(Reuters) — The top U.S. communications regulator on Thursday urged cable companies to help draft and implement new cybersecurity standards as he seeks to improve the cyber defenses of the industries he oversees.
“The more we learn about the challenges of cybersecurity and the costs of failure, the more apparent the importance of addressing this challenge with best efforts, including yours,” Tom Wheeler, chairman of the Federal Communications Commission, said at the cable industry trade show in Los Angeles.
“We're intending this to be a new regulatory paradigm, and we're giving you the opportunity to write it. I urge you to step up, so we don't have to.”
The FCC, whose oversight includes major wireless and Internet providers, has in the past tried to adopt industry-wide minimum cybersecurity standards but faced resistance from large communications companies.
Mr. Wheeler, at the FCC's helm since November 2013, has reignited the effort. A multi-stakeholder advisory group known as the Communications Security, Reliability and Interoperability Council has started a new review of industry best practices meant to defend the critical networks and communications infrastructure against cyber threats.
That review is based on the minimum cybersecurity standards offered to the private sector by the federal government in the so-called cybersecurity framework introduced in February. The voluntary guidelines, built with vast amounts of industry input, consist of broad benchmarks for companies to measure the effectiveness of their cyber defenses.
“Over the course of the year we will need to see this translate into actual implementation,” Wheeler said on Thursday.
He said he expected the advisory group’s work to be an industry-led effort to “proactively assess cyber readiness” within companies, inform boardrooms of risk assessments and share parts of those assessments with others within the industry.
“We expect this to be done in such a way that those charged with oversight across the regulatory tapestry, recognize and understand the accepted cyber risk,” he said.