By: Andrew Regitsky
It could be argued that in these days of war in Ukraine and the ever-increasing cyber threats to the United States that the most important job for the FCC is to keep our telecommunications networks safe. Probably the best way is to keep foreign actors such as China and Russia out of our networks is to by bar their equipment especially their smart switches. That is why on March 25, 2022, in Docket 18-89, the Commission’s Public Safety and Homeland Security Bureau (Bureau) announced that three entities – AO Kaspersky Lab, China Telecom (Americas) Corp, and China Mobile International USA Inc. – have been added to the list of communications equipment and services (Covered List) that have been determined by the Department of Homeland Security and an executive branch interagency body (Team Telecom) to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons.
Here is some background:
Steps to protect our networks began with Congress establishing the Secure and Trusted Communications Networks Act of 2019 (Act). The Act was designed to be (1) a mechanism to prevent communications equipment or services that pose a national security risk from entering U.S. networks, and (2) a program to remove any such equipment or services currently used in U.S. networks.
Under the Act, in June 2020, the Bureau designated Chinese companies Huawei and ZTE as national security threats to the integrity of our communications networks and prohibited the use of Universal Service Fund support to any company using equipment from those companies.
Last December, Homeland Security published the Covered List, which identifies “covered” equipment and services that pose an unacceptable risk to national security or to the security and safety of U.S. persons. Only Congress or another government agency can determine which equipment and services are on this list. Currently, the list includes equipment and services from five Chinese companies. Now the three entities named above, including the first Russian company (Kaspersky) will be added to the Covered List. Any American company that utilizes equipment from these companies cannot receive Universal Service.
Regarding Kaspersky, a Binding Operational Directive (BOD), issued by the Department of Homeland Security and published in the Federal Register on September 11, 2017, required certain federal agencies to remove “Kaspersky-branded products” from federal information systems.
[T]he BOD is a compulsory direction to federal, executive branch, departments and agencies for the purposes of safeguarding information and information systems; federal agencies are required to comply with BODs. The BOD states that, in consultation with interagency partners, the Department of Homeland Security “determined that the risks presented by Kaspersky-branded products justify the issuance of this Binding Operational Directive.” Based on the required actions by federal agencies in response to the threats identified in the BOD, we interpret the BOD to be a finding from the Department of Homeland Security that Kaspersky-branded products pose an unacceptable risk to the national security of the United States. Further, by requiring federal agencies to remove Kaspersky-branded products we find that the Department of Homeland Security has determined that its products are capable of posing an unacceptable risk to the national security of the United States and its people. (FCC Public Notice, Released March 25, 2022).
Team Telecom found that China Telecom (Americas) Corp. (China Telecom) service associated with its section 214 authorizations, and China Telecom’s operations as a carrier in the United States pose substantial and unacceptable risks to U.S. national security and law enforcement concerns. Based on this finding, the Commission determines that Team Telecom also determined that those services are capable of otherwise posing an unacceptable risk to the national security of the United States and its people.
Team Telecom also found that services associated with China Mobile International USA Inc. (China Mobile)’s application for a certificate of public convenience and necessity under section 214 of the Communications Act raised “substantial and unacceptable national security and law enforcement risks in the current national security environment.” Based on this finding the Commission determines China Mobile’s application provides an unacceptable risk to the national security of the United States and its people.
Team Telecom was created by the Department of Justice. It is an interagency committee that advises the FCC on national security and law enforcement concerns associated with applications for telecommunications licenses meeting certain thresholds of foreign ownership or control. Its members include the Attorney General who is the Committee chair and also includes the Secretaries of Defense and Homeland Security.
FCC Commissioner Brendan Carr applauded the additions to the Covered List:
The FCC’s decision to add these three entities to our Covered List is welcome news. The FCC plays a critical role in securing our nation’s communications networks and keeping our Covered List up to date is an important tool we have at our disposal to do just that. In particular, I am pleased that our national security agencies agreed with my assessment that China Mobile and China Telecom appeared to meet the threshold necessary to add these entities to our list. Their addition, as well as Kaspersky Labs, will help secure our networks from threats posed by Chinese and Russian state backed entities seeking to engage in espionage and otherwise harm America’s interests. (Statement of Brendan Carr, March 25, 2022.).