FCC Commissioner Simington Proposes Mandatory Security Updates for Devices
December 22, 2022, Covington Alert
Last week, in remarks at an industry conference, Republican FCC Commissioner Nathan Simington proposed that the FCC consider requiring electronic device manufacturers to “take reasonable steps” to protect device security, including requiring them to issue software or firmware updates to patch security flaws and ensure that devices are designed to be easily patched.
His remarks came just a few weeks after the FCC effectively banned certain Chinese equipment and video surveillance devices from the U.S. market, showcasing an increasing appetite by the agency to use its authority over electronic equipment to regulate the market and safeguard national security interests. For our previous report on that development, click here. This new understanding of the purpose of the FCC’s equipment authorization rules is noteworthy. The FCC previously relied on this authority solely to address technical matters associated with radiofrequency (RF) energy, such as prevention of interference and human safety.
According to Commissioner Simington, the FCC has the authority to impose such requirements under its Title III “power to protect signal security,” which provides the agency with “expansive authority to regulate RF emitting devices to make sure they don’t cause harmful interference.” Commissioner Simington noted that millions of wireless devices are not secure largely because device manufacturers have not been incentivized to ensure their security.
According to Commissioner Simington, insecure RF devices pose not only data and privacy threats, but also the potential to cause harmful interference by significantly disrupting the operation of other, connected devices and services (e.g., rendering nearby Wi-Fi networks inoperable through a deauthentication attack with a single device or hijacking mobile phone basebands to attack wireless networks). He went on to note that “[a]ny vulnerability in a phone operating system, in a smart thermostat firmware, in a 5G base station, is a threat to the security of our wireless networks from harmful interference.”
Given the complexity and associated challenges raised by his proposal, Commissioner Simington called on public and private stakeholders to engage with him to develop a “bipartisan, pro-innovation approach” that protects the public from insecure RF devices “while also making sure that industry is not bogged down with perpetual legal obligations to long-abandoned product lines.”
If you have any questions concerning the material discussed in this client alert, please contact the members of our Communications and Media practice.
Back
