Voglio sapere a riguardo di…

Federal Register / Vol. 86, No. 158 / Thursday, August 19, 2021 / Proposed Rules
lotter on DSK11XQN23PROD with PROPOSALS1

promote better cybersecurity practices going forward. Consumer Tech. Assn, Smart Policy to Secure our Smart Future: How to Promote a Secure Internet of Things for Consumers Mar.
2021 CTA Cybersecurity White Paper, https www.cta.tech/Resources/
Newsroom/Media-Releases/2021/
March/IOT-Device-Security-WhitePaper-Release. In this white paper, CTA
encourages public-private partnerships to develop and deploy risk-based approaches to cybersecurity, and argues that neither the new Administration nor Congress should embrace rules, product labels or certification regimes for consumer IoT. They claim that cybersecurity mandates, pre-market approval, and government certification or labeling of IoT devices are likely to require an enormous bureaucracy and have unintended consequences. The Commission seeks comment on these views. Are there any gaps in the NIST
IoT Report or other federal efforts to address IoT security that the Commission could help address?
The Commission recognizes that consideration of how to incentivize cybersecurity best practices through the equipment authorization process aligns closely with the recently issued Executive Order 14028, which directs NIST to work with the Federal Trade Commission and other agencies to develop a labeling program to identify specific IoT cybersecurity criteria and provide that information to consumers.
Exec. Order No. 14028, Executive Order on Improving the Nations Cybersecurity, 86 FR 26633, 2664041, 4su May 17, 2021. While the Director of NIST has not yet identified the agencies that will participate in the forthcoming IoT cybersecurity labeling program, the Commission seeks comment on whether the Commission can support these efforts, either directly or indirectly. If so, how?
Legal Authority Adopting rules that take security into consideration in the equipment authorization process would serve the public interest by addressing significant national security risks that have been identified by this Commission in other proceedings, and by Congress and other federal agencies, and doing so would be consistent with the Commissions statutory purpose of regulating interstate and foreign commerce in communication by wire and radio . . .
for the purpose of the national defense and for the purpose of promoting safety of life and property through the use of wire and radio communications.
47 U.S.C. 151. The Commission tentatively concludes that doing so is
VerDate Sep<11>2014

16:45 Aug 18, 2021

Jkt 253001

not specifically authorized by the Secure Networks Act itself, pursuant to which the Commission adopted the Covered List. However, the Commission has broad authority to adopt rules, not inconsistent with the Communications Act, as may be necessary in the execution of its functions. 47 U.S.C.
154i. The Commission believes that, in order to ensure that the Commissions rules under the Secure Networks Act effectively preclude use of equipment on the Covered List by USF recipients as contemplated by Congress, it is necessary to rely on the Commissions established equipment authorization procedures to restrict further equipment authorization, and the importation and marketing, of such devices in the first instance. As discussed above, the Commission also relies on the equipment authorization process to implement other statutory duties, including the duty to promote efficient use of the radio spectrum, the duties under the National Environmental Policy Act to regulate human RF
exposure, the Commissions duty to ensure that mobile handsets are compatible with hearing aids, and the duty to deny federal benefits to certain individuals who have been convicted multiple times of federal offenses related to trafficking in or possession of controlled substances. The Commission believes that these processes can and should also serve the purpose of fulfilling other Commission responsibilities under the Secure Networks Act, and the Commission seeks comment on that issue.
The Commission also believes that other authorities in the Communications Act of 1934, as amended, provide authority for the Commission to rely on for potential modifications to its rules and procedures governing equipment authorization. Since Congress added section 302 to the Act, the Commissions part 2 equipment authorization rules and processes have served to ensure that RF equipment marketed, sold, imported, and used in the United States complies with the applicable rules governing use of such equipment. See Equipment Authorization of RF Devices, Docket No.
19356, Report and Order, 39 FR 5912, 5912, para. 2 1970. That section authorizes the Commission to, consistent with the public interest, convenience, and necessity, make reasonable regulations . . . governing the interference potential of devices which in their operation are capable of emitting radio frequency energy by radiation, conduction, or other means in sufficient degree to cause harmful
PO 00000

Frm 00038

Fmt 4702

Sfmt 4702

46643

interference to radio communications.
47 U.S.C. 302a1. Regulations that the Commission adopts in implementing that authority shall be applicable to the manufacture, import, sale, offer for sale, or shipment of such devices and . . . to the use of such devices. 47 U.S.C.
302a2. The authorization processes are primarily for the purpose of evaluating equipments compliance with technical specifications intended to minimize the interference potential of devices that emit RF energy. As noted above, however, these rules are also designed to implement other statutory responsibilities. The Commission seeks comment on the scope of the authority to rely on such rules to effectuate other public interest responsibilities, including the Commissions section 303e authority to regulate the kind of apparatus to be used with respect to its external effects. 47 U.S.C. 303e.
Section 302a directs the Commission to make reasonable regulations consistent with the public interest governing the interference potential of devices; it would appear to be in the public interest not to approve devices capable of emitting RF energy in sufficient degree to cause harmful interference to radio communications if such equipment has been deemed, pursuant to law, to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons. The Commission seeks comment on this tentative conclusion.
The Commission also seeks comment on a potential alternative basis for such security rules. The Communications Assistance for Law Enforcement Act CALEA includes security requirements that apply directly to equipment intended for use by providers of telecommunications services. 47 U.S.C.
10011010. Section 105 requires telecommunications carriers to ensure that the surveillance capabilities built into their networks can be activated only in accordance with a court order or other lawful authorization and with the affirmative intervention of an individual officer or employee of the carrier acting in accordance with regulations prescribed by the Commission, 47
U.S.C. 1004 and the Commission has concluded that its rule prohibiting the use of equipment produced or provided by any company posing a national security threat implements that provision. Supply Chain First Report and Order, 34 FCC Rcd at 1143637, paras. 3536. The Commission is required to prescribe rules necessary to implement CALEAs requirements. 47
U.S.C. 229.

E:FRFM19AUP1.SGM

19AUP1