A letter from the Federal Communications Commission (FCC) may lay out the framework for a regulatory policy for Internet of Things (IoT) devices, as legislators search for ways to ensure the security of devices that are connected to the internet.
FCC Chairman Tom Wheeler acknowledged the governing body’s interest in beefing up the security protocols for connected devices in a letter to Virginia Senator Mark Warner.
“We cannot rely solely on the market incentives of ISP to fully address the risk of malevolent cyber activities," Wheeler wrote, arguing that a combination of market-based incentives and regulatory oversight are necessary to establish basic cybersecurity protections for internet-connected consumer devices.
The message from Wheeler, published on Monday, was prompted by a letter from Senator Warner dated Oct. 25 of this year. Warner’s initial correspondence was prompted by the Mirai botnet attack that managed to take down a number of major websites. The attackers primarily utilized unsecured IoT devices to perform massive distributed denial of service (DDoS) attack.
According to research from HP, 70 percent of IoT devices are vulnerable to attacks like those that were used to assemble the Mirai botnet. Many devices lack basic security protocols one would expect to find on other internet-accessible devices; most devices tested had default passwords like “1234,” more than half devices used unencrypted communications when sending and receiving data over the internet, and six in 10 devices used unsecured downloads for software updates.
Warner applauded the response from Wheeler, stating the letter from Wheeler validated his concerns about cyberattacks involving IoT devices.
“The FCC chairman confirms that internet service providers already have the authority – if not the responsibility – to protect their networks by blocking malicious and harmful traffic,” Warner said in a statement. “I also am pleased to learn the FCC also has been discussing improved tools, including setting security standards for IoT devices, to better protect consumers as well as the broader Internet.”
The FCC’s response to the inquiry regarding IoT security may be heartening to those concerned about the ongoing risks of DDoS attacks, but the implementation of the current FCC’s agenda may be considerably more difficult as the government transitions from the President Barack Obama to the Donald Trump administration.
President-elect Trump is likely to replace Wheeler as the head of the FCC, and the appointments in charge of the body on the Trump transition team appear to want to see the FCC’s regulatory powers weakened.
Jeffrey Eisenach, a former paid consultant for Verizon, and one time Sprint lobbyist Mark Jamison have been charged with shaping the FCC under Trump. Both have argued previously the for less regulation by the FCC and have hinted at their belief the board has outlived its purpose.
Eisenach and Jamison, along with recent addition to the Trump transition team Rosyln Layton, all have been staunch opponents to net neutrality, a signature policy of the FCC under Wheeler.