Last week, if you recall, I wrote about DDoS attacks becoming longer. During my research for that article, I found several pieces that talked about the FCC and its response to a DDoS attack that appeared to be in retaliation for the agency’s stand on net neutrality. The FCC refuses to provide details of the […]
Last week, if you recall, I wrote about DDoS attacks becoming longer. During my research for that article, I found several pieces that talked about the FCC and its response to a DDoS attack that appeared to be in retaliation for the agency’s stand on net neutrality. The FCC refuses to provide details of the attack or reveal its security system to protect from future attacks. It’s a measure that is raising concern in Congress. When the leadership of several Congressional committees wanted answers about the FCC’s cybersecurity preparedness, according to an Engadget article, FCC Chairman Ajit Pai responded:
it would undermine our system’s security to provide a specific roadmap of the additional solutions to which we have referred. . . . [W]e can state that FCC IT staff has notified its cloud providers of the need to have sufficient ‘hardware resources’ available to accommodate high-profile proceedings.
When I read this, I wondered, why the secrecy, especially in light of Congress pushing legislation to encourage and require cybersecurity information sharing. As Allison Bender wrote on behalf of IAPP:
Cybersecurity information sharing and collaboration can help organizations and governments protect against cyber attack; such sharing and collaboration increasingly are expected elements of cyber risk management programs.
Yet, the FCC refuses to cooperate or share information. They won’t respond to Freedom of Information Act (FoIA) requests, citing an ongoing internal investigation of the DDoS attacks.
Frankly, I’m concerned by the FCC’s unwillingness to discuss its cybersecurity efforts, but I also wondered if this was a good or bad strategy overall. Should organizations keep their security efforts under wraps? I took my questions to Carl Herberger, vice president of security at Radware, who immediately pointed out that the FCC highlights the issue of whether or not we should create a national cybersecurity disclosure law for both businesses and government organizations. In certain states, security breach notification laws require private companies to detail potential breaches and other cyberattacks, holding them to a standard of transparency. However, this does not exist at a national level for businesses or the government. He believes there is an implicit need to establish clear and objective rules for what should be made public. He added:
This would ensure that we are holding the FCC and other government organizations to important requirements for cybersecurity, and it would help us to better understand attacks as they occur and prevent them in the future. Additionally, by making the nature of attacks and the vulnerabilities behind them more public, we could motivate open debate about the best way to protect ourselves, where the vulnerabilities are, and how to ensure that potential targets are more secure in the future.
I think Pai’s response to Congress was vague and that the FCC should be more clear about cybersecurity within the agency. What do you think? Should government agencies be more forthcoming about how they protect their networks and websites? Should they be more willing to share and collaborate?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
