Apparently
the FCC’s ongoing battle with the telecommunications industry over
cybersecurity is well, ongoing. I read
an article this week that discussed the agency’s never-ending battle to
convince private telecommunications firms to do something (or rather anything)
about improving their overall technical security posture. FCC Chairman Tom Wheeler gave a speech at the
American Enterprise Institute last week in which he discussed the ongoing challenge
(and I’m paraphrasing here) to incentivize private companies to step up and
enact some form of cyberdefense for their networks. I say “some form” only half-jokingly because
one of the key points of Wheeler’s speech is that “90% of the recent security
breaches could have been thwarted with the implementation of basic or
intermediate security measures” (Sandoval, 2014). This shocking fact gave me déjà vu from a
report I helped author last year for the capstone course of my Cybersecurity
Masters Degree. Coincidentally, my final
project involved assessing how various aspects of industry and security
affected a fictitious telecommunications firm named Avisitel. My portion of this project (see excerpt
below) revolved around how the nature of telecommunications competition in the
United States has created a perfect storm of inactivity which surprisingly has
not lead to a catastrophic attack on one of our most critical infrastructure components.
Nature of Competition
On
the surface, the telecommunications industry in the United States is a varied
mix of technologies and providers. In
2012, the United States Telecom Association (US Telecom) identified 1,662
separate firms (US Telecom, 2013). These
companies provide the gamut of technologies with the vast majority offering
digital subscriber line (DSL) and/or fixed wireless services. Avisitel falls
into this category offering mobile and landline telephone services as well as
broadband cable. In addition, according
to data provided by the National Telecommunications and Information
Administration (NTIA), 95.4 percent of America’s population has access to at
least three wireless carriers and 88 percent were presented with at least two
wired broadband options (US Telecom, 2013).
Although these statistics lend credence to the theory that the
telecommunications industry is a highly competitive field, many critics
disagree.
Susan Crawford,
professor at the Benjamin N. Cardozo School of Law in New York argues that
America’s telecommunications infrastructure has been taken over by monopolists
(Carr, 2013). This in turn has led to a
situation characterized by limited oversight, underdeveloped innovation and widespread
consumer fleecing. Crawford explains
that four main companies control the majority of wired and wireless telecom
services in the United States. In
markets covering approximately 50 million Americans, Comcast and Time Warner
have complete control over broadband while Verizon and AT&T own 64 percent
of all wireless services. This in effect
creates a broadband duopoly between telephone companies and cable TV providers (Hazlett
& Weisman, 2011). Although the 1996
Telecommunications Act was designed to foster increased competition in this
industry, Crawford argues this law instead allowed telecom firms “…to simply
divide markets and merge their way to monopoly” (Carr, 2013). Now or in the very near future, this market
environment will mean that the majority of Americans in metropolitan areas will
only have access to a single provider of high speed data (Crawford, 2011).
The
nature of this competition has become problematic for the federal government in
attempting to implement a national cybersecurity strategy. Although US Telecom recognizes the
increasingly important role the telecommunications sector represents to the
American infrastructure, this has not stopped the industry from pushing back
against cybersecurity initiatives. The
telecom association and other industry representatives failed to ratify a list
of cybersecurity suggestions put forth by the Federal Communications Commission
(FCC) (Yadron, 2013). Officials argue
that generic cybersecurity guidelines cannot be applied to their complex
industry. Moreover, the FCC’s advisory
panel insinuates that government mandated reform of the private sector makes
firms nervous. Unobstructed by
competition and benefiting from an economy of scale, telecom firms like
Avisitel do not have the same oversight as companies in other industries. As a result, successful implementation of
current cybersecurity standards has solely been a voluntary effort.
References
Carr,
D. (2013). Telecom’s big players hold back the future. The New York Times. Retrieved
from
http://www.nytimes.com/2013/05/20/business/media/telecoms-big-players-hold-back-the-future.html?pagewanted=all&_r=0
Crawford,
S. P. (2011). The Communications Crisis in America. Harvard Law & Policy
Review, 5(2), 245-263.
Retrieved from http://www.acslaw.org/publications/harvard-law-
and-policy-review
Hazlett,
T., & Weisman, D. (2011). Market Power in US Broadband Services. Review Of
Industrial
Organization, 38(2), 151-171.
doi:10.1007/s11151-011-9289-5
Sandoval,
L. (2014). FCC: Companies must step up to improve cybersecurity or else. Tech Times. Retrieved from http://www.techtimes.com/articles/8460/20140616/fcc-companies-must-step-up-to-improve-cyber-security-or-else.htm
US
Telecom. (2013). Broadband industry stats. Retrieved from
http://www.ustelecom.org
/broadband-industry/broadband-industry-stats
Yadron,
D. (2013). Internet providers persuade FCC panel against cybersecurity
recommendations.
The Wall Street Journal. Retrieved
from http://online.wsj.com/news/articles/SB10001424127887323639604578368722811930666
