Report from CCA Annual Convention
In his first address to attendees of the Competitive Carriers Association’s Annual Convention, the FCC’s newest Commissioner, Geoffrey Starks, said he’s focused on communications network security. The federal government’s position is that Chinese telecoms Huawei and ZTE pose a national security risk. Starks said he’s aware many CCA members have such gear in their networks.
“Where there are national security issues raised, I’m paying close attention,” said Starks. Noting that many small telecoms bought Huawei gear ten years ago, he assured attendees, “These carriers bought this equipment, often a decade ago, because it was far less expensive than other options, and because Huawei was willing to work with them to create customized networks. These purchases did not violate any rules. Yet now, they present security vulnerabilities.”
Huawei software does not have the same consistency as some of its competitors, and Starks has been told it’s hard to know if certain Huawei software will accept updates. “It has front doors,” making it accessible to the Chinese telecom, as well as to “bad actors to exploit vulnerabilities in Huawei’s software code,” said Starks.
He referenced his program Inside Towers reported on to “find it, fix it and fund it.” Carriers have told him they’re worried about being labeled as a security threat. “Do we need to remove all of it, with ‘rip and replace?’ I’m open to considering mitigation measures as an initial approach,” Starks said. Companies like Nokia and Ericsson are willing to develop solutions for smaller carriers, according to the commissioner, and he said he recently had meetings with both manufacturers.
Paying for remediation is a key concern for CCA members. Starks said this is a national problem “and we shouldn’t expect small carriers – who acted legally and in good faith – to replace their insecure equipment on their own.” Starks met yesterday with executives of several CCA members on this issue. “I heard there’s a need for certainty and for the federal government to drive a resolution. We need your input,” he stressed to show attendees.
But a long-term solution will probably require some type of remediation. It will definitely require congressional action, said Starks. “Any funding should require recipients to practice good cyber-security in the future.”
September 18, 2019
Reader Interactions