The Senate Permanent Subcommittee on Investigations released on Tuesday a report, “Threats to US Networks: Oversight of Chinese Government-owned Carriers.” The document slams the current government review process that oversees how Chinese telecom companies operate in the United States for not rigorously monitoring Chinese tech providers. It outlines a Senate investigation that began shortly after the Federal Communications Commission (FCC) in May 2019 denied a China Mobile USA application to provide international telecom services.
The subcommittee said it reviewed more than 6,400 pages of documents and conducted more than ten interviews, including interviews with representatives from the FCC, Department of Justice (DOJ), Department of Homeland Security (DHS), China Telecom Americas, China Unicom Americas, ComNet, AT&T, Verizon and CenturyLink. The subcommittee also said it met with researchers who analyzed the Chinese government’s use of telecommunications carriers to hijack communications.
The subcommittee’s investigation found that the FCC and “Team Telecom,” a formerly informal group composed of representatives from the DOJ, DHS and Department of Defense, have failed to adequately monitor three Chinese government-owned carriers, China Telecom Americas, China Unicom Americas, and ComNet since they began operating in the United States in the early 2000s.
“This bipartisan report demonstrates that federal agencies have done little to protect the integrity of US telecommunications networks and counter national security threats from China,” Senator Rob Portman (R-OH), Chairman of the Subcommittee said in a statement. Tom Carper (D-DE), the ranking member of the subcommittee, echoed Porter, in saying “Our bipartisan report reveals how little oversight has been done of Chinese telecommunications carriers that operate here in the United States.”
Lack of cybersecurity authority in telecom oversight
Although the subcommittee offers a lengthy list of concerns, of particular importance is the lack of real authority that either the FCC or Team Telecom has had in overseeing what the subcommittee characterizes as a Chinese telecommunications market heavily controlled by the government in Beijing.
Among the Subcommittee’s, many findings were the following:
- The FCC regulates foreign carriers seeking to provide international telecommunications services between the United States and overseas locations but has historically relied on Team Telecom to assess the national security and law enforcement risks associated with a foreign carrier’s proposed services.
- The FCC is not required to review a foreign carrier’s authorization once it is granted. Authorizations effectively exist in perpetuity despite any national security implications that might arise.
- Team Telecom was an informal group with no statutory authority. As a result, its review of foreign carriers’ applications was ad hoc, leading to delays and uncertainty.
- Team Telecom had insufficient resources and had fewer than five employees monitoring compliance with the more than 100 security agreements with the Chinese companies currently in effect. It had no statutory authority to conduct meaningful compliance.
Risk management strategy needed
Several experts disagree with this harsh assessment of how the federal oversight process has failed to rein in Chinese supply chain threats. “Our problem is not the lack of adequate enforcement powers for the FCC,” Dr. Peter Cowhey, the Qualcomm Endowed Chair in Communications and Technology Policy and Dean of the School of Global Policy and Strategy at the University of California at San Diego, tells CSO. “It has them. Our problem is the lack of a clear-eyed risk management strategy that considers network risks as a whole.”
Choosing between an outright ban or enhanced safeguards on any Chinese telecom company or tech supplier requires a clearer risk management strategy, Cowhey argues. For example, “You could remove Huawei network equipment from US networks, and you would not eliminate the cybersecurity problems posed by networks where intelligence and control of the network are moving steadily to the network edge in trillions of smart devices.”
“You could ban Chinese networks from operations in the US and thereby create a precedent for other countries to do the same to US networks, and you would not eliminate the risks incurred by global Internet traffic moving on global networks,” Cowhey says.
Private sector lacks information on telecom supply chain risk
Other experts see valid reasons to ban Chinese technology suppliers but think the government could improve the steps to achieve that goal. “The report suggests the US government needs to find better ways to communicate with the private sector earlier about security risks and geopolitics,” Megan Brown, a partner at top communications law firm Wiley Rein and a specialist on matters relating to the FCC and Team Telecom, tells CSO.
“Some companies got the message about Huawei many years ago, but many did not and could not have,” she adds. “Without ties to the national security community or having gone through a Team Telecom review, a smaller or rural provider would not have a way to know the US government’s concerns. Nor frankly would your average IT company or innovator.”
Asked whether the commission could be faulted for not being proactive during a time when few outside of the intelligence community were worried about Chinese supply chain threats, Brown says: “The FCC is not a national security agency, and its comparative advantage will not be as a first-mover on security.”
A lot has happened in the year following the launch of the subcommittee’s investigation. The Commerce Department put Huawei and other Chinese tech giants on an export ban list, blocking US tech suppliers from selling to them. That action followed a White House executive order that bars foreign Chinese providers such as Huawei from providing gear in the US
Last November, the FCC barred the use of its $8.5 billion universal service fund for the purchase of equipment from Chinese tech giants ZTE and Huawei. Shortly after that, the ban was codified in the Secure and Entrusted Communications Act, which prohibits federal subsidies from going toward the purchase of communications equipment or services that pose a national security risk.
In the spring, the DOJ sought to revoke and terminate the licenses of China Telecom. That action followed a surprise executive order that dissolved the informal Team Telecom arrangement to create the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector.
In late April, the FCC issued Orders to Show Cause against four Chinese companies -- China Telecom Americas, China Unicom Americas, Pacific Networks, and ComNet. The orders asked them to explain why the commission should not start the process of revoking their domestic and international section authorizations enabling them to operate in the United States.
Greater coordination needed to mitigate supply chain risk
It’s no surprise, then, that Wiley Rein’s Brown sees the need for greater coordination across the federal government when it comes to supply chain actions against Chinese telecom providers. It “illustrates the need for coordination across federal agencies,” she says.
“There is so much going on right now on ICT supply chains--possible regulation of emerging technology, export controls--it is hard to keep up. It raises serious risk of duplication of effort across Commerce, State, DHS, FCC, and DOJ. There is not a clear point of entry for the government, either for US companies or for overseas companies or investors. It is a challenge.”
The FCC itself is staying mum during its legal proceeding and did not respond to a request for comment from CSO. The Senate subcommittee hopes that the needed coordination will emerge soon. “Especially when dealing with state-owned telecommunications carriers, greater controls are needed, and the Administration and Congress must work together to ensure sufficient safeguards and oversight mechanisms are in place,” the report concluded.