Tech

FCC proposes 5G cybersecurity requirements, asks for industry advice

As U.S. technology companies begin to eye the unquestionable business opportunity presented by the conception of next generation wireless internet infrastructure — otherwise known as 5G — the Federal Communications Commission, or FCC, is reminding them that cybersecurity must play a part in any and all ventures.

By Chris Bing

August 24, 2016

FCC Chairman Tom Wheeler

As U.S. technology companies begin to eye lucrative business opportunities presented by the advent of next generation wireless internet infrastructure — otherwise known as 5G — the Federal Communications Commission is reminding them that cybersecurity must play a part in any and all ventures.

The FCC published a request Wednesday for comment on a new set of proposed 5G rules to the Federal Register focused on adding specific “performance requirements” for developers of example internet-connected devices.

If a company hopes to secure a license to access higher-frequency 5G spectrum in the future then they will need to adhere to these specific requirements — in other words, compliance is non-negotiable. Notably, these FCC “performance requirements” now include the submission of a network security plan.

“Cybersecurity issues must be addressed during the design phase for the entire 5G ecosystem, including devices. This will place a premium on collaboration among all stakeholders,” said FCC Chairman Tom Wheeler during a National Press Club event on June 20. “We continue to prefer an approach that emphasizes that industry develop cybersecurity standards just as we have done in wired networks.”

In addition to a structured security strategy, the FCC’s 5G application process will require organizations to share their ongoing participation in threat intelligence and other data sharing programs — such initiatives include the likes of the Cyber Threat Alliance.

A quick review of the FCC’s proposed 5G cybersecurity plan shows a six category split, organized by a companies’ security approach, coordination efforts, standards and best practices, participation with standards bodies, other security approaches and plans with information sharing organizations.

Security plans must be submitted to the commission at least six months before a 5G-ready product enters the market, according to the notice.

Indicative of the larger themes at play in the proposed rules, the FCC appears to be signaling that information sharing and more broadly, coordination across industry, will be a desired component of any companies’ 5G-related development efforts.

Here’s a video of Wheeler speaking at the National Press Club on June 20th: