FCC Chairman Brendan Carr has announced the creation of a new Council on National Security within the agency, which he says aims at strengthening US defenses against foreign technology threats — particularly those from China.
According to the FCC, the Council will use the full scope of the FCC’s regulatory, investigatory, and enforcement powers to protect US networks, technology, and supply chains.
Carr also appointed Adam Chan, his National Security Counsel, as the first Director of the Council.
“Today, the country faces a persistent and constant threat from foreign adversaries, particularly the CCP,” said Carr. “These bad actors are always exploring ways to breach our networks, devices, and technology ecosystem. It is more important than ever that the FCC remain vigilant and protect Americans and American companies from these threats. Because these threats now cut across a range of sectors that the FCC regulates, it is important that the FCC’s national security efforts pull resources from a variety of FCC organizations.”
Three Main Goals
The Council’s three main goals are, firstly, to reduce the American technology and telecommunications sectors’ trade and supply chain dependencies on foreign adversaries. Next, to mitigate America’s vulnerabilities to cyberattacks, espionage, and surveillance by foreign adversaries. Finally, to ensure the States wins the strategic competition with China over critical technologies, such as 5G and 6G, AI, satellites and space, quantum computing, robotics and autonomous systems, and the Internet of Things
Made up of representatives from eight FCC Bureaus and Offices, the Council is designed to improve cross-agency collaboration and intelligence sharing, and it will coordinate with national security partners in the Executive Branch and Congress to advance a unified security strategy. Evan Dornbush, former NSA cybersecurity expert:
The FCC announcement to build a China-focused response capability is in its infancy, so it may be too early to understand the first-order tactics or their effectiveness, says Evan Dornbush, former NSA cybersecurity expert. “This is a bold step. The FCC owns the airwaves, and with so much technology leveraging wireless, from drones using GNSS to cellular networks using foreign-made 5G routing to mesh networks coordinating over the managed spectrum, it’s clear the FCC is crucially placed to have an impact.”
The Stick and Carrot
Dornbush says this also gives the FCC a proverbial stick to match its carrot. “Over the summer when US telecom carriers revealed that the lawful intercept systems they are obligated to operate (due to CALEA, which is managed by FCC) were exposed to foreign adversaries. The resulting action? Congress gave a $3B handout to “rip and replace” foreign-manufactured equipment. With that gone, telcos still have vast exposure from old legacy equipment likely vulnerable to both known and zero-day exploits.”
What might it take for these companies to upgrade? Asks Dornbush. “The new authorities could increase audits and inspections. It could increase stricter fines or other penalties.”
He says the stick could apply to areas other than telecoms entities. “It is common practice for foreign companies to white label through US shell entities to get around various disclosures and other restrictions pertaining to license applications. Tightening up the authorization process to trace the supply chain can perturb aggressors trying to preposition deeply embedded malware.”
Information Security Buzz News Editor
Kirsten Doyle has been in the technology journalism and editing space for nearly 24 years, during which time she has developed a great love for all aspects of technology, as well as words themselves. Her experience spans B2B tech, with a lot of focus on cybersecurity, cloud, enterprise, digital transformation, and data centre. Her specialties are in news, thought leadership, features, white papers, and PR writing, and she is an experienced editor for both print and online publications.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.