Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

6/30/2020
05:50 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

FCC Designates Huawei & ZTE as National Security Threats

Backdoors in 5G network equipment from these vendors could enable espionage and malicious activity, agency says.

The US Federal Communications Commission (FCC) Tuesday formally designated China's Huawei and ZTE Corp. as national security threats, citing their close relationship with the Chinese government.

The decision means that US carriers can no longer use money available under the FCC's Universal Service Fund (USF) to purchase 5G — or any other — equipment, services, or systems from either of the two Chinese equipment manufacturers or any of their subsidiaries and affiliates. The US Department of Defense and other government agencies previously announced decisions to discontinue use of technologies from Huawei and ZTE equipment from their networks.

“Both companies have close ties to the Chinese Communist Party and China's military apparatus," FCC chairman Ajit Pai said in a press statement. "Both companies are broadly subject to Chinese law obligating them to cooperate with the country's intelligence services."

The FCC's move finalizes a decision by the agency last November barring the use of federal funds on equipment from companies deemed as posing a threat to US national security. At the time, the FCC had named Huawei and ZTE as companies that would be covered under the ban. Today's announcement formalizes that decision.

The FCC last November had also noted that it would require US carriers to remove already installed equipment from these two vendors from all USF-funded networks. Tuesday's FCC notice did not provide any new information on when that requirement would go into effect. But it did note that the agency would work with impacted telecommunications providers to figure out a schedule and a way to pay for ripping and replacing existing equipment.

The USF is an $8.3 billion-a-year fund that is used to ensure affordable access to telecommunication services — including 5G networks — in high-cost areas, for low-income populations, for rural-healthcare providers, and for schools and other entities. Many of those who use the fund are smaller, rural communications providers. The FCC ban means these companies, and others, can no longer use the funds to "purchase, obtain, maintain, improve, modify, or otherwise support any equipment or services produced or provided by [Huawei and ZTE]," the FCC said.

Both Huawei and ZTE have consistently denied any close relationship with the Chinese government or intelligence agencies. They have claimed that the charges against them by the US government — and several other Western nations — are driven purely by economic and geopolitical rivalries with little basis in fact.

Persistent Concerns
However, the US government and intelligence agencies have equally consistently warned about the risks to national security from deploying next-gen 5G networks based on technologies from Chinese firms such as Huawei and ZTE.

The concerns have to do with what is widely perceived as the close — and often forced — relationship between Chinese businesses and the country's government and intelligence apparatus. Of particular concern are national statutes in China that require companies to report certain business-related activities to the government. Reports about companies such as Huawei receiving substantial subsidies from the Chinese government have also spurred questions about their ability to operate independently of government influence.

Many have noted China's extensive cyber-espionage activities over the past decade. They have contended that Beijing could force telecom equipment manufacturers such as Huawei and ZTE to plant backdoors and other traps in their technology to enable cyber espionage and surveillance on a truly global scale.

The fact that companies such as Huawei provide services for managing telecommunications equipment means they have authorized access to customer networks that could be exploited for malicious purposes, the FCC noted in explaining its decision. The FCC also pointed to reports from former Huawei employees about the company providing network services to an elite "cyber-warfare" unit within China's army.

The FCC also cited cybersecurity vulnerabilities in products from both vendors that it said posed a risk to companies that deployed the technology. Concerns over these vulnerabilities had prompted other countries to bar the use of the equipment, the FCC said.

"Modern communications networks are an integral component of the US economy, enabling the voice, data, and Internet connectivity that fuels all other critical industry sectors," the agency noted.

But these networks are vulnerable to various forms of surveillance and attack that can lead to denial of service as well as the loss of integrity and confidentiality of network services. As the United States upgrades to 5G technologies, "the risk that secret 'backdoors' in our communications networks will enable a hostile foreign power to engage in espionage, inject malware, or steal Americans' data becomes even greater," the FCC said.

Related Content:

 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register for this On-Demand event. 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/30/2020 | 10:51:02 PM
Made in America
I would consider communication to be a critical function for a country. I think with this in mind we should look to creating our own infrastructure because otherwise you run this risk. I'm typically a trade/import advocate due to the benefits but sometimes just to be safe its better to keep things internal.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
New 'Nanodegree' Program Provides Hands-On Cybersecurity Training
Nicole Ferraro, Contributing Writer,  8/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15820
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence.
CVE-2020-15821
PUBLISHED: 2020-08-08
In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft.
CVE-2020-15823
PUBLISHED: 2020-08-08
JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component.
CVE-2020-15824
PUBLISHED: 2020-08-08
In JetBrains Kotlin before 1.4.0, there is a script-cache privilege escalation vulnerability due to kotlin-main-kts cached scripts in the system temp directory, which is shared by all users by default.
CVE-2020-15825
PUBLISHED: 2020-08-08
In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges.