Internet Providers Persuade FCC Panel Against Cybersecurity Recommendations

Big Internet providers seem to have talked their way out of unwelcome new recommendations on cybersecurity.

An original draft of a report by a Federal Communications Commission panel, viewed by The Wall Street Journal, endorsed a list of concrete suggestions for major telecommunications and cable companies to tackle the cybersecurity problem. Those measures—which included steps such as controlling which employees have administrative privileges on company networks—weren't backed in the final report. The early draft of the FCC panel's report called for adoption of a specific list of cybersecurity fixes, known as the 20 critical security controls, which were developed by cyber experts in concert with the National Security Agency and others. The FCC panel also initially wanted federal regulators to push for a telecom industry group that would create a new set of cybersecurity guidelines, according to the draft of the report. The industry, however, viewed another organization for cybersecurity issues as a superfluous layer of bureaucracy, a telecom official said.

The United States Telecom Association, whose members include AT&T, Verizon Communications and CentruyLink , along with other industry representatives blocked a full endorsement of the list, according to advisers on the FCC panel. In their final report, members of the advisory panel agreed that they lacked consensus on how to protect U.S. telecom networks. The development may be indicative of the tensions to come as the government looks at tougher oversight of the private sector's cybersecurity defenses. The FCC panel, officially known as "working group 11" of the FCC's Communications Security, Reliability and Interoperability Council III, lacks regulatory authority. The group of industry representatives and outside security experts was tasked with advising the agency on future action.