As concerns increase about cybersecurity threats targeting all types of electrical and electronic equipment, a Commissioner for the U.S. Federal Communications Commission (FCC) is calling on the agency to require manufacturers to provide ongoing security updates for their wireless devices.
In a presentation at the Practicing Law Institute’s 40th Annual Institute on Telecommunications Policy & Regulation, Commissioner Nathan Simington called on the FCC to modify its equipment authorization process to require device manufacturers to provide software security updates to their wireless devices for a defined period of time.
“It’s time to turn our attention to the millions of wireless devices in our country that are insecure, not because they’re made by unfriendly state-controlled entities or criminal hackers masquerading as legitimate manufacturers, but rather, because their makers have failed to put sufficient care into making and keeping them secure,” said Simington.
According to Simington, “For software updates…all that’s required is that the maker identify the flaw in the code, fix it, test it, and release it through their update channels…The burden of releasing a software update—a relatively small amount of labor inside a company’s engineering offices—is vastly outweighed by the benefit to society—a dangerous vulnerability being closed on thousands or millions of devices in active use across American households and businesses.”
As for the FCC’s authority to act in this matter, Simington believes that “Title 3 of the Communications Act gives us expansive authority to regulate RF emitting devices to make sure they don’t cause harmful interference.” Accordingly, “I believe that our equipment authorization and spectrum licensing regime includes such a requirement already. It’s just a matter of updating our assumptions about what’s possible.”
Read the complete text of Commissioner Simington’s speech outlining his proposal for mandatory software updates for wireless devices.