The Huawei threat is already here
Last week’s presidential executive order barred U.S. companies from buying foreign-made telecommunications equipment deemed a national security risk. Although the order does not name Huawei, Congress and our intelligence agencies have voiced concern that the company’s equipment contains vulnerabilities that the Chinese government and others could exploit to spy on or harm U.S. networks.
But the executive order misses a critical problem: our networks already contain equipment from Huawei — lots of it. The Federal Communications Commission must find this equipment and work with other policymakers to fix the security problems and fund a solution for affected carriers.
We must protect ourselves from Chinese espionage. Just two weeks ago, I voted to reject an application from China Mobile, China’s largest carrier, to operate in the U.S. because of concerns about Chinese government influence. The threat posed by Huawei equipment in our communications networks is real too. As one oversight body recently found, Huawei’s equipment contains software vulnerabilities that could seriously compromise our network security.
That’s why the administration, Congress and the FCC have all sought to prohibit or restrict equipment from companies like Huawei. But to date, any concrete federal actions have focused on how to deal with Huawei going forward — they don’t address the fact that some carriers already use this equipment.
Carriers bought this equipment because it had similar functionality at half or even one-quarter of the price of equipment from other manufacturers. In wireless networks, use of this equipment runs the gamut — antennas and radios, electronics that move data across networks, and routers, servers and switches that make up the network core.
Our interconnected networks are only as secure as their most vulnerable equipment. The risks of having insecure equipment in our networks are alarming — beyond the threat of foreign surveillance and hacking, it also means that our critical infrastructure, financial systems, healthcare, and transportation systems are exposed.
Given the stakes, policymakers must address this issue as soon as possible. But none of the actions of the administration or FCC so far have dealt with this problem. So, I’ve been working with national security experts and rural carrier groups to gather their perspective on the issues and develop a solution.
Here’s where I stand. First, we must understand the scope of our network exposure by identifying the equipment that poses a threat. The FCC needs to step up here. Congress has invested the FCC with the statutory responsibility and authority to gather this information, and the executive order directs agencies to take actions within their authority to implement the order.
This will be no small task, and the size of the problem is far from clear, but the FCC can and must begin its investigation. In addition to using its own authority, the FCC should also work with other federal agencies, including the Department of Homeland Security, the Justice Department, the Department of Defense, as well as the relevant intelligence agencies to bring as much expertise as possible to address the problem.
Second, where we find equipment that poses a security threat, we must fix it. Unfortunately, there are no easy answers. The White House, Congress and the intelligence community have spoken with one voice — equipment from Huawei and similar manufacturers presents an unacceptable security risk. The software embedded in the equipment is simply too vulnerable to exploitation. Therefore, we must help transition carriers with insecure equipment in their networks as rapidly as possible — “rip and replace” — but in a way that minimizes disruption to these carriers and their customers. Fixing the problem will take time, but we must act quickly to restore the security of our networks.
Finally, with the exigency of national security at stake, we must help the affected carriers with funding to offset the cost of purchasing and installing replacement equipment. This is a national problem that needs a national solution. Many of the affected carriers are small and will not easily withstand these sorts of replacement costs. It could be expensive — estimates of replacement costs range from $150 million to nearly $1 billion. Perhaps more. But protecting our national security should be a team effort.
All of these issues need to snap in place as quickly as practicable. The executive order is a good first step, but it’s not enough to prospectively ban future equipment from manufacturers like Huawei. Policymakers like the FCC need to figure out how to deal with the equipment that’s already in our network. Find it. Fix it. Fund it. Our security is at stake.
Geoffrey Starks is a commissioner of the Federal Communications Commission.