Greg Guice Quoted on FCC’s withdrawal from Cyber Policy Space in Inside Cybersecurity Analysis

January 30, 2019

Pardon Our Dust

We recently launched this new site and are still in the process of updating some of our archived content. Some details of this article may be incomplete, links may be broken, and other elements may not display properly yet. We appreciate your patience and understanding.

In a Jan. 22 article for Inside Cybersecurity, McGuireWoods Consulting senior vice president, Greg Guice, commented on the current state of cybersecurity initiatives between the telecom sector and the government.

In 2017, Federal Communication Commission (FCC) chairman Ajit Pai began a process of withdrawing from cybersecurity responsibilities defined by the FCC’s previous leadership.

“The FCC has morphed itself to be an expert adviser agency rather than a lead agency on cybersecurity. That’s a big shift, to cede that territory,” said Guice, who was formerly legislative director at the FCC.

As cybersecurity threats and challenges evolve, the nature of the government-industry engagement needed to evolve as well. There is an understanding on the government side that the industry is putting a reasonable effort into fighting security threats. There are industry-government engagements on botnets, malware, internet routing and other security issues – a “whole-of-government” approach to cybersecurity that is beyond what the FCC could accomplish.

As the FCC stepped back from the policy space, Chairman Pai pledged that the FCC and Federal Trade Commission (FTC) would collaborate to ensure there was no gap in consumer protections.

“We haven’t yet heard the FTC’s voice in its role,” Guice said. “In some ways, the commission is still awaiting legislation” that will clarify and expand its role. “What do we want the FTC to be – that is still to be determined.”

Last year, the FTC held a series of public workshops on data security, privacy and related questions. Abigail Slater, special assistant to the president for cyber policy at the National Economic Council, has noted the benefit of expanding the FTC’s authority, including enabling it to issue fines for companies making first-time violations of privacy and data security promises.

“Are consumers at greater risk due to the change in oversight? I don’t think that’s what’s come about,” Guice said. “Operators are still being very responsible – there are market factors and other things that encourage good behavior.”

Guice added, in the telecom sector, “FCC reliability rules still make sure it’s an ‘always on’ service. A lot of effort at the carriers goes into ensuring traffic is clean and validated. The harm comes from outside their networks.”

Industry players know that they’re under the microscope when it comes to protecting consumers’ privacy. That has a disciplinary effect, Guice noted.