• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

FCC Advisory Group Issues Cyber Risk Management Report

March 28, 2015 By Privacy, Cyber & Data Strategy Team

On March 18, the Federal Communications Commission (“FCC”) approved the Final Report on cybersecurity risk management and best practices issued by Working Group 4 (“WG4”) of its Communications, Security, Reliability, and Interoperability Council (“CSRIC”).  The CSRIC, currently in its fourth assembly, is an advisory committee tasked with providing recommendations to the FCC to achieve “among other things, optimal security and reliability of communications systems…”  The report was created in response to WG4’s mission to “develop voluntary mechanisms to provide macro-level assurance to the FCC and the public that communications providers are taking the necessary corporate and operational measures to manage cybersecurity risks across the enterprise.”  WG4 was also tasked with “providing implementation guidance” to sector members on the Cybersecurity Framework created by the National Institute of Standards and Technology (“NIST”) in February 2014.  This mission was widely understood from early in WG4’s existence to require the mapping of sector-specific best practices to the Framework.

The final report, which contains guidance for five “major” segments of the communications sector – wireless, wireline, broadcast, cable, and satellite – is intended to assist sector members to adapt the NIST framework to their segment-specific needs.  It contains considerable practical guidance, including mappings of segment-specific practices to the NIST Framework core, the group’s determinations of which categories and sub-categories of the Framework are in or out of scope for a particular segment, which in-scope categories and subcategories should be prioritized within each segment, and identification of the challenges of implementation and effectiveness for each applicable subcategory.  The report further contains use cases and advice specific to smaller entities.  It also contains extensive policy recommendations for the FCC, including on metrics, analysis of barriers to implementation of the NIST Framework, and the need for incentives.  With regard to metrics, which was one of the most anticipated elements of the report, CSRIC “recommends that the FCC adopt availability of the critical communications infrastructure as the meaningful indicator of cybersecurity risk management.”

The Final Report, at 415 pages, stands as one of the most in-depth engagements with the NIST Framework by a critical infrastructure sector to date.  The FCC has established clear expectations that the final report produced by WG4 must catalyze measurable improvement in cybersecurity practices across the communications sector.  FCC Chairman Wheeler has referred to WG4’s work as building a “new regulatory paradigm,” in which the FCC “relies on industry and the market first while preserving other options if that approach is unsuccessful.”  However, regulation could serve as a backstop if the voluntary efforts of the CSRIC are not sufficiently adopted throughout the industry, leading to measurable improvements.

Filed Under: Cyber Risk, Cybersecurity, Regulation

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • Belgian Supervisory Authority Sanctions News Media Company for Violating Cookie Rules
  • DOJ Issues New Policy on CFAA Prosecutions
  • EDPB Issues Draft Guidelines on the Calculation of Administrative Fines
  • The California Privacy Protection Agency Solicits Public Input on Forthcoming Privacy Regulations
  • U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum
Copyright © 2022 · Alston & Bird · All Rights Reserved. Privacy.