licensees begin construction of such a network.”

ERIC would work closely with DHS’ Office of Emergency Communications and also would partner with NIST. The FCC’s fiscal 2011 budget proposes $1.5 million in funding to establish ERIC and support initial staffing requirements. About $5.5 million would be needed annually beginning in 2012 for ERIC to be fully functional.

The plan also proposes federal grants to help support the estimated $12 billion to $16 billion capital cost of building out the network. Annual costs for building the network are expected to peak at $1.3 billion in 10 years.

To encourage development and deployment of Next Generation (NG) 911 networks and emergency alert systems the FCC recommends:

• The National Highway Traffic Safety Administration prepare a report to identify the costs of deploying a nationwide NG 911 system and recommend that Congress consider providing public funding
• Congress consider enacting a federal regulatory framework
• The FCC address IP-based communications devices, applications and services
• The FCC launch a comprehensive next-generation alert system inquiry and
• The executive branch clarify agency roles on the implementation and maintenance of a next-generation alert and warning system.