Outgoing FCC Chair Issues Final Security Salvo Against China | Threatpost

Outgoing Federal Communications Chair Ajit Pai has issued a final warning about Chinese telcos at the end of a tenure spent cracking down on companies like Huawei, ZTE and China Telecom.

Pai, a former telecommunications industry lobbyist and in-house counsel for Verizon, told Reuters that managing security threats against U.S. networks from Chinese espionage will be the “biggest national security issue that regulators will face in the next four years.”

Pai has spent a significant amount of time and energy at the FCC trying to block Chinese telecommunications companies from selling their hardware  into communications networks in America — including devices, switches and routers. Pai posits that these companies are reportedly controlled by the Chinese government and are suspected to have backdoors and other loopholes built into the products to allow the Chinese to spy on Americans.

“The Chinese Communist Party has a very determined world view,” Pai told Reuters. “They want to dominate this space and exert their will — even beyond their own borders. That is a serious threat not just to internet freedom but to national security for us and for many of our allies.”

The Chinese government and these companies, for their part, have denied all allegations of backdoors and espionage associated with their equipment. Huawei and ZTE also remain top movers in the 5G network-building space worldwide.

Reacting to the Chinese 5G Threat

As the race to build out 5G networks continues, the security of the supply chain is getting closer examination.

“A backdoor to a lawful intercept interface could yield a treasure trove of information to a malicious actor — including the current location of a target, details including when and where a call was placed, and even the ability to eavesdrop or listen into a current call,” Russ Mohr, engineer and Apple evangelist at MobileIron, told Threatpost. “A backdoor is an extremely valuable resource to a bad actor, and it is likely that it would be much more valuable as an asset to collect data than as a mounting point for an attack — although it may provide an opportunity to inject ransomware into a 5G network targeting a mobile carrier.”

Huawei for one has vigorously denied the allegations. A senior Huawei official told the paper: “The use of the lawful interception interface is strictly regulated and can only be accessed by certified personnel of the network operators. No Huawei employee is allowed to access the network without an explicit approval from the network operator,” the official said.

Accessing the backdoors without carrier permission “is extremely implausible and would be discovered immediately,” the official added.

Huawei and other Chinese telecommunications companies have also been widely accused of stealing American technology and trade secrets and selling the competing products at a far cheaper price, which has led to the wide adoption of Chinese products to build out networks all over the world.

In response to all of the concerns, the Trump administration set out to send a strong message back to China with help from Pai.

In Dec. 2018, Huawei executive Meng Wanzhou was arrested in Vancouver International Airport on fraud charges from the U.S. Department of Justice. Meng is still in Canada, living under house arrest in very opulent surroundings, awaiting trial for allegedly for doing business with Iran in violation of U.S. sanctions.

Meng has denied the allegations.

State-owned China Mobile was banned by the FCC from providing communications services in the U.S. in 2019. Further, Pai’s FCC designated ZTE and Huawei national security threats, forbid any U.S. provider from doing business with the Chinese companies and even got Congress to approve $1.9 billion for providers to rip out and replace existing Chinese telecom equipment on their networks.

The Department of Justice indicted Huawei in 2019 for stealing T-Mobile’s intellectual property. CNET also reported Huawei is suspected to be working with the Chinese government to help identify Uighur minorities, in violation of human rights. In June, the Trump administration designated Huawei as backed by the Chinese military.

On Jan. 18, just two days before leaving office, President Trump hit Huawei suppliers with additional restrictions.

Is the response overblown? Canada, Germany and the U.K., among others, are taking no such extreme steps. Yet India and other countries have followed suit in banning Chinese telecommunications gear from new networks.

“The general sentiment among security practitioners agrees with the core of what Ajit Pai noted,” Brandon Hoffman, CISO at Netenrich told Threatpost. “It is hard to ignore the concrete examples that have been found over the years of this very issue.”

5G: A Trade Chip?

That said, others have said the bans may have played into trade negotiations with China.

“The telecom industry is strategic to all of our economies, and I think it’s a major trade chip that’s being used,” Gordon Smith, CEO of Sagent telecom told The Hill in the wake of the FCC’s 2019 sanctions against Chinese telecom companies told The Hill. “And I think U.S. action now is to get action from China on other matters.”

It’s still unclear whether the new Biden administration and its new FCC Chair Jessica Rosenworcel will take the same hawkish stance with China, but she very publicly broke with Pai on Trump’s 2019 tariffs on Chinese goods, warning they would stall the rollout of 5G in the U.S.

“The administration’s trade war with China threatens to increase the costs of wireless infrastructure by hundreds of millions of dollars at a critical moment in the race to 5G,” Rosenworcel, then an FCC board member said in a Politico op-ed. “Getting caught in a trade war that impacts so much 5G network deployment is foolhardy. It’s not the way to win. It sacrifices our leadership in technology.”

Download our exclusive FREE Threatpost Insider eBook Healthcare Security Woes Balloon in a Covid-Era World , sponsored by ZeroNorth, to learn more about what these security risks mean for hospitals at the day-to-day level and how healthcare security teams can implement best practices to protect providers and patients. Get the whole story and DOWNLOAD the eBook now – on us!