Tag Archive for: FCC

FCC looks into BGP vulnerabilities, in light of Russian hacking threat

/in


The FCC is launching an inquiry into security issues surrounding the Border Gateway Protocol (BGP), a widely used standard used to manage interconnectivity between large portions of the Internet.

The move, announced Monday, was issued in response to “Russia’s escalating actions inside of Ukraine,” according to the commission’s notice of inquiry.

BGP is, in essence, a method of ensuring that independently managed networks that make up the global internet are able to communicate with one another. Its initial design, which the FCC said is still in widespread use today, does not contain important security features, meaning that, simply by misconfiguring its own BGP information, a bad actor could potentially redirect Internet traffic wherever it sees fit. This could let that attacker send incorrect information to its targets, read and compromise login credentials, or simply shut down whichever kinds of traffic it wishes.

The potential consequences of a BGP hack are extreme, the FCC said, noting that the types of network effects such an attack can cause include fallout for critical infrastructure like financial markets, transportation and utility systems.

There are security frameworks out there for BGP — the Internet Engineering Task Force and National Institute of Standards and Technology have both created several standards to make BGP more secure, among other projects with that aim in mind — but the FCC said that many networks have not taken advantage of them and remain vulnerable.

Hence, the commission’s inquiry has several goals, including the identification of the possible harms that could result from malicious attacks on BGP, methods of monitoring for BGP attacks, and any potential ways to accelerate the deployment of security standards for BGP.

Source…

FCC Proposes Stricter Regulations for Data Breach Disclosure 

/in


The Federal Communications Commission (FCC) has proposed stricter requirements for companies to disclose data breaches.

According to the proposal, companies would be required to notify customers affected by inadvertent breaches, and the one-week waiting period before disclosure would be eliminated.

The updates would better align the FCCs rules with recent developments in federal and state data breach laws covering other sectors.    

Lisa Plaggemier, interim executive director of the National Cyber Security Alliance, explained the Biden administration—and government in general—have been making a lot of positive attempts to build more modern and effective cybersecurity protocols in the wake of last year’s news cycle dominated by several high-profile breaches.

“These new guidelines fall right in line with these overarching intentions, and similar measures will likely follow suit in the months and years to come,” she said. 

Unfortunately, last year’s hectic breach-centric news cycle laid bare just how fragmented the government’s oversight and reporting procedures are for the cybersecurity industry.

Moreover, Plaggemier said those constant reports highlighted how important it is for the public and private sector to rethink the way we collectively approach cybersecurity and report cybersecurity incidents.

FCC Addresses Breach Notification Requirements

The proposal outlines several updates to current FCC rules addressing telecommunications carriers’ breach notification requirements, including requiring carriers to notify the commission of all reportable breaches in addition to the FBI and U.S. Secret Service.

The FCC proposal also seeks comment on whether the commission should require customer breach notices to include specific categories of information to help ensure they contain actionable information useful to the consumer, and proposes to make consistent revisions to the commission’s telecommunications relay services (TRS) data breach reporting rule.  

“Current law already requires telecommunications carriers to protect the privacy and security of sensitive customer information,” FCC chairwoman Jessica Rosenworcel said in a statement. “But these rules need…

Source…

FCC Proposal Targets SIM Swapping, Port-Out Fraud – Krebs on Security

/in


The U.S. Federal Communications Commission (FCC) is asking for feedback on new proposed rules to crack down on SIM swapping and number port-out fraud, increasingly prevalent scams in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s online identity.

In a long-overdue notice issued Sept. 30, the FCC said it plans to move quickly on requiring the mobile companies to adopt more secure methods of authenticating customers before redirecting their phone number to a new device or carrier.

“We have received numerous complaints from consumers who have suffered significant distress, inconvenience, and financial harm as a result of SIM swapping and port-out fraud,” the FCC wrote. “Because of the serious harms associated with SIM swap fraud, we believe that a speedy implementation is appropriate.”

The FCC said the proposal was in response to a flood of complaints to the agency and the U.S. Federal Trade Commission (FTC) about fraudulent SIM swapping and number port-out fraud. SIM swapping happens when the fraudsters trick or bribe an employee at a mobile phone store into transferring control of a target’s phone number to a device they control.

From there, the attackers can reset the password for almost any online account tied to that mobile number, because most online services still allow people to reset their passwords simply by clicking a link sent via SMS to the phone number on file.

Scammers commit number port-out fraud by posing as the target and requesting that their number be transferred to a different mobile provider (and to a device the attackers control).

The FCC said the carriers have traditionally sought to address both forms of phone number fraud by requiring static data about the customer that is no longer secret and has been exposed in a variety of places already — such as date of birth and Social Security number. By way of example, the commission pointed to the recent breach at T-Mobile that exposed this data on 40 million current, past and prospective customers.

What’s more, victims of SIM swapping and number port-out fraud are often the last to know about their victimization. The FCC…

Source…

FCC mulls further national security measures

/in


The US Federal Communications Commission (FCC) released the agenda for its next open meeting, highlighting a new national security screen and public safety measures prioritised in the wake of Hurricane Ida.

Acting chair Jessica Rosenworcel stated Commissioners would consider questions relating to national security and law enforcement at the meeting on 30 September, with a particular focus on companies with a significant level of non-domestic ownership.

US law requires companies to inform the Department of Commerce if an overseas business owns or controls 10 per cent or more of the business.

This is the second time the FCC has suggested moves to promote national security: it is already mulling a proposal to deny licences to companies seeking to use equipment made by Chinese vendors Huawei and ZTE.

Also on the agenda is the impact of power cuts on service providers, which was cited as major cause of network outages during Hurricane Ida, which hit the US mainland in late August.

The Commision also plans to discuss a new direction for 4.9GHz spectrum, seeking to increase the use of the band while ensuring current public safety users can still access it.

Rosenworcel added the FCC will begin exploring “the current and future spectrum needs of IoT connectivity”.

She referenced telemedicine, smart transportation networks and precision agriculture as industries which will rely on IoT.

Subscribe to our daily newsletter
Back

Source…