Academic journal article Federal Communications Law Journal

The Likely Regulators? an Analysis of FCC Jurisdiction over Cybersecurity

Academic journal article Federal Communications Law Journal

The Likely Regulators? an Analysis of FCC Jurisdiction over Cybersecurity

Article excerpt

Table of Contents  I. Introduction II. Background    A. Network Security Standards and Cyber-attacks    B. The FCC's Historical Role in Cybersecurity    C. The FCC's Jurisdiction over the Internet    D. The FCC's Ancillary Authority    E. The FCC's Authority in the Context of Rapid Technological       Change III. The FCC's Ancillary Authority to Promulgate      Cybersecurity Standards      A. Broadband Internet Service as Within the FCC's General         Jurisdictional Grant      B. Mandatory Cybersecurity Standards for ISPs as Reasonably         Ancillary to the FCC's Statutory Responsibilities IV. The Decision to Regulate Cybersecurity of Internet     Service Providers     A. Deciding When to Regulate        1. Appropriate Considerations for Deciding When to           Regulate        2. The Decision to Regulate Cybersecurity to Ensure           Network Reliability     B. Cost-Benefit Analysis and Cost-Effectiveness Analysis        1. Principles of Cost-Benefit Analysis and Cost           Effectiveness Analysis        2. Application to Cybersecurity Standards V. Conclusion 

I. Introduction

In October 2012, Former Secretary of Defense Leon Panetta warned the nation of the potential for a "cyber Pearl Harbor" that would cause physical destruction and the loss of life. (1) "In fact, it would paralyze and shock the nation and create a new, profound sense of vulnerability," he stated gravely. (2) The attack could "be as destructive as the terrorist attack on 9/11." (3) While the Secretary's statements were arguably hyperbolic, (4) ineffective cybersecurity in the United States is a pressing problem, jeopardizing both national security and individual online safety. (5) Recent events clearly illustrate that cyber-attacks have become almost a daily part of life. Skilled attackers can use computer and network vulnerabilities to do everything from commit bank fraud to disrupt uranium enrichment. (6)

Part of the reason for this vulnerability to cyber-attacks is the lack of uniform implementation of existing, authoritative network security standards for Internet service providers ("ISPs"), (7) a problem that persists because ISPs are under no obligation to implement these standards. (8) Together, these factors have created a market that often fails to provide adequate cybersecurity. (9)

When a market fails to provide a necessary service, such as the guaranteed integrity of the communications network, the government can step in to fill the gap. This Note argues that the Federal Communications Commission ("FCC") has the authority to require ISPs to implement network level cybersecurity measures to maintain the integrity and security of the networks. The FCC derives this power from its ancillary authority in Title I of the Communications Act of 1934 and its statutory mandates to ensure a reliable communications network and implement 9-1-1 service over VoIP. (10)

To establish the FCC's authority in this area, this Note examines some of the causes of and partial solutions to cyber-attacks in relation to FCC authority. Part II gives background on network security and cyberattacks, and details the FCC's ancillary authority, which allows the FCC to promulgate regulations concerning technology over which it does not have a direct statutory mandate. Part III analyzes the FCC's ability to use its ancillary authority to require ISPs to implement cybersecurity standards, concluding that the FCC has jurisdiction to implement minimum standards because insufficient cybersecurity could catastrophically impact services the FCC oversees. Part IV considers whether the FCC should exercise its ancillary authority, determining that the market failure in cybersecurity vulnerability information and network reliability, together with the compelling need for a reliable communications system, justifies government regulation. The Note concludes with a brief discussion of the costs and benefits of potential regulation. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.