Feeds

Phone, internet corps SNUB US government's cybersecurity ABCs

20 computer defences rejected by telecoms industry

High performance access to file storage

Phone companies and ISPs in the US have convinced a top advisory panel to hold back the American government from forcing a set of basic IT cybersecurity standards on them.

The Federal Communications Commission (FCC) set up a group of experts to figure out if the communications industry should be forced to adapt 20 "critical security controls", designed to stop or mitigate known attacks on computer systems.

But the panel informed the FCC in a report that there isn't a consensus among the key players that the recommended security checks are appropriate for telcos and ISPs - and that the commission should instead "encourage" companies to use them.

The report concluded:

While the 20 controls have been effective in guiding security management in enterprise and government institutions, the communications sector participants believe that some unique aspects of managing diverse multi-tenant communications networks will require additional evaluation in order to determine the extent to which the 20 Controls protect network infrastructure directly; as well as to determine the applicability of the 20 Controls to communications sector.

The full review can be found here [PDF]. Skip to page 15 for the 20 controls - they range from keeping tabs on the number of authorised and unauthorised devices to controlled use of privileged accounts.

The group - which included experts from state authorities and non-profits along with representatives from firms such as AT&T, Sprint, Verizon and Microsoft - said the FCC needed to carry out a further review of cybersecurity practices and what standards should apply to the comms industry.

The US government has said that the security of electronic systems and protection of national infrastructure from hackers are top priorities, but it's having trouble passing new laws without defining the standards companies should be measured against. The private sector is also resisting any attempts to turn voluntary standards into potentially expensive enforced regulations.

Last month, President Barack Obama issued an executive order for the establishment of voluntary minimum standards for any companies dealing with critical infrastructure.

The 20 cyber-controls came from secret lists of security measures that could stop known attacks on computers; the lists were compiled by government agencies including the NSA, FBI and the UK's Communications-Electronics Security Group (CESG) and computer security companies such as Mandiant and McAfee. ®

High performance access to file storage

More from The Register

next story
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
Broadband Secretary of SHEEP sensationally quits Cabinet
Maria Miller finally resigns over expenses row
Skype pimps pro-level broadcast service
Playing Cat and Mouse with the media
Beat it, freetards! Dyn to shut down no-cost dynamic DNS next month
... but don't worry, charter members, you're still in 'for life'
Like Google, Comcast might roll its own mobile voice network
Says anything's possible if regulators approve merger with Time Warner
EE dismisses DATA-BURNING glitch with Orange Mail app
Bug quietly slurps PAYG credit - yet EE denies it exists
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.