WASHINGTON (Reuters) - The top U.S. telecom regulator on Thursday told communications companies to take the lead in fortifying their networks against cyberattacks, saying they can do more to bolster security short of new government regulations.
In his first major speech devoted fully to cybersecurity, Federal Communications Commission Chairman Tom Wheeler urged the private sector to “step up to assume new responsibility and market accountability for managing cyber risks” before the FCC weighs a regulatory approach to the problem.
“The private sector-led effort must be more dynamic than traditional regulation and more measurably effective than blindly trusting the market or voluntary best practices to defend our country,” Wheeler said in a speech at the American Enterprise Institute think tank.
“We believe in a new regulatory paradigm where the commission relies on industry and the market first while preserving other options if that approach is unsuccessful.”
Improving protections of U.S. critical infrastructure like communications networks and the electric grid has been a priority for the Obama administration, but security experts continue to worry about the reluctance of many corporate leaders to spend more money on improving defenses.
The FCC, whose oversight includes major wireless and Internet providers, has in the past tried to adopt industry-wide minimum cybersecurity standards but faced resistance from large communications companies as the private sector broadly has resisted U.S. efforts to set new standards.
Wheeler has reignited the effort, positioning the FCC as a more prominent player in protecting the nation’s critical infrastructure from cyber attacks. He made his first plea for the private sector to step up their defenses in a speech at the cable industry trade show in April.
The FCC in coming weeks will ask communications companies to report how, measurably, they are adopting the various voluntary best practices and codes of conduct they previously helped draft through a multi-stakeholder FCC advisory group.
Another such advisory group is now also working on a review of industry best practices in cybersecurity, which Wheeler said in April he hoped would “translate into actual implementation” over the course of the year.
The FCC will begin to incorporate cybersecurity considerations into its routine regulatory work and will also help evaluate how the communications sector is adopting the minimum cybersecurity standards that the government drafted with the industry’s help in February.
“Companies must have the capacity to assure themselves, their shareholders, their boards and their nation of the sufficiency of their own cyber risk management practices,” Wheeler said on Thursday.
Reporting by Alina Selyukh, editing by Ros Krasny and Tom Brown