FCC Seeks Comments on Cybersecurity Best Practices Implementation and Effectiveness | Practical Law

FCC Seeks Comments on Cybersecurity Best Practices Implementation and Effectiveness | Practical Law

The Federal Communications Commission (FCC) is seeking comments from the public on the FCC's third Communications Security, Reliability and Interoperability Council's (CSRIC III) voluntary recommendations for combating cybersecurity threats.

FCC Seeks Comments on Cybersecurity Best Practices Implementation and Effectiveness

Practical Law Legal Update 9-576-1410 (Approx. 3 pages)

FCC Seeks Comments on Cybersecurity Best Practices Implementation and Effectiveness

by Practical Law Intellectual Property & Technology
Published on 28 Jul 2014USA (National/Federal)
The Federal Communications Commission (FCC) is seeking comments from the public on the FCC's third Communications Security, Reliability and Interoperability Council's (CSRIC III) voluntary recommendations for combating cybersecurity threats.
On July 25, 2014, the Federal Communications Commission issued a press release soliciting comments from stakeholders and the public on the implementation and effectiveness of both:
  • Cybersecurity best practices recommendations adopted by the FCC's third Communications Security, Reliability and Interoperability Council (CSRIC III) in March 2012.
  • Other measures developed by stakeholders to address the cybersecurity challenges.
The CSRIC III unanimously adopted voluntary recommendations for internet service providers (ISPs) to combat the following major cybersecurity threats:
  • Botnet attacks.
  • Domain name fraud.
  • Internet route hacking.
In particular, the FCC seeks comments on the following:
  • Stakeholder's progress in implementing the recommendations.
  • Barriers stakeholders have encountered in implementing the recommendations.
  • Significant success stories or breakthroughs achieved by implementing the recommendations.
  • Stakeholders’ views or plans for full implementation of the recommendations.
  • The effectiveness of the recommendations at mitigating cyber risk and whether there are alternatives that could be more effective at mitigating cyber risk risks posed by botnets, DNS vulnerabilities, routing infrastructure vulnerabilities and source address spoofing, including:
    • stakeholders' basis for believing that these alternatives are more effective than the CSRIC III recommendations; and
    • whether these determinations are based on qualitative or quantitative evaluations, or both.
Interested parties may submit written comments by mail or e-mail no later than September 26, 2014.