Feeds

Phone, internet corps SNUB US government's cybersecurity ABCs

20 computer defences rejected by telecoms industry

Boost IT visibility and business value

Phone companies and ISPs in the US have convinced a top advisory panel to hold back the American government from forcing a set of basic IT cybersecurity standards on them.

The Federal Communications Commission (FCC) set up a group of experts to figure out if the communications industry should be forced to adapt 20 "critical security controls", designed to stop or mitigate known attacks on computer systems.

But the panel informed the FCC in a report that there isn't a consensus among the key players that the recommended security checks are appropriate for telcos and ISPs - and that the commission should instead "encourage" companies to use them.

The report concluded:

While the 20 controls have been effective in guiding security management in enterprise and government institutions, the communications sector participants believe that some unique aspects of managing diverse multi-tenant communications networks will require additional evaluation in order to determine the extent to which the 20 Controls protect network infrastructure directly; as well as to determine the applicability of the 20 Controls to communications sector.

The full review can be found here [PDF]. Skip to page 15 for the 20 controls - they range from keeping tabs on the number of authorised and unauthorised devices to controlled use of privileged accounts.

The group - which included experts from state authorities and non-profits along with representatives from firms such as AT&T, Sprint, Verizon and Microsoft - said the FCC needed to carry out a further review of cybersecurity practices and what standards should apply to the comms industry.

The US government has said that the security of electronic systems and protection of national infrastructure from hackers are top priorities, but it's having trouble passing new laws without defining the standards companies should be measured against. The private sector is also resisting any attempts to turn voluntary standards into potentially expensive enforced regulations.

Last month, President Barack Obama issued an executive order for the establishment of voluntary minimum standards for any companies dealing with critical infrastructure.

The 20 cyber-controls came from secret lists of security measures that could stop known attacks on computers; the lists were compiled by government agencies including the NSA, FBI and the UK's Communications-Electronics Security Group (CESG) and computer security companies such as Mandiant and McAfee. ®

The essential guide to IT transformation

More from The Register

next story
Déjà vu: Virgin Media jacks up broadband prices
Screw copper phone lines, we're UNIQUE, bleats telco
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
New Sprint CEO says he will lower axe on staff – but prices come first
'Very disruptive' new rates to be revealed next week
US TV stations bowl sueball directly at FCC's spectrum mega-sale
Broadcasters upset about coverage and cost as they shift up and down the dials
What's the nature of your emergency, Vodafone?
Oh, you've dialled the wrong number for ad fibs, rules ASA
EE network whacked by 'PDP authentication failure' blunder
Carrier is 'aware' of cockup, working on a fix NOW
ROAD TRIP! An FCC road trip – Leahy demands net neutrality debate across US
You crashed watchdog's site, now time to crash its ears
Google's so smart it's discovered SHARKS HAVE TEETH
Congratulations, world media, for rediscovering submarine cable armour
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?