Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:50 PM
Connect Directly

FCC Designates Huawei & ZTE as National Security Threats

Backdoors in 5G network equipment from these vendors could enable espionage and malicious activity, agency says.

The US Federal Communications Commission (FCC) Tuesday formally designated China's Huawei and ZTE Corp. as national security threats, citing their close relationship with the Chinese government.

The decision means that US carriers can no longer use money available under the FCC's Universal Service Fund (USF) to purchase 5G — or any other — equipment, services, or systems from either of the two Chinese equipment manufacturers or any of their subsidiaries and affiliates. The US Department of Defense and other government agencies previously announced decisions to discontinue use of technologies from Huawei and ZTE equipment from their networks.

“Both companies have close ties to the Chinese Communist Party and China's military apparatus," FCC chairman Ajit Pai said in a press statement. "Both companies are broadly subject to Chinese law obligating them to cooperate with the country's intelligence services."

The FCC's move finalizes a decision by the agency last November barring the use of federal funds on equipment from companies deemed as posing a threat to US national security. At the time, the FCC had named Huawei and ZTE as companies that would be covered under the ban. Today's announcement formalizes that decision.

The FCC last November had also noted that it would require US carriers to remove already installed equipment from these two vendors from all USF-funded networks. Tuesday's FCC notice did not provide any new information on when that requirement would go into effect. But it did note that the agency would work with impacted telecommunications providers to figure out a schedule and a way to pay for ripping and replacing existing equipment.

The USF is an $8.3 billion-a-year fund that is used to ensure affordable access to telecommunication services — including 5G networks — in high-cost areas, for low-income populations, for rural-healthcare providers, and for schools and other entities. Many of those who use the fund are smaller, rural communications providers. The FCC ban means these companies, and others, can no longer use the funds to "purchase, obtain, maintain, improve, modify, or otherwise support any equipment or services produced or provided by [Huawei and ZTE]," the FCC said.

Both Huawei and ZTE have consistently denied any close relationship with the Chinese government or intelligence agencies. They have claimed that the charges against them by the US government — and several other Western nations — are driven purely by economic and geopolitical rivalries with little basis in fact.

Persistent Concerns
However, the US government and intelligence agencies have equally consistently warned about the risks to national security from deploying next-gen 5G networks based on technologies from Chinese firms such as Huawei and ZTE.

The concerns have to do with what is widely perceived as the close — and often forced — relationship between Chinese businesses and the country's government and intelligence apparatus. Of particular concern are national statutes in China that require companies to report certain business-related activities to the government. Reports about companies such as Huawei receiving substantial subsidies from the Chinese government have also spurred questions about their ability to operate independently of government influence.

Many have noted China's extensive cyber-espionage activities over the past decade. They have contended that Beijing could force telecom equipment manufacturers such as Huawei and ZTE to plant backdoors and other traps in their technology to enable cyber espionage and surveillance on a truly global scale.

The fact that companies such as Huawei provide services for managing telecommunications equipment means they have authorized access to customer networks that could be exploited for malicious purposes, the FCC noted in explaining its decision. The FCC also pointed to reports from former Huawei employees about the company providing network services to an elite "cyber-warfare" unit within China's army.

The FCC also cited cybersecurity vulnerabilities in products from both vendors that it said posed a risk to companies that deployed the technology. Concerns over these vulnerabilities had prompted other countries to bar the use of the equipment, the FCC said.

"Modern communications networks are an integral component of the US economy, enabling the voice, data, and Internet connectivity that fuels all other critical industry sectors," the agency noted.

But these networks are vulnerable to various forms of surveillance and attack that can lead to denial of service as well as the loss of integrity and confidentiality of network services. As the United States upgrades to 5G technologies, "the risk that secret 'backdoors' in our communications networks will enable a hostile foreign power to engage in espionage, inject malware, or steal Americans' data becomes even greater," the FCC said.

Related Content:

Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
6/30/2020 | 10:51:02 PM
Made in America
I would consider communication to be a critical function for a country. I think with this in mind we should look to creating our own infrastructure because otherwise you run this risk. I'm typically a trade/import advocate due to the benefits but sometimes just to be safe its better to keep things internal.
Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We need more votes, check the obituaries.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-01-26
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.
PUBLISHED: 2021-01-26
The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.
PUBLISHED: 2021-01-26
SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.
PUBLISHED: 2021-01-26
NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an un...
PUBLISHED: 2021-01-26
NVIDIA Tegra kernel in Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, all L4T versions prior to r32.5, contains a vulnerability in the INA3221 driver in which improper access control may lead to unauthorized users gaining access to system power usage data, which may lead to...