Suggested Changes for Subsea Cable Rules Face Fierce Industry Opposition
Better submarine cable network security starts with walling off untrusted vendors and adversary nations, trade groups and national security interests told the FCC in docket 24-523 this week. Many criticized the NPRM -- which proposes rules changes aimed at addressing national security and law enforcement threats to cables -- as creating more complexity and burdensome regulations and flying in the face of the FCC's "Delete, Delete, Delete" deregulatory agenda. Commissioners adopted the subsea cable NPRM unanimously in November (see 2411210006). The subsea cable industry has said it hoped the Trump administration would alleviate the particularly onerous regulatory burdens it faces (see 2502260042).
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
Many of the subsea cable NPRM proposals "are duplicative, unnecessary, or will result in significant new compliance burdens ... with little-to-no tangible national security benefit," the Submarine Cable Coalition said. It expressed particular concern about the idea of the licensing requirement umbrella expanding to cover data center owners and indefeasible rights-of-use holders. The group supports requiring more detailed disclosures of cable system information, as long as the FCC ensures that it doesn't include public disclosure of non-public technical information, it said.
The end result of the NPRM is "extensive and unnecessary paperwork and reporting requirements" for submarine cable operators, said the North American Submarine Cable Association. NASCA said the national security concerns that the FCC voices in the NPRM ignore the "longstanding and continuous oversight" of submarine cables by the Justice, Defense and Homeland Security departments through the Committee for the Assessment of Foreign Participation in the U.S. Telecommunications Services Sector.
Incompas warned the proposed subsea cable regulatory requirements could create unintended national security threats. Requiring the disclosure of precise cable landing locations could raise the threat of sabotage while also driving other countries to create reciprocal requirements, Incompas said. The entire proceeding is intended to offer pragmatic reforms but instead will "likely create a new and unnecessary layer of bureaucracy and red tape." A better way of tackling national security issues would be for the FCC to provide a list of adversary countries and a rebuttable presumption that new subsea cables landing in the U.S. can't directly connect to those nations and that companies directly or indirectly owned by those nations can't own or control new subsea cables that land in the U.S.
The FCC should bar any entity on its covered list and those subject to the jurisdiction or control of a foreign adversary from owning submarine cables connected to the U.S., said the Foundation for Defense of Democracies. It said the commission should also restrict subsea cable makers from incorporating equipment from firms on the covered list or equipment produced by firms under the jurisdiction of foreign adversaries. Such steps "will prevent Beijing from using its control over strategic supply chains to introduce vulnerabilities into a key pillar of U.S. critical infrastructure."
The Telecommunications Industry Association said the existing licensing process' targeting of and restrictions on untrusted vendors is "vague and ad-hoc" and needs improvement. Beyond the use of a covered list of vendors to limit their participation, the FCC should work with national security agencies on more possible restrictions.
Deregulatory Opportunity
The FCC should take the subsea cable proceeding as an opportunity to tackle a burdensome and overlong licensing process that results in "highly bureaucratic, overly complex, and ever-changing requirements," the International Connectivity Coalition said. The NPRM's proposals would lengthen that application-review process, it added. While the FCC talks up the 45-day shot clock under its streamlined application process, that clock starts ticking when the application is put out for public notice, not when it's filed, and that can take months, it said. The group urged an alternative licensing framework for allied entities and already authorized applicants as a means of hastening subsea cable deployments by trusted providers.
CTIA argued against the NPRM's proposed three-year reporting cycles, which it said would carry big administrative burdens. CTIA also advised against shorter license terms, detailed disclosures of infrastructure and service offerings, and requiring licensing of rights-of-use holders and capacity lessees. While barring use of covered list equipment or services in submarine cable systems is laudable, the list's impact shouldn't be expanded like that without direction from Congress -- especially since the NPRM contemplates a "rip-and-replace" process, though no funds have been appropriated, CTIA said.
NCTA said that requiring network capacity lessees, including rights-of-use holders, to get licenses would lead to big regulatory costs and delays. They already have to follow numerous laws, standards and contractual requirements designed to promote secure communications infrastructure, and additional cybersecurity regulations are unnecessary, the group said. It pushed back on shortening license terms as well, saying it's unnecessary in light of three-year reporting periods. Amazon also opposed shorter license terms and urged that licensing requirements be only on parties owning or controlling the physical cable facilities and equipment. Microsoft similarly opposed shorter license terms and pushed back against expanding licensing to cover entities like customers and collocation owners that don't have operational control of a system.
USTelecom said some of the changes floated in the NPRM could mean big compliance burdens for subsea cable applicants and licensees with little corresponding benefit. There's nothing indicating that the current licensing and reporting regime is jeopardizing the security of the subsea communications infrastructure, it argued, and the commission instead should replicate what it does for 5G funding recipients, requiring risk management plans based on the National Institute of Standards and Technology's cybersecurity framework.
There were repeated calls for using cybersecurity standards other than NIST's. Cable network operators Southern Cross Cables and Pacific Carriage said they back the idea of cybersecurity certifications but asked that the International Organization for Standardization's version also be acceptable. They said they generally support a three-year reporting cycle, as long as it's in place of shortening license terms from 25 years. Granting licenses for less than that would jeopardize new builds, given how capital-intensive they are, and the long lead times involved in planning and construction, they said. TIA said its SCS 9001 supply-chain security management system can also help protect supply chains.