FEDERAL COMMUNICATIONS COMMISSION WASHINGTON OFFICE OF THE CHAIRMAN October 14,2016 The Honorable Ted Lieu U.S. House of Representatives 415 Cannon House Office Building Washington, D.C. 20515 Dear Congressman Lieu: Thank you for your letter sharing your concerns regarding the Commission's inquiry into the Signaling System Number 7 (SS7) protocol. As communications technologies transition from legacy systems and networks to new all IP-networks, there is a potential for new cyber and security risks. Unfortunately, a legacy protocol such as SS7 exemplifies these vulnerabilities. For this reason, earlier this year, the Commission tasked the Communications Security, Reliability, and Interoperability Council (CSRIC) to examine vulnerabilities associated with the SS7 protocol and other key communications protocols. CSRIC has established a working group to assess vulnerabilities and current defensive mechanisms related to SS7 security and to make recommendations to the FCC on solutions. After meeting with several communications security experts both within and outside of the U.S. on the SS7 security issues, the group provided its initial risk assessment brief at its September meeting. CSRIC will submit a final report with recommendations to the Commission in March of next year. In the meantime, the FCC continues to scrutinize our numbering initiatives and the increased concerns regarding robocalling to identify how underlying SS7 vulnerabilities may contribute to risks in these areas. We continue to work with our federal government and communications sector partners to bring about meaningful solutions and risk mitigation strategies that will address the SS7 problem and continue the Commission's mission of ensuring that communications networks are secure, reliable and resilient. I appreciate your interest in this matter. Please let me know if I can be of any further assistance. Sincerely, !t/?- Jlf7F!~~ Tom Wheeler