FCC to examine voluntary cybersecurity certification

The FCC on Tuesday began the process of establishing a voluntary cybersecurity certification program for Internet and other communication providers.

The commission announced its plans in this morning's Federal Register, noting it would solicit comments on its tentative cybersecurity ideas until Sept. 8. The voluntary certification program was first proposed as part of the agency's National Broadband Plan, the comprehensive agenda the FCC released in March.

Chiefly motivating the FCC's new cybersecurity certification program are reports that hacks and cyberattacks grew exponentially in 2009. One firm told the commission that the total number of malware samples archived in its database last year reached 40 million -- its highest point in 20 years.

At the same time, however, the FCC noted an independent review that found 47 percent of all enterprises studied in 2009 actually reduced their information-security budgets.

"The security of the core communications infrastructure--the plumbing of cyberspace--is believed to be robust," the FCC noted in the register. "Yet recent trends suggest that the networks and the platforms on which Internet users rely are becoming increasingly susceptible to operator error and malicious cyber attack.

The FCC envisions its system as completely voluntary, "but that by agreeing to participate, such communications providers would be bound by the program's rules." It seeks comment on that approach, as well as a proposal that it would collect fees from those companies that choose to participate.

---