Acting FCC chairwoman Jessica Rosenworcel said it has reached a point, on the heels of the Microsoft Exchange software breach, that such breaches are unfolding "like a scene from a scary movie. "We frantically barricaded the doors, only to discover that the threat had been hiding inside the whole time," she said.
In a speech to the Center for Strategic and International Studies (CSIS), Rosenworcel said that the movie only gets scarier with the advent of 5G because it is "connecting everything."
Also Read: FCC Flags More Chinese Telecoms
She said that concern was because "endless connectivity also means new vulnerabilities," which is why building and protecting that connected future "means building security in front from the start.
That concern for the enemy within was behind the FCC's, and Congress', push to weed out suspect tech. "For years while we sought to protect ourselves from external threats, untrusted equipment and services had been sitting undisturbed in our nation’s commercial networks," she said.
The FCC is currently working on getting Chinese tech suppliers ZTE and Huawai, and others, out of U.S. networks and is working on shutting down U.S. operations of some Chinese telecoms.
Also Read: Huawei Opposes FCC Rip and Replace
Taking a page of script from those scary movies, Rosenworcel laid out a plan to avoid the suspect tech equivalent of the slasher movie tropes and that guy with the ax and/or hockey mask, who Rosenworcel did not dub, but might have, "the hacker."
1. Never split up. She said what is a terrible idea for horror movies is similarly so for cybersecurity. She says no single entity can protect cybersecurity alone, which is why she has committed to working with federal partners and the private sector and has set up a cross-bureau team within the agency working on a comprehensive approach to cybersecurity.
2. Don't answer the door. Or put another way, as she did, don't let the threat in in the first place. Her example was replacing insecure tech from Huawei and ZTE, with help from the Secure and Trusteed Communications Networks Act, which ois providing funding for that rip-and-replace programming. She said the FCC is also looking beyond tech to services, including its vote this week to continue proceeding to revoke the authority of China Unicom Americas, Pacific Networks, and ComNet to link to U.S. networks. (It has already revoked that authority for China Mobile USA).
3. Have a backup plan. She told her audience that it was just common sense, and the backup plan was for the FCC to launch its first-ever inquiry--which it also did at this week's March 17 public meeting--into open radio access networks (ORAN), a way to diversity the suppliers of RAN beyond the now-dominant foreign suppliers. She concedes that there are some questions that need to be answered about that backup plan, including whether a new openness to ran could also open it to new vulnerabilities, before determining whether ORAN can deliver on its promise.
