Risk management by third parties, Governance and risk management, IT risk management
House committee debates 9 bills focused on securing networks
Scott Ferguson (Ferguson_Writes) •
July 2, 2021
See also: Live Panel | Zero Trusts Given – Harnessing the Value of Strategy
This week, the Communications and Technology Subcommittee of the House Energy and Commerce Committee heard testimony from industry experts and telecommunications providers about the bills.
While each bill seeks to address distinct aspects of security within the U.S. telecommunications industry and supply chain, five of the nine measures would place additional cybersecurity responsibility on the National Telecommunications and Information. Administration to make recommendations regarding the security of existing wireless networks as well as deployments of 5G and ultimately 6G networks.
The NTIA is a unit of the US Department of Commerce responsible for advising the White House on telecommunications and information policy matters. Some of the bills under consideration would give the agency additional powers to make recommendations on cybersecurity and national security issues.
For example, the TEAM TELECOM Act would give the NTIA responsibility for coordinating efforts with federal agencies – known as Team Telecom – to review contracts when a foreign-invested company requests the construction or extension of lines. transmission. This would help ensure that these projects do not pose a risk to national security, said Rep. Bill Johnson, R-Ohio, who is one of the co-sponsors of the bill.
“The NTIA in charge of coordination efforts will also build on their interagency coordination role while preserving the subject matter expertise of the appropriate national security and intelligence agencies that [advise on] telecommunications, ”Johnson said at the hearing.
Another bill, the Mobile Network Cybersecurity Understanding Act, would require the NTIA to review and report on the cybersecurity of mobile service networks, as well as identify vulnerabilities in those mobile networks and devices that could be exploited by attackers.
A third bill, the NTIA Policy and Cybersecurity Coordination Act, would rename one of the agency’s departments to Office of Policy Development and Cybersecurity and change part of its mission to “coordinate and develop policy regarding network cybersecurity. Communication “.
“The bipartisan work of this committee laid the foundation for the flourishing of the country’s telecommunications networks,” said Representative Mike Doyle, D-Pa., Chair of the committee. “And to ensure that this continues, we seek to foster innovation and competition, protect our networks and supply chains from threats from untrusted actors, and provide the market with a predictable and stable government – a government.” which is both a partner and a regulator. “
As lawmakers on both sides seek to add cybersecurity and other responsibilities to the NTIA, committee members have been told it will require additional resources and support.
“Members of this subcommittee need to ensure that NTIA has the capacity to perform these additional functions,” said Dileep Srihari, senior policy adviser for the technology consultancy Access Partnership. “The relevant staff within the NTIA is actually quite small, although the president is currently proposing an increase. The post of administrator was vacant for too long under the previous administration. You should urge the president to fill this position. “
The agency is now headed by an interim director, Evelyn Remaley.
The Biden administration proposes an overall budget of $ 89.5 million for the NTIA for fiscal year 2022, which includes an additional $ 4 million to allow the agency to accelerate work on securing the supply chain information and communications technologies and services.
Srihari pointed out that NTIA’s national and international programs division only has around 30 staff, so adding more responsibilities would require hiring more staff.
“Right now I’m working with them on a number of different issues, and I’m seeing the same staff members email being copied on three very different topics because they just don’t have the people right now – this is the reality, ”Srihari testified.
Dean Brenner, senior vice president of spectrum strategy and technology policy at Qualcomm, told lawmakers the White House needs to appoint a permanent chief for the NTIA before making any further changes.
“It’s going to take… a permanent administrator to deploy it and it would be nice to have that person’s opinion… before such legislation is enacted,” Brenner said.
The NTIA is also helping develop criteria for a software nomenclature requirement that is outlined in President Joe Biden’s cybersecurity executive order. This software nomenclature is actually a nested inventory – a list of ingredients that make up the software components (see: Biden Executive Decree on Cyber Security: 4 takeaways).
At the committee hearing, lawmakers also debated a bill supported by Representatives Steve Scalise, R-La., And Anna Eshoo, D-Calif. The Secure Equipment Act of 2021 would ask the Federal Communications Commission to ban the use of telecommunications equipment from certain Chinese companies, such as Huawei and ZTE, in U.S. telecommunications networks.
The FCC has ruled that federal funds cannot be used to purchase Huawei and ZTE equipment because the two companies are considered national security threats (see: FCC confirms ruling that Huawei poses a threat to national security).
During the hearing, Eshoo noted that under current law, companies can still purchase Huawei and ZTE equipment using private funds, but the new legislation would prohibit it. Clete Johnson, senior researcher in the Strategic Technologies program at the Center for Strategic and International Studies, said that while technological advancements in 5G networks may isolate some threats, “it does not sufficiently mitigate the risk of unreliable equipment. [from] Huawei and ZTE. “