AGENCY:

Federal Communications Commission.

ACTION:

Notice.

SUMMARY:

In this document, the Commission seeks comment on new security issues that implementation of the fifth generation (5G) wireless network and device security presents to the general public, and on the current state of planning to address these issues. The inquiry, focusing on cybersecurity for 5G, raises fundamental questions about scope and responsibilities for such security. The goal of this proceeding is to begin a conversation on the state of 5G wireless network and device security and to foster a dialogue on the best methods for ensuring that the 5G wireless networks and devices used by service providers in their Start Printed Page 7826operations are secure from the beginning.

DATES:

Comments are due on or before April 24, 2017; reply comments are due on or before May 23, 2017.

ADDRESSES:

You may submit comments, identified by PS Docket No. 16-353, by any of the following methods:

• Federal eRulemaking Portal: http://www.regulations.gov. Follow the instructions comments.
• Federal Communications Commission's Web site: http://fjallfoss.fcc.gov/​ecfs2/​. Follow the instructions for submitting comments.
• Mail: Filings can be sent by hand or messenger delivery, by commercial overnight courier, or by first-class or overnight U.S. Postal Service mail. All filings must be addressed to the Commission's Secretary, Office of the Secretary, Federal Communications Commission.
• People with Disabilities: Contact the FCC to request reasonable accommodations (accessible format documents, sign language interpreters, CART, etc.) by email: FCC504@fcc.gov or phone: (202) 418-0530 or TTY: (202) 418-0432.

For detailed instructions for submitting comments and additional information on the rulemaking process, see the SUPPLEMENTARY INFORMATION section of this document.

FOR FURTHER INFORMATION CONTACT:

For further information, contact Gregory Intoccia of the Public Safety and Homeland Security Bureau, Communications Cybersecurity and Reliability Division, at (202) 418-1470 or at Gregory.Intoccia@fcc.gov.

SUPPLEMENTARY INFORMATION:

This is a summary of the Commission's Notice of Inquiry, DA 16-1282, adopted and released on December 16, 2016. The full text is available for public inspection and copying during regular business hours in the FCC Reference Center, Federal Communications Commission, 445 12th Street SW., Room CY-A257, Washington, DC 20554. This document will also be available via ECFS at http://transition.fcc.gov/​Daily_​Releases/​Daily_​Business/​2016/​db1216/​DA-16-1282A1.pdf. Documents will be available electronically in ASCII, Microsoft Word, and/or Adobe Acrobat. The complete text may be purchased from the Commission's copy contractor, 445 12th Street SW., Roomy CY-B402, Washington, DC 20554. Alternative formats are available for people with disabilities (Braille, large print, electronic files, audio format), by sending an email to fcc504@fcc.gov or calling the Commission's Consumer and Governmental Affairs Bureau at (202) 418-0530 (voice), (202) 481-0432 (TTY).

Synopsis

I. Introduction and Background

1. Fifth generation (5G) wireless technologies represent the next evolutionary step in wireless communications. These networks promise to enable or support a diverse range of new applications, and will provide for a vast array of user requirements, traffic types, and connected devices. 5G communications technology could be particularly useful in enabling the growing number of high-capacity networks necessary for transformative business and consumer services, as well as backhaul, and communications related to the “Internet of Things” (IoT) technology.

2. 5G has the potential to be an enormous driver of economic activity. It is a national priority to foster an environment in which 5G can be developed and deployed across the country. That means both ensuring that networks are secure and that the regulatory obligations are measured. The Federal Communications Commission (FCC) has an opportunity at this stage to ensure that these new technologies and networks are secure by design. Therefore, while the FCC is moving quickly to make the spectrum needed for 5G available in the near term, it is also seeking to accelerate the dialogue around the critical importance of the early incorporation of cybersecurity protections in 5G networks, services, and devices.

3. In its July 2016 Spectrum Frontiers Report and Order, the FCC reiterated its view that communications providers are generally in the best position to evaluate and address security risks to network operations. Toward this end, the FCC adopted a rule requiring Upper Microwave Flexible Use Service licensees to submit general statements of their network security plans. The statements are designed to encourage licensees to consider security in their new 5G networks. The Public Safety and Homeland Security Bureau (PSHSB) issues this Notice of Inquiry (NOI) to seek input on the new issues raised by 5G security in order to foster dialogue between relevant standards bodies and prospective 5G providers on the best methods for ensuring that networks and devices are secure from the beginning.

4. PSHSB intends this inquiry to complement the important work on cybersecurity that is already taking place within the government and private sector. The FCC, these other groups, and the wireless industry all have a significant interest in ensuring that these new networks consider security risk and mitigation techniques from the outset. This NOI, and the record it seeks to develop, will help in that effort.

5. PSHSB recognizes that the inquiry, focusing on cybersecurity for 5G, raises fundamental questions relative to scope and responsibilities. Security of network infrastructure, such as protecting software and hardware that are essential to signaling and control of Radio Access Networks and to ensure the proper operation of the network, creates one perspective. Another perspective, however, is the end-to-end security of both the network and the devices that connect to commercial network services. Devices and other network elements may be furnished by the service provider, third parties, and consumers themselves. Who should be responsible for cyber protections for a device, or should responsibility be shared in some recognizable manner across the 5G ecosystem? PSHSB also appreciates that 5G is not apt to be a separate network, but rather will be integrated with existing previous generation networks, perhaps indefinitely. Do questions about the cyber protections of 5G networks inherently implicate the other networks associated with them? Where should the lines between networks be drawn relative to responsibility for 5G cybersecurity?

II. Inquiry

6. This NOI looks holistically at the security implications arising through the provision of a wide variety of services to various market sectors and users in the future 5G network environment. The NOI also explores 5G security threats, solutions, and best practices. As used in this NOI, “security” and “information security” refer to protecting data, networks, and systems from unauthorized access, use, disclosure, disruption, modification, or destruction, in order to protect confidentiality, integrity, and availability with respect to such networks, systems, and defined user communities. The terms “confidentiality,” “integrity,” and “availability,” or “CIA,” are meant to refer to those three interrelated, and dynamic principles (“that collectively guide security practices and illustrate the various considerations that must be applied when developing a security posture for communications technologies and services. Confidentiality” refers to protecting data from unauthorized access and Start Printed Page 7827disclosure. “Integrity” refers to protecting data from unauthorized modification or destruction, both at rest and in transit. Finally, “availability” refers to whether a network provides timely, reliable access to data and information services for authorized users. All three of these principles are fundamental to any security framework and are dynamically interrelated, and thus no particular principle should be addressed in isolation if 5G security is to be achieved.

7. As an initial matter, the NOI seeks to understand the current state of security planning for 5G networks. Please comment on the current efforts across industry to study 5G security, develop security protocols and solutions, and triage 5G security issues when they arise. How are equipment developers considering security in the design of 5G equipment? How are service providers considering security in the planning of 5G networks and ensuring end-to-end security where 5G technology is integrated with prior generation technology in heterogeneous networks? How can the FCC support and enhance this work? What known vulnerabilities require increased study? How should 5G differ in terms of cybersecurity needs from its widely-deployed predecessor generation, 4G LTE? What cybersecurity lessons can be learned from 4G deployment and operational experience that are applicable to the 5G security environment? What should be different, if anything, between LTE pre-5G deployment and post-5G deployment?

8. The Commission encourages commenters to consider this common thread throughout the NOI: how can the FCC, working together with other stakeholders, ensure the rapid deployment of secure 5G networks, services, and technologies?

A. Protecting Confidentiality, Integrity, and Availability

9. The FCC seeks to promote 5G security through a “security-by-design” approach to 5G development. The NOI seeks comment on the premise that, by utilizing the “confidentiality,” “integrity,” and “availability” (CIA) principles, a firm may avoid or mitigate 5G network and device data security risk through strong, adaptive, protections against unauthorized use, disclosure, and access. What are the benefits and limitation of a security-by-design approach and of employing CIA principles?

10. Please comment on how the CIA principles are being considered for 5G networks, systems, and devices. In particular, the NOI examines below how CIA principles are being taken into consideration with respect to authentication, encryption, physical security, device security, protecting 5G networks from cyber attacks, patch management, and risk segmentation of networks. This is a non-exclusive list, and comment is requested on other areas that are potential vulnerabilities for 5G.

1. Authentication

11. Preserving the confidentiality and integrity of networks, systems, and data depends on limiting access to authorized users. This is typically accomplished through effective, and sometimes mutual, authentication. Mutual authentication generally requires that both entities involved in a transaction verify each other's identity at the same time. The NOI seeks comment on the use of authentication in networks today and whether existing authentication practices will be applicable to the 5G environment. The NOI further seeks comment on the effective use of mutual authentication, in particular, for protecting 5G networks against unauthorized access and end-user devices against attaching to malicious network components, as well as the perceived limitations and drawbacks of those uses. Are there specific considerations that would apply to 5G devices? Under what circumstances would mutual authentication be considered essential to ensure or bolster security? Are there any circumstances where mutual authentication would not be beneficial? If a communications provider did not invest in mutual authentication, how would that likely affect its relative overall security risk? What other authentications methodologies might be effective for 5G security? Would the mass deployment of high-volume, low-cost 5G devices in IoT networks present particular authentication challenges? How can providers effectively authenticate the communications of high-volume, low-cost 5G devices—device to device, device to network, and network to device? How can providers effectively address these challenges? Would it be appropriate for 5G architects to consider identity credentialing and access management, in addition to authentication?

2. Encryption

12. Encryption can be an important aspect of protecting confidentiality, integrity and availability in communications environments. The NOI seeks comment on the planned deployment and use of encryption to promote 5G security, as well as on the perceived challenges, costs, and benefits of encryption at both the network and device levels.

13. Please comment on whether currently available encryption protocols are effective in securing devices and are likely to be effective in a 5G environment in which innumerable, low-cost devices are expected to operate, as well as ways that 5G participants can address encryption key management and distribution mechanism challenges. Additionally comment is requested on stakeholder responsibilities with respect to objective encryption key management for 5G.

14. Please also comment on whether encryption is necessary for all 5G communications, and whether the decisions made by the 3rd Generation Partnership Project (3GPP) standards body that resulted in non-encryption for such systems are rooted in increased latency, degraded performance due to added signaling or computational requirements, an interest in minimizing changes to LTE standards as 5G is standardized, or other factors. Please comment on what lessons, if any, can be learned from the underlying rationale of these decisions as they pertain to encryption for 5G communications.

15. Finally, the NOI seeks comment on whether 5G service providers should distinguish between the application of encryption to products that would operate primarily on the 5G control plane and those that would be part of the user plane. If such a distinction is desirable, how should such a distinction be made?

3. Physical Security

16. Physical security aims to protect networks and critical components of end-user devices, even where those devices are in the possession of unauthorized users. Please comment on physical security objectives and needs in the 5G environment, and on any other considerations the FCC should take into account in its examination of physical security of 5G networks and devices.

17. What device- and network-based physical security methods would be most effective if applied to 5G devices? To what extent does lack of physical security pose a threat to, or introduce risk from unsupervised 5G devices? To what extent does lack of physical security pose a threat to, or introduce risk from unsupervised 5G devices? Will the 5G environment present any new or unique challenges? What other issues and factors should the FCC consider on the question of preserving confidentiality, integrity and availability through physical security?Start Printed Page 7828

18. What aspects or uses of 5G networks should be considered “mission critical” and, as such, do they warrant special consideration with respect to physical security? What “mission critical” activities distinguish these networks and how can they be physically secured in the 5G environment? Should certain 5G networks be physically diverse at the network level as a result of the “mission-critical” aspects they support or enable? If so, how should that diversity be achieved?

4. Device Security

19. Ensuring the provision of confidentiality, integrity, and availability requires that devices are secure and capable of authenticating on the network. What methodologies will be used to protect the variety of devices connected to 5G networks? Is current SIM technology robust enough to ensure security without posing threats to consumers, service providers, or the underlying infrastructure? Will SIM technology be leveraged for 5G? Do standards for next generation SIM cards effectively address security and integrity concerns? What new security benefits or challenges are created by the use of eSIMs? Are there non-SIM methods that should be considered for high-volume, low-cost devices, and if so, are standards bodies currently developing standards for such methods? What other issues and factors should the FCC consider on the question of preserving CIA through device security?

5. Protecting 5G Networks From DoS and DDoS Attacks

20. A security exploit that targets network resources, such as a Denial-of-Service (DoS) or Distributed Denial of Service (DDoS) attack, could have an impact on availability of service by causing a total or partial disruption of service. The NOI seeks comment and supporting data on the mechanisms most likely to be effective at preserving confidentiality, integrity and availability through mitigation of DoS and DDoS attack risks in the planned 5G environment, including techniques for protecting both the network control and data planes. Which methods of defense against DoS and DDoS attacks are the most cost-effective?

21. Please comment on whether additional standards are needed to assist in mitigating DoS and DDoS attacks. What anti-spoofing technologies are most likely to be effective in the 5G environment, and what are the challenges to their deployment?

6. Patch Management

22. For more than a decade, communications security authorities and expert bodies, such as the FCC's Federal Advisory Committee for communications security policy development The FCC seeks comment and supporting data on patch management's role as part of a service provider's overall security risk management strategy in the 5G environment.

23. Please also comment on which 5G network elements can be successfully maintained by service providers through patch management. There are generally four types of patches that are pushed to devices with service provider involvement: (1) Patches from service providers to their own infrastructure; (2) patches service providers require and push on to subscriber devices; (3) patches to third-party infrastructure that are leased by service providers but owned by a third party; (4) patches to subscriber devices that are sent by device manufactures under the direction of service providers. For each type of patch, please comment on processes that service providers and mobile device manufacturers should adopt to sustain an effective patch management program in the 5G environment. How do service providers and mobile device manufacturers routinely make themselves aware of new vulnerabilities that need to be patched? How soon after a vulnerability is discovered is the corresponding patch pushed to devices? What other mechanisms might preclude unauthenticated code from running on 5G devices that are connected to their networks?

24. Please comment on how 5G service providers and equipment manufacturers can ensure that critical security software updates are installed on their subscriber devices in a timely fashion. How can 5G service providers effectively ensure firmware and software patch management related to security through their customer relationships? How common is it for manufacturers or service providers to rely on consumers to become aware of and install patches to their software and/or hardware? What do 5G service providers plan to do to help ensure that a subscriber's devices remain “patchable” and/or “discoverable” for purposes of device updates? How can consumers determine whether an older device or service, no longer being sold at retail, is still receiving security-related patches and whether it is still safe to use?

25. Finally, please comment on whether relevant standards have been produced that present a common approach, or describe a best practice, to facilitate patch management procedures that can be applied regardless of the underlying device operating system in a 5G ecosystem. In the absence of any deployed standard, should this effort be explored, and if so, which standards body or forum would be the best candidate to address this issue? What other issues and factors should the FCC consider on the question of preserving CIA through patch management?

7. Risk Segmentation

26. Risk segmentation involves splitting network elements into separate components to help isolate security breaches and minimize overall risk. Risk segmentation or network slicing might allow greater resiliency, more effective cyber threat monitoring and analysis and stronger security for network service supporting critical infrastructure communications (to include ICS and SCADA). Please comment on the use of segmentation in 5G networks and how segmentation can reduce risk in such networks.

27. Please provide comments and supporting data on ways that segmentation could be achieved throughout the 5G ecosystem to ensure service providers have greater situational awareness and ability to respond to, and contain, security threats. What lessons have service providers and other enterprises learned about the application of segmentation in older networks that can be applied to 5G networks? To what extent can service providers use network segmentation technologies, such as a virtual private network (VPN) or other cryptographic separation, to help ensure that no device operating on their network's control plane is directly and immediately accessible via the Internet? Could VPNs or a similar mechanism be scaled in such a way that 5G providers could implement segmentation across their entire ecosystem? Please comment on the technologies used for network segmentation, and on how to ensure that future networks employing these new architectures use security-by-design principles to minimize security risk.

28. Should segmentation in the 5G environment be based on geography or region, on type of function or device, or by community of interest? To what extent are service providers segmenting physical, logical and virtual risks? Please comment on what 5G service providers plan to do to establish logical and physical separation of different bands and/or receive antennas in order to improve integrated device security.Start Printed Page 7829

29. Please comment on whether certain network elements or activities merit special consideration with respect to risk segmentation. To what extent are such segmentation strategies effective in reducing security risk?

30. Risk segmentation can also be applied to devices in terms of firmware, software, and data. In some cases, configuration data may be set as read-only by the device, but can only be changed by the service provider. Please comment on whether privacy features and requirements have been standardized in organizations like 3GPP (and to what extent they will be standardized for 5G) to support confidentiality and integrity of information. What other issues and factors should the FCC consider on the question of preserving CIA through segmentation?

31. Finally, with respect to each of the topics discussed above, the FCC seeks information regarding which standards bodies are involved and the state of standards development to protect CIA in the 5G environment. Is there a need for additional standards body involvement?

B. Additional 5G Security Considerations

1. Overview

32. It is widely expected that 5G networks will be used to connect the myriad devices, sensors and other elements that will form the Internet of Things (IoT). The anticipated diversity and complexity of these networks, how they interconnect, and the sheer number of discrete elements they will comprise raise concerns about the effective management of cyber threats. How can holistic security objectives for 5G be established? What roles can service providers and device manufacturers play to reduce security risk for various communities of interest? How should service providers, device manufacturers, standards bodies and the FCC coordinate their efforts? Are there particular standards being developed for 5G IoT applications? Finally, please comment on benefits and costs associated with effective hardware, firmware, software, and application security for 5G.

33. Please provide comments on the extent to which IoT devices could place 5G networks at unique risk. For example, are there particular vulnerabilities that arise from, or are increased by, the fact that 5G communications have relatively short range and rely on multiple access points? It is possible that some of IoT devices will have limited security features. Could this have a negative effect on overall 5G network security? If so, what roles can network equipment providers, ISPs and device manufacturers play, by themselves and in coordination, to mitigate the risks? Are any lessons being learned from the October 2016 DDoS attacks relevant to 5G? Where risk externalities exist? How will the 5G marketplace address cybersecurity risk in the commons?

34. Please comment on whether and how security needs for 5G IoT devices might differ from other infrastructures, including, in particular, each of the critical infrastructure sectors. What expectations would various critical infrastructure sectors likely have for the security capabilities and features of 5G services? Does the government have a role where residual risk unduly threatens critical infrastructure or national security, and if so, what should it be?

35. Given the likely unprecedented diversity of connected devices and their manufacturers, comment is sought on whether 5G security could be challenged by hardware issues, including threats from a compromised supply chain. How are service providers and equipment manufacturers currently assessing supply chain risks? Are they assessing risks consistent with NIST guidelines? The FCC seeks comment on whether, and if so, how 5G service providers should ensure the provenance of the hardware, firmware, software, and applications operating in their environments. What special considerations, if any, should be applied relative to 5G supply chain risks?

36. Please comment on benefits and costs associated with effective hardware, firmware, software, and application security for 5G. What are the costs associated with updating existing hardware, firmware, software, and applications versus the costs of adding entirely new elements for a totally new security posture? Is there a role for 5G-specific third party security entities? Do benefits and costs vary depending on the use of open-source software compared to proprietary software? What are the costs of adding security-specific features to 5G network hardware, firmware, software and applications? Are there scale economies observed across local, regional, and nationwide 5G networks? Finally, what other issues or factors should the FCC consider with respect to the preservation of confidentiality, integrity and availability in the 5G environment?

2. Roles and Responsibilities

37. Because of the anticipated proliferation of 5G networks and the devices that will be deployed on them, there is a chance that the cyber integrity of the network as a whole could be overlooked on the assumption that another network participant would be responsible. Is this a valid concern? Please provide comments on who should be responsible for assuring cyber security across the 5G ecosystem, what principles should guide the management of cyber risk, and how cyber risk should be managed within companies. How should providers work together across the 5G ecosystem to achieve desirable outcomes in cyber risk management?

38. Relatedly, please provide information on how the 5G ecosystem will share information about cyber threats and concerns. Please comment on whether an Information Sharing and Analysis Organization (ISAO) construct could be or should be applied to the 5G ecosystem. Would it be appropriate to develop a 5G-specific ISAO? Should 5G networks be instrumented to support automated cybersecurity threat indicators and network anomaly information sharing and analysis? Is an ISAO or multiple ISAOs the right focal point for automated cyber information sharing and analysis? Should it address IoT concerns more broadly or focus on network-based considerations? Who should be involved? Should work of ISAOs dealing with related topics be formally coordinated? If so, how? What are the proper roles of standards bodies, advisory committees such as the North American Numbering Council (NANC), industry authorities, numbering and data services and the FCC?

39. The NIST Framework for Improving Critical Infrastructure Cybersecurity Framework (NIST CSF) has been voluntarily used by members of the critical infrastructure community, including the communications sector, for several years to help manage cybersecurity risk. Please comment on whether, and if so how, the NIST CSF can be used to manage risk for 5G service providers and networks. The NIST CSF includes several top level organizational functions that can be performed concurrently and continuously to form an operational culture that addresses dynamic security risk, namely, Identify, Detect, Protect, Respond, and Recover (IPDRR). Please comment on unique factors with respect to these functions that should guide 5G design, standards development and operations.

3. Other Considerations

40. Are there additional functions that should be considered in the 5G environment? How should addressing Start Printed Page 7830and naming be accommodated for 5G? Are stakeholders working to evolve any of today's numbering schemas to encompass 5G? What practical steps should 5G planners take in order to ensure that the functions discussed in this NOI, and any other relevant functions, are properly considered and implemented within their respective organizations?

4. Benefits and Costs

41. Please comment on the public harm expected to result from failure to integrate confidentiality, integrity and availability into 5G networks through authentication, encryption, physical and device security, protecting against DoS attacks, patch management and risk segmentation. Could failure to implement these measures decrease broadband adoption and detract from its productive economic use? Could it reduce the risk of loss of competitively sensitive information for businesses? Could it prevent the loss of consumers' personally identifiable information? Could it play a role in preventing the unnecessary loss of life or property by, for example, preventing malicious intrusion into critical infrastructure? How should the FCC quantify these benefits in terms of their economic impact? What other benefits would likely stem from an appropriately secure 5G network?

42. Please comment on the costs associated with the implementation of the measures discussed above as investments early in the design and build plans of networks, as opposed to “bolt-on” security after deployment. Are there opportunities for 5G implementation that would only be realized if networks are perceived to be secure? Are there some security elements that, by plan, should be “just in time” or reactive investments, based on realized threats, after 5G implementation? Would these costs include those associated with updating existing hardware, firmware, software, and applications? How would the costs of system updates compare to the costs of adding entirely new elements for a totally new security posture? Do benefits and costs vary depending on the use of open-source software compared to proprietary software? If so, to what extent are open-source solutions available that could reduce costs? Are there scale economies observed across local, regional and nationwide 5G networks? Please comment on specific costs associated with authentication, encryption, physical and device security, protecting against DDoS attacks, patch management and risk segmentation in the 5G environment.

C. 5G Implications for Public Safety

43. Many public safety services and technologies are undergoing radical change as underlying networks transition from legacy to IP-based modes. Will any new categories of public safety sensors or other machine-based tools become an included part of 5G public safety communications architecture? The development of 5G networks will potentially contribute new capabilities to these IP-based public safety platforms while also creating new challenges, including security challenges, for public safety entities.

44. Please comment on the security implications of linking or integrating 5G networks with IP-based public safety communications platforms. Could this create new security risks or vulnerabilities for NG911, first responder communications, or emergency alerting? What responsibility should 5G service providers have for mitigating and managing these risks? Conversely, could 5G networks help reduce security risks that public safety faces in migrating from legacy to IP-based technologies? Could 5G services support ICAM in a manner that reduces these security risks? Should public safety anticipate a need for unmanned, unattended device ICAM? Are there special considerations for standards development for public safety services and technologies for 5G, and if so, are standards bodies addressing these issues? Is there a need for additional standards body involvement?

III. Procedural Matters

A. Ex Parte Rules

45. This proceeding shall be treated as a “permit-but-disclose” proceeding in accordance with the Commission's ex parte rules. Persons making ex parte presentations must file a copy of any written presentation or a memorandum summarizing any oral presentation within two business days after the presentation (unless a different deadline applicable to the Sunshine period applies). Persons making oral ex parte presentations are reminded that memoranda summarizing the presentation must (1) list all persons attending or otherwise participating in the meeting at which the ex parte presentation was made, and (2) summarize all data presented and arguments made during the presentation. If the presentation consisted in whole or in part of the presentation of data or arguments already reflected in the presenter's written comments, memoranda or other filings in the proceeding, the presenter may provide citations to such data or arguments in his or her prior comments, memoranda, or other filings (specifying the relevant page and/or paragraph numbers where such data or arguments can be found) in lieu of summarizing them in the memorandum. Documents shown or given to Commission staff during ex parte meetings are deemed to be written ex parte presentations and must be filed consistent with rule 1.1206(b). In proceedings governed by rule 1.49(f) or for which the Commission has made available a method of electronic filing, written ex parte presentations and memoranda summarizing oral ex parte presentations, and all attachments thereto, must be filed through the electronic comment filing system available for that proceeding, and must be filed in their native format (e.g., .doc, .xml, .ppt, searchable .pdf). Participants in this proceeding should familiarize themselves with the Commission's ex parte rules.