As the telecommunications industry densifies its networks for 5G, regulators and some federal agencies are concerned about the security of the supply chain. In a hearing before the House Committee on Homeland Security on Wednesday, government and industry representatives told lawmakers that public-private partnerships can advance these objectives, but much needs to be done.
Committee Chairman Bernie Thompson (D-MS) said concerns about the origin components embedded in our devices, such as cell phones, computers, and satellites, are nothing new, but it’s more urgent now.
He cited a 2012 Senate Intelligence Committee report about the threats products from Chinese telecom companies ZTE and Huawei pose to U.S. national security interests – claims they deny. “The Chinese government has spent years strategically investing in and promoting Chinese information and communications technology to advance its national agenda – at our expense,” said Thompson.
He noted the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) is spearheading a public-private initiative to provide recommendations for assessing and managing the DHS Communications Sector Coordinating Council’s (ICT) supply chain risks. In a recent report, the task force identified practices and policies related to telecommunications supply chain threat information sharing and evaluation, whitelisting, along with associated challenges.
USTelecom SVP Cybersecurity Robert Mayer was one of the hearing witnesses and wears several hats. He also chairs the ICT’s Supply Chain Risk Management Task Force. It’s hard to overestimate the complexity of supply chain challenges, Mayer explained.
“For both suppliers and buyers, the potential universe of supply chain vulnerabilities touches all aspects of information technology — hardware and sub-components, IoT devices, operating systems, software and applications of all varieties, cloud and hosting services, telecommunications equipment or services. Essentially, any physical or logical element that can be used to generate, store, manipulate, or transport data in digital form,” Mayer told lawmakers. “That means the billions of new connected objects coming online will expand the risk universe exponentially.”
A big issue Mayer and others who spoke have identified as a serious obstacle to supply chain risk management concerns information sharing about bad actors. “Information about suspect suppliers cannot be freely exchanged when enterprises are subject to a variety of legal actions,” he said. The working group recommended that independent legal counsel study the matter more deeply with possible legislative or regulatory recommendations to reduce liability risk.
By Leslie Stimson, Inside Towers Washington Bureau Chief
October 17, 2019
Reader Interactions