FCC Takes on China Threats with New National Security Council
The Federal Communications Commission created a new unit within the agency to address the ongoing threats posed by China-backed hackers in the wake of the expansive intrusions by Salt Typhoon into the networks of U.S. telecoms and similar incidents by other state-sponsored groups.
The FCC’s new Council for National Security was launched this week with the mission to reduce the reliance of the U.S. technology and telecommunication sectors on trade with and supplies from foreign adversaries, harden the country’s protections against cyberattacks, espionage, and surveillance by these countries, and ensure continued U.S. leadership over China in such crucial technology areas as AI, 5G and 6G, quantum computing, robotics, autonomous vehicles, the Internet of Things, and space.
While the brief announcement refers to “foreign adversaries,” which in the cyberworld typically has included Russia, Iran, and North Korea, FCC Chairman Brendan Carr pointed to China and its leaders as the key threats.
“Today, the country faces a persistent and constant threat from foreign adversaries, particularly the CCP [Chinese Communist Party],” Carr said in a statement. “These bad actors are always exploring ways to breach our networks, devices, and technology ecosystem.”
According to the FCC, the council will use its authority in such areas as regulations, investigations, and enforcement in its efforts. The council’s director will be Adam Chan, the FCC’s national security counsel, and it will comprise representatives from eight bureaus and office within the FCC to ensure collaboration and the sharing of information.
‘A Bold Step’
Evan Dornbush, a former NSA cybersecurity expert who in 2014 co-founded Point3 Security and was its CEO until 2023, called the agency’s move “a bold step.”
“The FCC owns the airwaves, and with so much technology leveraging wireless, from drones using GNSS, to cellular networks using foreign-made 5G routing, to mesh networks coordinating over the managed spectrum, it’s clear the FCC is crucially placed to have impact,” Dornbush said.
The move takes a different approach than what was done during the waning days of the Biden Administration to address Chinese intrusions, he noted. When the extent of Salt Typhoon’s compromise of internet service providers (ISPs) became known last year, Congress approved $3 billion to help the telecoms rip and replace Chinese equipment from their networks.
The move echoed a similar one by President Trump in December 2020, when signed a bill that authorized $1 billion for smaller telecom providers to replace equipment made by Chinese company Huawei.
More Stick Than Carrot
The FCC’s new council will likely be more of a stick than a carrot, Dornbush said, noting that it could increase audits and inspections of telecoms’ equipment and impose stricter fines or other penalties.
“This stick could apply to areas other than telcos,” he said. “It is common practice for foreign companies to white label through U.S. shell entities to get around various disclosures and other restrictions pertaining to license applications. Tightening up the authorization process to trace the supply chain can perturb aggressors trying to preposition deeply embedded malware.”
A Typhoon of China Threats
Over the past several years, the extent of China’s cyber-espionage campaigns has become clearer. For example, Chinese threat group Volt Typhoon last year was discovered inside of critical infrastructure networks essentially lying in wait – sometimes for years – and prepositioning itself to disrupt operations in such areas as water, power, and communications in the event of a conflict between the United States and China.
Earlier this year it was discovered that Volt Typhoon was targeting similar operations in Guam, a critical U.S. military site in the Pacific.
Another group, Flax Typhoon, also has been targeting critical infrastructure in the United States and around the world, with a focus on Taiwan.
Salt Typhoon vs. Telecoms
Salt Typhoon’s attacks on at least nine major U.S. telecoms – including the top three of AT&T, Verizon, and T-Mobile – shocked regulators, lawmakers, and the telecom industry. The threat group, linked to intelligence agencies within the Chinese government, was able to hide its presence in many of the networks for months.
Officials with U.S. agencies like CISA and the FBI late last year said the Salt Typhoon attackers – who also had targeted both the Trump and Harris presidential campaigns – were able to steal large amounts of phone call data and had intercepted audio and text communications.
