An FCC panel appears to be backing down from recommending strict cybersecurity controls to US telecoms, submitting a watered-down list of recommendations instead, reports The Wall Street Journal. The final report is scheduled to be released Monday evening.
The Communications, Security, Reliability, and Interoperability Council (CSRIC) is tasked with making recommendations to the FCC for how to protect US communications systems. It doesn’t have regulatory authority, but its recommendations inform industry best practices. For instance, last year, the CSRIC unanimously recommended a code of conduct to mitigate botnet attacks, which was promptly implemented by many in the industry. This time around, the recommendations included a list known as the 20 Critical Security Controls. The list was created by a security training firm called the SANS institute, along with the National Security Agency, the Department of Defense, incident response firms like Mandiant, and companies with major security breach experience like McAfee and Lockheed. The controls include precautions like limiting which employees get administrator privileges on company networks, requiring regular backups and testing of company data, and restricting access to network ports and protocols.
No comments:
Post a Comment