FCC Seeks to Secure US Communications Networks
WASHINGTON – The Federal Communications Commission on Thursday unanimously adopted a Notice of Proposed Rulemaking and Notice of Inquiry intended to secure the nation’s communications networks against cyberattacks.
With seven ransomware attacks per hour in 2020, a total of 65,000, the Commission is taking a “three-pronged strategy to build a more secure and resilient communications supply chain for our 5G future,” said FCC Acting Chairwoman Jessica Rosenworcel during the Open Meeting.
First, it seeks to ban all “authorization of equipment that poses an unacceptable national security risk,” the FCC said, and the current entities identified on the Covered List are Huawei Technologies Company, ZTE Corporation, Hytera Communications Corporation, and Hangzhou Hikvision Digital Technology Company. Along with this prohibition, the NPRM seeks comment on whether it should remove any existing exemption of equipment on the Covered List, revoke any prior authorizations, as well as whether there are any changes necessary for the competitive bidding process of its licensing auctions. Regarding the latter, the FCC seeks further comment on whether anyone bidding in an auction should also provide national security certifications.
“Second, we continue to speed the way for trustworthy innovation.,” Rosenworcel said. The Commission seeks to do this by both “reducing our dependence on network components developed by untrusted vendors” as well as making the FCC’s participation in standards-setting organizations (SSO) a “priority.” According to Commissioner Geoffrey Starks, who led the efforts of including the SSO edit in the NPRM, a 2020 report pointed out the “Chinese government views technical standards as a policy tool to advance its own geopolitical interest and has systematically used its influence”through Chinese nationals in leadership positions in these SSOs.”
“Given China’s focus on undermining the security of the U.S. and other countries, allowing it to dominate the supply chain security standards could not only provide its companies with an economic edge, [but] also result in the further incorporation of vulnerabilities for exploitation,” he warned.
The third step of the prong, Rosenworcel added, has been a “multifaceted effort” of cross-agency engagement as well as with industry participants and “partner nations to protect our networks from threats.”
The NOI also seeks comment to see what further action the FCC could take in securing U.S. communications networks through its equipment authorization. This would be in tandem with incentivizing manufacturers to adopt the best cybersecurity practices in the development and production of consumer devices.