Telecom industry sources dismissed as a “lead balloon” a leaked National Security Council memo on nationalizing a next-generation “5G” wireless network, presented by NSC staff as a way to secure the system and keep ahead of China. Those industry sources say the Trump administration appears committed to collaboration rather than government dictates on cybersecurity.
The industry has an ally in Federal Communications Commission Chairman Ajit Pai, who said nationalization “would be a costly and counterproductive distraction from the policies we need to help the United States win the 5G future.”
But the White House has not formally walked back the memo. “Absolutely no decision” has been made except for the “need for a secure network,” White House press secretary Sarah Huckabee Sanders said.
And some observers, like the former FCC chairman, say anti-regulatory moves at the commission opened the door to such a drastic proposal.
“So, now the White House awakens to the consequences of the FCC’s actions: worsening vulnerabilities to cyber threats in the next-generation wireless network,” former Chairman Tom Wheeler, a Democrat, said on his blog on the Brookings Institution’s website.
Wheeler called the nationalization approach “mind-boggling” and a mistake, but said it arose in the context of the FCC under Pai scrapping 5G cybersecurity initiatives over the past year.
“Immediately upon taking office, [Pai] rescinded the Obama FCC’s requirement that any new 5G technology must have built-in cybersecurity standards in order to operate in the United States,” Wheeler wrote. “It was a little-noticed and highly significant repeal of a historic FCC action.”
Pai also withdrew an inquiry, initiated under Wheeler, on how the government and industry should proceed on 5G security.
Retired Rear Adm. David Simpson, who served as the FCC’s security chief under Wheeler, cited a “huge disconnect” between Pai’s FCC and other parts of the federal government, including the NSC, on cybersecurity.
“It’s clear that Pai doesn’t believe cybersecurity fits within the FCC’s national security and homeland security charter,” Simpson said.
The FCC did not respond to requests for comment on its approach to 5G cybersecurity, but the commission’s industry advisory panel, the Communications Security, Reliability and Interoperability Council, is working on a proposal on the issue.
Telecom industry sources pushed back hard on the idea of a cybersecurity gap in the wake of Pai’s policies, and on the suggestion that 5G nationalization would help in any way.
“It’s difficult to understand how nationalizing infrastructure would lead to significant improvements in cybersecurity,” one industry source said. “Anything that creates fear, uncertainty, and doubt will dampen innovation and development of cybersecurity products.”
The source added: “I think the White House is looking for more engagement with the [telecom] sector,” while citing “an ongoing dialogue with top officials at the White House and in the agencies. But there’s no evidence that there’s a desire to reverse the policies reflected in the 2017 executive order on cybersecurity that was based on the collaborative model.”
The source and others pointed to a Jan. 5 report by the Commerce and Homeland Security departments on “botnets” — networks of infected devices used to launch cyber attacks — as further evidence of administration commitment to collaboration in contrast to the nationalization idea.
“The Jan. 5 report to the president set very specific expectations on government and industry to work together to resolve the most serious cyber threats,” the telecom source said. This work “is dependent on intense collaboration between industry and the U.S. government, across industries, and in coordination between the U.S. government and like-minded foreign governments.”
“A more prescriptive model, or more interventionist government activity, wouldn’t accomplish more than is envisioned in the Jan. 5 report through collaboration,” the source said.
“The security of the sector was good to begin with and improves every day,” a source close to the wireless industry said. The National Institute of Standards and Technology’s voluntary framework of cybersecurity standards is “the cornerstone of our work [and] we’re always adding new improvements that incorporate the lessons we’re learning.”