FCC Democrats Expected to Use China Mobile Order to Raise Broader 5G Security Questions
An FCC order rejecting China Mobile’s application to provide telecom services in the U.S. is expected to be the most contentious item at Thursday’s commissioners’ meeting. The order itself isn’t controversial, but questions are expected on whether the regulator needs to do more to address upfront the security of 5G networks, agency and industry officials said. FCC Democrats Jessica Rosenworcel and Geoffrey Starks raised concerns about whether the agency is engaged enough on security issues.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
Industry and agency officials said the two are likely to raise worries that nothing in the order addresses broader concerns, including the role the Communications Security, Reliability and Interoperability Council could play on 5G security. Industry lawyers said the China Mobile order is highly fact specific to just that case. Chairman Ajit Pai spoke told a Prague 5G Security Conference last week that security must be addressed before new networks are built (see 1905020011).
Rosenworcel has focused on the need for the FCC to do more on 5G security. She recently urged it refocus the newly rechartered CSRIC on the topic (see 1904160061) and has said repeatedly the administration should have given the commission a principal seat on the new DHS Information and Communications Technology Task Force (see 1903190055). Rosenworcel also urged a security focus as part of FCC equipment certification rules.
Starks, the newcomer at the FCC, also raised concerns about security issues. “If breached, next-generation networks could turn cutting-edge technologies like autonomous vehicles, drones and utility operations into public safety threats of epic proportions,” Starks told us last month (see 1904240039). The FCC didn't comment Monday.
“The FCC has an important role to play on 5G security, in particular as it relates to specific suppliers deemed to pose national security risks,” said Cinnamon Rogers, Telecommunications Industry Association senior vice president. “The China Mobile item is a great example of the FCC taking appropriate action within its jurisdiction while relying on and deferring to the expertise of national security agencies. That is precisely the approach we’ve urged them to take in the pending USF security proceeding, which we hope they will move forward on soon.”
Public Knowledge Senior Vice President Harold Feld said there’s a “giant FCC-shaped hole” in U.S. security structure. “It is impossible to do cybersecurity of 5G networks, or any of our network, without the FCC, and dangerous to try,” Feld said. “Someone has to herd the cats and make sure that industry gets things done and deployed, in a reasonable period of time and no cutting corners. The FCC should not actually create the standards. Industry is reasonably good at that. But having the FCC to hold the industry accountable, and to potentially bring in outside experts or other stakeholders, is a critical element of success.”
“Industry self-regulation is wanting and inadequate more often than not,” emailed Free Press General Counsel Matt Wood: “When it comes to telecom and cable companies, Chairman Pai's motto is trust but don't verify (at least not until after things break, and sometimes not even then)."
Others said assessing the threat from China and whether the FCC is doing enough is difficult. Carriers have more control of the devices on their networks than do operators in some other nations, which is helpful to security, said American Enterprise Institute visiting fellow Shane Tews. The nature of the threat to 5G networks is hard to assess, she said. “Unless you have the right top secret security clearance and know what’s bugging our intelligence friends,” you “spend a lot of time reading and guessing,” she said. “It’s a known unknown.”
“There seems to be broad agreement between the FCC and the administration” on China security though we’ve seen “little light on the details of the threats,” said Joe Kane, tech policy fellow at the R Street Institute. “That's understandable since much of this has to stay classified, but it does make it difficult for those who aren't privy to the details to evaluate the nature and severity of the risks and say whether existing government and industry-led efforts will be enough,” he said: “That makes the politics of this kind of opaque.” It's easy to argue the U.S. should do more “when the specifics aren't publicly known,” Kane said: “Carriers have a strong incentive to protect their networks, and it's unlikely they need a government mandate to secure them.”
"The good news is that the record speaks for itself,” said Robert McDowell of Cooley. “This FCC has been incredibly energetic and transparent about protecting the security of all telecom networks. At the same time … the Trump administration has been pushing harder for the security of global telecom networks than perhaps any other administration, and that's demonstrable. So criticisms to the contrary ring hollow."
The last CSRIC approved a report on 5G last year and a later addendum to the report (see here and here).