Qtnngress nf t}Je llnite~ §fates 
maslJington, mor 20515 
The Honorable Tom Wheeler 
Chairman 
Federal Communications Commission 
445 1i11 Street S.W. 
Washington, D.C. 20554 
Dear Chairman Wheeler: 
June 16, 2014 
Cybersecurity and the protection of U.S. telecommunications networks are critical to our national 
security. We write to you today because, while there is much debate over the approach and direction the 
federal government should take to protect public and private networks, there is one principle upon which 
we collectively and wholeheartedly agree: increased regulation is unlikely to alleviate cyber threats or 
enhance providers' ability to respond to them in real-time. 
In a December appearance before the Subcommittee on Communications and 
Technology, you testified that you believed a collaborative, multistakeholder approach to 
cybersecurity was preferable to a regulatory approach. However, statements by you and 
senior Commission staff suggested otherwise, and lead us to be concerned that the 
Commission may be preparing to implement a new regulatory scheme that would 
significantly impact Internet service providers and other web services. For example, in 
an April speech to the National Emergency Number Association, Public Safety and 
Homeland Security Bureau Chief Simpson said that the Commission is "bringing 
additional accountability to the network ... to help ensure standards for reliability and 
resiliency are achieved, standing reach to survive ... cyber attacks." In subsequent public 
statements you explained that "We're intending this to be a new regulatory paradigm, and we're 
giving you the opportunity to write it." 
While your most recent speech to the American Enterprise Institute appears to indicate that you 
will rely on industry and the market first, our concerns remain. We believe that prescriptive 
regulations are not necessary, a view that Michael Daniel, Special Assistant to the President and 
Cybersecurity Coordinator shares, and even well-meaning regulation cannot keep pace with 
evolving cybersecurity threats. We caution you to resist the temptation of regulation and the 
potential negative impact on private sector cyber risk management and their ability to mitigate 
threats in real-time. 
We also question why the FCC's Fiscal Year 2015 budget requested a substantial funding 
increase for cybersecurity activities, including funding for "Big Data Cybersecurity Analytics and 
a Cybersecurity Metrics" program. While we support efforts to ensure that the Commission's 
internal systems are secure from cyber-attack, these initiatives appear to be outward, or industry, 
facing. 
PRINTED ON RECYCLED PAPER 
As Members of Congress with jurisdiction over the FCC and Federal telecommunications laws, 
we seek answers to the following questions: 
• Upon what basis have you concluded that companies subject to the FCC's jurisdiction are not 
adequately protecting their networks from cyber attacks? 
• What are the "other options" you are referring to when you state that you "will rely on industry 
and the market first while preserving other options if that approach is unsuccessful." 
• What would constitute a lack of success by the industry and the market that would trigger your 
pursuit of these "other options" ? 
• How would prescriptive regulations enhance cybersecurity and encourage companies to create 
innovative cybersecurity strategies? 
• Do you believe the FCC has statutory authority to impose regulation related to cybersecurity 
practices? If so, what specific statutory provisions provide the FCC with such authority? Please 
explain. 
Mr. Chairman, there is no question regarding the urgency of addressing the increasingly damaging threat 
of cyber attacks. Nonetheless, we are equally steadfast in our belief that it would be premature to impose 
prescriptive regulations on the communications sector, and that the FCC must act only within its existing 
statutory authority and to come to Congress should it have additional desires that extend beyond existing 
authority. 
We appreciate your shared interest in protecting our networks from cyber threats, and we look forward to 
your answers to our outstanding questions. 
Sincerely, 
~ ----~---+-P-om __ p_e_o_