Charter Communications urged the Federal Communications Commission (FCC) to use its authority to require Internet of Things (IoT) device makers to implement certain safeguards in their products, arguing unsecured connected devices represent a growing threat to broadband networks.
Operator representatives met with officials from the offices of all three current FCC Commissioners and Chairwoman Rosenworcel in late January and early February to press for action. During the meetings, Charter’s representatives highlighted its efforts to secure the equipment it issues to customers – including routers – but pointed out a growing number of cyber threats exploit vulnerable IoT devices.
Its claim is not unfounded. A cybersecurity report issued by Lumen Technologies in November showed a third of the 500 largest DDoS attacks in Q3 took aim at the telecommunications sector. The report also noted the number of global IoT DDoS botnet hosts jumped 45% sequentially in Q3 to more than 217,000.
RELATED: Lumen finds a third of the largest DDoS attacks in Q3 targeted telecoms
Charter argued IoT device manufacturers are in “the best position to address these common security vulnerabilities” and said the FCC’s equipment authorization program offers an avenue for it “to ensure that those devices come equipped with reasonable cybersecurity safeguards.” Specifically, Charter asked the FCC to require that IoT devices prompt users to set a new password other than the default during the setup process and run operating systems which prevent them from connecting to broadband networks without “appropriate authorization.”
“Taken together, both requirements would help to ensure that all new IoT devices offer a baseline functionality that would make it more difficult for unauthorized users to infect consumer devices and networks,” Charter stated in an ex parte filing.
The operator’s request comes in response to an FCC Notice of Inquiry which sought feedback on how the agency might use its equipment authorization program to help mitigate threats to the communications supply chain.
However, Charter’s position, which it first outlined in an October 2021 filing, puts it at odds with broadband industry association USTelecom. The group argued in its own filing that the FCC should not attempt to regulate IoT security through its own programs but instead defer to other federal agencies such as the National Institute of Standards and Technology (NIST).