Senators and Federal government officials sparred over the country’s 5G-readiness and supply chain security at a hearing today of the Senate’s Homeland Security and Governmental Affairs Committee.
The committee, led by Chairman Ron Johnson, R-Wis., and Ranking Member Gary Peters, D-Minn., heard from: Federal Communications Commissioner Jessica Rosenworcel, a Democrat; Christopher Krebs, director of the Cybersecurity and Infrastructure Security Agency (CISA); and Robert Strayer, deputy assistant secretary for cyber and international communications and information policy at the State Department. The latter two were appointed by President Trump.
Countering Sen. Johnson’s claim of confidence that the National Economic Council has a handle on 5G deployment, Rosenworcel raised the alarm regarding the country’s readiness for 5G wireless communications. She argued that the Federal Communications Commission (FCC) “does not have a comprehensive national plan in place with a fully coordinated interagency response” for securing 5G networks.
“[I]f we want to lead in 5G, we have to secure the 5G supply chain,” she emphasized. “The underlying truth about next-generation communications networks in many parts of the world is that technology developed in China will be at the center. This threatens to expose our networks and our most private data to undue foreign influence.”
However, Krebs argued that the Trump Administration has been working on 5G supply chain security “for years,” and that there is a nationwide strategy in the works that is “really coming together.” That strategy, he said, is being developed in collaboration with the National Economic Council and the National Security Council. When prompted about whether there should be a specific department dedicated to 5G security, he answered with a resounding no, and said, “I can say with confidence that the United States is collaborating effectively across agencies and with our industry partners.”
Strayer agreed with Krebs, saying that “to manage and address the risks posed by 5G, the entire U.S. government is taking an interagency approach to this issue, led by the Director of the National Economic Council at the White House.”
As for the Senate committee members, their views fell largely along party lines. Sen. Peters agreed with Rosenworcel that the FCC didn’t have a coordinated plan, and went so far as to say that the Federal government’s efforts regarding 5G security have been “piecemeal and disorganized,” and “without dedicated leadership.”
Crossing the political aisle, Sen. Mitt Romney, R-Utah, sided with Peters and said the government was responding on an ad hoc basis to 5G security threats, and lacks a process or a plan on how to deal with nations that threaten 5G security.
Rosenworcel agreed with Sen Romney and stressed the need for a plan, citing the Defense Innovation Board’s warning that “the country that owns 5G will own innovations and set the standards for the rest of the world,” and “that country is currently not likely to be the United States.”
Strayer, however, argued that “the United States is a leader in 5G deployment,” and said that the U.S. is leading to other countries beginning to secure their supply chains.”
Rosenworcel offered several recommendations for a comprehensive national 5G security plan. In addition to securing the U.S. supply chain, she also urged Congress to understand that effort will only go so far. “We need an approach to supply chain security that recognizes that despite our best efforts, secure networks in the United States will only get us so far because no network stands by itself,” she explained. “So we need to start researching how we can build networks that can withstand connection to equipment vulnerabilities around the world,” she said.
She further called for “smarter spectrum policy,” and argued that the FCC’s focus on “bringing only high-band spectrum to market” is a “mistake.” Instead, she urged a focus on mid-band spectrum as well.
Finally, she called for securing Internet of Things (IoT) devices. “We are moving to a world with billions of connected devices around us in the internet of things,” she said. “We need to adjust our policies now to ensure this future is secure. After all, the equipment that connects to our networks is just as consequential for security as the equipment that goes into our networks.”
Krebs said CISA, along with its Department of Homeland Security (DHS) parent agency, knows it “has an opportunity to help shape the rollout of this emerging critical infrastructure, increasing its security and resilience at the design phase and reducing national security risk from an untrustworthy 5G network.”
To that end, he said DHS and CISA will focus their work on six “lines of effort” including:
- Supporting the “design and deployment of 5G networks with security and resilience in mind, to include investing in research and development;”
- Promoting 5G use cases that are secure and trustworthy;
- Identifying and communicating risks to 5G infrastructure;
- Promoting development and deployment of trusted 5G companies;
- Advancing “the United States’ global effort to influence direction of allied nations in 5G deployments;” and
- Providing a “leadership role within [the Federal government] to coordinate operational 5G security and resilience efforts.”