CSRIC Adopts Supply Chain Recommendations

The FCC’s Communications Security, Reliability, and Interoperability Council today approved recommendations from its working group on emergency alerting to amend a report presented and adopted in September and an “addendum” dealing with supply chain issues for the report presented in September by the network reliability and security risk reduction working group (TR Daily, Sept. 28).

Emergency alert working group Chair Farrokh Khatibi, who is director-engineering at Qualcomm Technology, Inc., explained that his group’s additional recommendations include enhancing the emergency alert system (EAS) to enable information not currently available in EAS-native format and to evaluate the desirability of retaining EAS AFSK (audio frequency-shift keying) in its current state and trying to extend it to include some new features.

Another set of additional recommendations from the emergency alert working group focused on the importance of sending alerts in a timely fashion to targeted individuals in a secured manner.  Recommendations included conducting additional investigation into the use of digital signatures as a solution to EAS security and into technical or system impacts — if any — to allowing the usage of embedded audio files in CAP [common alerting protocol] alert messages.”

Network reliability and security risk reduction working group Chair Travis Russell, who is director–telecommunications cybersercurity at Oracle Communications, described the supply chain addendum to the group’s September report as recommending that the FCC participate in the Department of Homeland Security’s Information and Communications Technology Supply Chain Risk Management (ICT SCRM) Task Force with other agencies.  “If the FCC decides that regulatory action on SCRM is necessary based on responses to the current NPRM on restricting use of USF funds, that regulatory action should be focused as narrowly as possible to avoid broader impacts across the supply chain,” he said.

Mr. Russell said that “we will most certainly have to come back and continue to review this continuously.”

The working group also recommended that service providers and the vendor community actively participate in and support development of recommendations by the ICT SCRM Task Force in support of the National Risk Management Center.

It recommended that the industry use distributed ledger technology, or block chain technology, for supply chain management.

Mr. Russell said that his working group’s next deliverable for the CSRIC’s March meeting will be a review of best practices and recommendations from previous CSRICs, with suggestions for updating them. —Lynn Stanton, lynn.stanton@wolterskluwer.com

Courtesy TRDaily