Congress watching FirstNet security, state opt-ins
The House panel in charge of FirstNet oversight did a reality check on the project, with some lawmakers concerned about security and state participation in the nationwide public safety communications network.
The First Responder Network Authority is awaiting industry responses to its request for proposals to build a nationwide public safety communications system for federal, state and local law enforcement and other first responders.
At a hearing of the House Energy and Commerce Committee's Communications and Technology Subcommittee, Chairman Greg Walden (R-Ore.) noted that "the die is cast."
Still, lawmakers charged with oversight of the FirstNet project have expressed concerns about state participation, funding and cybersecurity, among others.
"Whether a business case can be made for what FirstNet is asking will be better understood in April when responses are due and proposals submitted," Walden said.
"Government networks are not secure," said Rep. Marsha Blackburn (R-Tenn.). "There are gaping holes." She cited the breach of the Office of Personnel Management's databases and joined other lawmakers in raising concerns about securing the sprawling national mobile network.
TJ Kennedy, president of the First Responder Network Authority, told the panel that the RFP is a crucial step forward in making the project a functioning, secure reality for all states and first responders.
Kennedy and David Furth, deputy chief of the Federal Communications Commission's Public Safety and Homeland Security Bureau, told lawmakers that the RFP will spur developments in cybersecurity and help define state participation.
Kennedy said the RFP encourages vendors to be innovative, even with cybersecurity tools, instead of offering static solutions.
"The RFP that we issued is intentionally different in many ways from the traditional requirements-based RFPs that are commonly issued by the federal government," he said. "We applied lessons learned from other RFPs and issued an objectives-based RFP to let industry do what they do best and propose innovative solutions, driving competition and bringing creativity to provide the best solution for public safety."
To protect devices, Kennedy said teams in FirstNet's Public Safety Advisory Committee began work last month on implementing local control and identity, credential and access management solutions. FirstNet officials have also been working with industry and the National Institute of Standards and Technology on cybersecurity standards and best practices.
Blackburn and other lawmakers also expressed concerns about state participation in FirstNet. States have the option of submitting plans to run their own networks separate from but interoperable with FirstNet. She wanted to know whether the FCC was "slow walking" its review process to frustrate states that wish to opt out.
"We have no intention of [slow-walking]," Furth said, adding that the FirstNet RFP gives the FCC a better idea of what to review. "Without the RFP, [such specific evaluation] is difficult to do. We needed a reference, so the timing is right."
The FCC intends to set up rulemaking for the process in short order, Furth added.
Kennedy acknowledged that the opt-out questions are complicated but said officials have been talking extensively with states about the project and how they fit in.
Officials have gathered data from more than 11,600 public safety entities, representing 1.6 million public safety professionals from 54 states and territories and seven federal agencies, Kennedy said. The authority has provided baseline data to each state and territory, and input from public safety organizations informed the RFP in areas such as coverage, capacity and incident locations, he added.
Vendors have the opportunity to submit two rounds of questions by Feb. 12 and March 17. Responses to the RFP are due by April 29. Officials have said they plan to award the contract in the fourth quarter of 2016, and Kennedy said he expects to begin deploying the network in mid-2017.