WASHINGTON, March 18 Large telecommunications
companies and Internet providers succeeded in convincing an
advisory panel that the U.S. government should not pursue
enforcement of security measures meant to bolster their defenses
against the growing threat of cyber attacks, according to a
report released late on Monday.
Representatives of the communications industry on a panel
advising the Federal Communications Commission argued against a
recommendation that the FCC press the telecoms sector to abide
by a list of cybersecurity standards endorsed by national
security and defense experts. The panel could not reach an
agreement needed to make such a recommendation.
Government officials and the business community have
struggled to reach a consensus on the scope and power of
cybersecurity standards as industry experts say prescriptive
measures would hamper innovation and expose companies to being
sued if their networks get hacked.
The panel that wrote the advisory report to the FCC includes
experts from several state authorities, non-profits and Internet
and telecom firms such as AT&T, Sprint, Verizon
, Comcast and Microsoft.
In the report, the advisers said there was no consensus
within the group on the "extent to which the FCC should
encourage the communications industry" to follow so-called "20
Controls" endorsed by national security and defense leaders as
strengthening protections against cyber attacks.
"The user community within Working Group 11 would prefer for
the FCC to encourage industry to use the 20 Controls," the
advisers wrote in recommendation to the FCC.
"However ... the communications sector participants believe
that some unique aspects of managing diverse multi-tenant
communications networks will require additional evaluation in
order to determine the extent to which the 20 Control protect
network infrastructure directly; as well as, to determine the
applicability of the 20 Controls to communications sector."
The report then went on to recommend that the FCC encourage
further review of cybersecurity practices and determine what
standards should apply to the communications sector and to what
extent. It also urged the industry to share cyber threat
information and develop and improve best practices.
Minimum security standards have been a critical stumbling
block in recent efforts to pass new cybersecurity laws. U.S.
intelligence leaders call cyber attacks a top security threat
but the business community is concerned about voluntary
standards turning into imposing mandates.
Last week, CEOs - including AT&T's - met with President
Barack Obama and asked him for what one executive described as
"light touch" from the government on the matter.
Obama's executive order in February called for establishment
of voluntary minimum cybersecurity standards for companies
dealing with critical infrastructure, such as utilities.