Add the FCC to the list of three-letter government agencies that information security pros have to worry about.
In a speech at the RSA Conference, Federal Communications Commission (FCC) Chairman Tom Wheeler spelled out how his agency, following its move to enforce network neutrality and its $25 million fine levied against AT&T for a data breach, will also push those network operators to implement the National Institute of Standards and Technology (NIST) guidelines for cyber-risk management.
The aim, Wheeler, said, was to "avoid a top-down, prescriptive regulatory intrusion into industry practices." He pointed to the FCC's collaboration with the private sector in the Communications Security, Reliability and Interoperability Council's (CSRIC) as an example of the "cooperative and collaborative approach" that, he said, "is the FCC's preferred form of engagement."
At the same time, the FCC will mesh its well-established network threat monitoring efforts with those of the Department of Homeland Security (DHS), Wheeler said, echoing similar points made by DHS Secretary Jeh Johnson in a previous session.
The FCC, moreover, will advocate for the education and training of a new cadre of cyber risk specialists—"the next interdisciplinary experts on everyone's must-hire list," Wheeler said.
Experts expect the agency to grow in prominence in the security and privacy arenas. After the commission levied the $25 million fine on AT&T, its largest to date for a cyber security infraction, J. Trevor Hughes, president and CEO of the International Association of Privacy Professionals (IAPP), told SCMagazine.com, “We see a very active FCC with a clear goal.”