U.S. Telecom Networks: What Secure Equipment Act Means for MSSPs
President Biden has signed into law one of a flurry of bills recently introduced in Congress to secure the nation’s telecommunications network from cyber threat actors. It’s an important one because it cements prior federal government actions to blacklist Chinese telecom equipment makers from U.S. mobile network 5G build outs.
The Secure Equipment Act of 2021, introduced in the House in mid-June 2021 by Reps. Steve Scalise (R-LA) and Anna Eshoo (D-CA), directs the Federal Communications Commission (FCC) to adopt rules to prohibit sales of devices from Chinese state-backed or controlled suppliers such as Huawei, ZTE, Hytera, Hikvision and Dahua in the U.S.
Many U.S. telecom companies have MSSP business units. The new law could inspire those MSSPs to more closely identify monitored equipment — in a bid to find and replace blacklisted gear.
The Road to this Law
The FCC in 2020 adopted new rules to require that U.S. telecommunications carriers rip out and replace equipment provided by “covered” companies. However, those rules only applied to equipment purchased with federal funding, which could still be bought with private or non-federal government dollars.
The new law effectively closes that loophole by directing the FCC to clarify that it will no longer review or issue new equipment licenses to companies on the agency’s “Covered Equipment or Services List” that pose a national security threat. The companion Senate bill, which passed with no amendments, had near unanimous support in an October 2021 vote. Its sponsors in the upper chamber are Senate Intelligence Committee Vice Chairman Marco Rubio (R-FL) and Sen. Ed Markey (D-MA).
Such is the importance of securing the nation’s critical infrastructure telecommunications systems from potential and real cyber threats that the bill quickly moved its way through the Senate in late October to Biden’s desk. Its sponsors praised the bill being codified into law.
“The Chinese Communist Party will stop at nothing to exploit our laws and undermine our national security,” Rubio said. “This legislation fixes a dangerous loophole in our law, curtailing their efforts to worm their way into our telecommunications networks. I am grateful that President Biden signed this bill into law so that critical American infrastructure is protected.”
Markey said the bill will “keep compromised equipment out of U.S. telecommunications networks.” And, in the House, Scalise said the bill’s signing showed that Congress can work together in a bipartisan fashion. “With this bill being signed into law, we have sent a strong signal to the Chinese Communist Party that America is committed to protecting our telecommunications networks and the data security of our nation.”
As for the FCC, Commissioner Brendan Carr said the bill ensures that “insecure equipment from Huawei, ZTE, and other untrustworthy entities can no longer be inserted into our communications networks.”
More Legislation Pending
In addition to the newly codified Secure Equipment Act, other legislation to secure the nation’s telecommunications network is on the table. In July, the House Energy and Commerce Committee passed seven other bipartisan telecom-centric cybersecurity bills intended to help protect small telecom providers, small businesses and the public from cyber attacks, hackers and malware.
The bills, passed by voice vote in the House, include:
- The Understanding Cybersecurity of Mobile Networks Act, sponsored by Eshoo (D-CA) and Adam Kinzinger (R-IL) would require the National Telecommunications and Information Administration (NTIA) to examine the cybersecurity of mobile service networks and vulnerability to cyber attacks. It has yet to move.
- The Information and Communication Technology Strategy Act, sponsored by Reps. Billy Long (R-MO), Abigail Spanberger (D-VA), Buddy Carter (R-GA) and Jerry McNerney (D-CA), would direct the Commerce Department to submit to Congress a report on the economic competitiveness of trusted vendors in the telecom supply chain. It’s currently in Committee.
- The Open RAN Outreach Act, introduced by Reps. Colin Allred (D-TX), Tom O’Halleran (D-AZ), Brett Guthrie (R-KY) and Richard Hudson (R-NC), directs the NTIA to provide outreach and technical assistance to small telecom providers on Open Radio Access Networks (Open-RAN) and other open network architectures. It’s currently in Committee.
- The Future Uses of Technology Upholding Reliable and Enhanced Networks Act, backed by Reps. Mike Doyle (D-PA), Bill Johnson (R-OH) and Lucy McBath (D-GA), would require the FCC to create a 6G Task Force. It has yet to move.
- The NTIA Policy and Cybersecurity Coordination Act, sponsored by Reps. Jeff Duncan (R-SC), Susan Wild (D-PA) and John Curtis (R-UT), would rename the existing NTIA Office of Policy Analysis and Development to the Office of Policy Development and Cybersecurity. It’s ordered to be amended by voice vote.
- The American Cybersecurity Literacy Act, introduced by Kinzinger, Eshoo, Marc Veasey (D-TX), Chrissy Houlahan (D-PA) and Gus Bilirakis (R-FL), would require NTIA to develop and conduct a cybersecurity literacy campaign to educate U.S. individuals about common cybersecurity risks and best practices. It’s on the Union calendar.
- The Communications Security Advisory Act of 2021, sponsored by Reps. Elissa Slotkin (D-MI), Kurt Schrader (D-OR) and Tim Walberg (R-MI), would codify an existing FCC advisory council, the Communications Security, Reliability, and Interoperability Council. It’s currently in Committee.
Huawei: A Common U.S. Concern?
Many of the telecom security bills have as their backdrop the federal government’s resolve to sweep Chinese communications giants Huawei, ZTE and others from the nation’s mobile networks and to prohibit both from lucrative 5G build outs. U.S. officials have long viewed Chinese telecom makers as grave threats to national security. In July, 2020, Huawei and ZTE were officially barred from supplying U.S. companies with telecom gear.
That action was a mere formality. Nine months earlier, the FCC prohibited U.S. companies from tapping the agency’s $8.3 billion Universal Service Fund to buy materials from entities threatening the country’s communications infrastructure. Both Huawei and ZTE had been tagged as unacceptable suppliers years earlier over Congressional concerns – reinforced by a 2017 Chinese law mandating citizens disclose sensitive information to the government – that each company could pry open U.S. network vulnerabilities if so prodded by Party officials.
The Trump administration also established a $1 billion fund to help the FCC assist smaller telecom companies with ripping out and replacing existing equipment deemed to be a threat.