As various arms of the U.S. government focus attention on keeping the nation’s telecommunications infrastructure free from bad actors, questions remain about how to identify and deal with insecure network equipment that may already be in place.
In remarks (PDF) made last Wednesday at the Federal Communications Bar Association, FCC Commissioner Geoffrey Starks noted steps the government has taken to keep equipment made by companies thought to pose a national security risk out of networks. This includes President Trump’s May executive order and effective export ban, and the 2019 National Defense Authorization Act, which prohibits government purchases of telecom equipment from some companies, including Huawei and ZTE.
Earlier this year, the FCC rejected an application from China Mobile to provide telecommunication services in the U.S., citing national security concerns over the Chinese government-owned entity. Starks noted that two other similar companies, China Telecom and China Unicom, already operate in the U.S. and said their authorization should be reevaluated.
The FCC may also bar Universal Service Fund (USF) support for service providers using equipment from Chinese companies like Huawei and ZTE, a decision that could impact smaller and rural carriers who depend on less expensive equipment.
“Each of these actions considers what to do about insecure equipment going forward, but none addresses a critical problem—this equipment is already in our networks,” said Starks. “Lots of it. The threat is real, and it’s already here. And, we need solutions.”
To that end, Starks is scheduled to host a public workshop Thursday with stakeholders including carriers, manufacturers, and trade associations to start developing a road map for what is likely to be a complicated process.
A tentative agenda, released last Friday (PDF), shows three panel sessions each dedicated to one of the following key aspects: how to identify equipment that is at risk and where it’s located, the best approach to fixing insecure equipment, and importantly, how to fund this undertaking.
Starks acknowledged there is ongoing debate as to whether all Huawei equipment poses risks, and if threats only apply to equipment in the network core, or also at the edge.
“The FCC needs to step up here. Congress gave us the authority to gather this information, and we need to use it,” he said.
When it comes to “fixing,” Starks said a "rip and replace" approach may be necessary to ensure carriers transition from insecure equipment as quickly as possible.
“That’s going to take planning and time, which is why we need to start as soon as possible to restore the security of our networks,” Starks said. The panel session will also discuss if monitoring or alternate measures can be part of the solution.
He acknowledged that ripping out equipment could be an expensive undertaking, and said carriers can’t be expected to shoulder the burden alone.
“This is a national problem and it needs a national solution,” commented Starks. “Many of the carriers who purchased this equipment are small or operate in rural areas and may not be able to cover the costs of replacement without financial support.”
The panel session focused on funding will also consider what safeguards and other conditions should be attached to monetary help.
Starks reiterated that security threats don’t just impact individuals or businesses, but the country as a whole.
“Network security is National Security, and our interconnected networks are only as secure as their most vulnerable pieces,” said Starks.