Why is the FCC’s Cybersecurity Certification Program Voluntary?

Yesterday, the FCC came out with some news about establishing a voluntary cybersecurity certification program for Internet and other communication providers, which is proposed to be part of the National Broadband Plan. The agency will be soliciting comments on its tentative cybersecurity ideas until Sept. 8.

As we have highlighted before on this blog, our biggest concerned about the National Broadband Plan is security portion of the public safety portion of the plan so we’re pleased about this latest development. This new certification program certainly is a response to reports of cyber attacks increasing over the past 12 months. According to The Hill, one firm told the commission that the total number of malware samples archived in its database last year reached 40 million — its highest point in 20 years.

The FCC is acknowledging that cyber security is an issue when it comes to the National Broadband Plan with this proposed certification program. But, our big question is…why is it voluntary? Shouldn’t it be mandatory? Isn’t there just too much at risk to do something of this scale on a “voluntary” basis?

The Hill also stated that the FCC envisions its system as completely voluntary, “but that by agreeing to participate, such communications providers would be bound by the program’s rules.” So, ISPs that agree to participate will be bound by stringent rules. Hmmm…who wants to place bets on how many ISPs will actually step up to the plate? We figured you wouldn’t take that bet.