Critical Infrastructure Security , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime

Senate Report: Chinese Telecoms Operated Without Oversight

Lack of Oversight Led to a National Security Risk; Major Changes Recommended
Senate Report: Chinese Telecoms Operated Without Oversight
Sens. Rob Portman, left, and Tom Carper, right, of the Senate Permanent Subcommittee on Investigations

A U.S. Senate report found that three Chinese telecommunications firms operated in the United States for two decades without proper oversight from the federal agencies that were assigned to provide security guidance and advice to the Federal Communications Commission.

The Senate Permanent Subcommittee on Investigations released a bipartisan report on Tuesday that found that the U.S. subsidiaries of China Telecom, China Unicom and ComNet (USA) have operated in the United States for more than 20 years with only limited oversight by a network of federal agencies known as Team Telecom. This group includes members from the Justice Department, Defense Department and Department of Homeland Security.

See Also: Solve Credential Chaos and Digitize Securely

The Senate report found that this lack of oversight has resulted in a threat to the country's security: "U.S. government officials have warned that Chinese state-owned carriers are 'subject to exploitation, influence, and control by the Chinese government' and can be used in the Chinese government’s cyber and economic espionage efforts targeted at the United States."

To back up its argument that the Chinese government cannot be trusted, the report pointed to the 2014 Office of Personnel Management data breach which saw 22 million federal employee records compromised by what the U.S. government determined to be hackers with ties to the Chinese government.

Over the years, the Chinese government has denied that these companies engage in cyberespionage or pose a threat to U.S. national security.

Lack of Oversight

The Senate report centers on the FCC's Section 214authorization process that is designed to ensure the U.S. market is protected against potential anti-competitive behavior by a foreign carrier. The report found, however, that once a company received such authorization, it could operate indefinitely without any oversight.

"Without proper oversight, foreign carriers operating in the United States can expose the United States to potential economic, national security, and law enforcement risks," the report states.

The report found several faults in Team Telecom's ability to operate and protect the nation. It has no statutory authority and operated in an ad hoc manner leading to delays in processing requests, and it could only conduct oversight operations after it had signed a security agreement with the foreign telecom and then could only enforce compliance within that agreement, the report finds.

This led to Team Telecom rarely checking on China Telecom, China Unicom and never inspecting ComNet to see if these companies remained in compliance with the security agreements. Adding to the team's troubles was a general lack of resources to conduct investigations, the report finds.

"For example, Team Telecom’s review of China Mobile USA’s application lasted seven years. Further, the agencies did not dedicate sufficient resources to ensure Team Telecom conducted oversight in an efficient and effective manner," the report states, adding only three staffers to review applications and compliance with the security agreement.

Prior to the report being issued, one step was taken to strengthen Team Telecom. In April, Executive Order 13913 was issued, formalizing Team Telecom as the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector, or the EO Telecom Committee. The creation of the EO Telecom Committee seeks to address many of the shortcomings identified in the report.

After the Executive Order was issued, the Justice Department and several other federal executive branch agencies asked the FCC to revoke China Telecom's license to provide international telecommunications services to and from the U.S. (see: Trump Administration Wants China Telecom's US License Revoked).

Recommendations

The Senate report included 12 recommendations for improving this process to ensure national security concerns are met. This includes:

  • The FCC should establish a clear standard and process for revoking a foreign carrier’s existing authorizations;
  • Congress should require the periodic review and renewal of foreign carriers' authorizations to provide international telecommunications services;
  • Congress should set deadlines by which decisions on FCC related application reviews must be made;
  • Congress should provide sustained resources necessary for the newly formed EO Telecom Committee to effectively assess foreign carriers' applications and to monitor foreign carriers operating in the United States;
  • Congress and the White House should take steps to ensure reciprocal access to the Chinese telecommunications market for U.S. companies.

Bipartisan Support

When releasing the report Tuesday, Ohio Republican Rob Portman, the chairman of the Senate Committee, noted that both parties agreed that there needs to be more oversight on these types of companies.

"This bipartisan report demonstrates that federal agencies have done little to protect the integrity of U.S. telecommunications networks and counter national security threats from China," Portman said.

Sen. Tom Carper, D-Del., noted that the lack of oversight led to serious cybersecurity threats.

"The work Senator Portman and I have done at [Permanent Subcommittee on Investigations] over the years has revealed how the Chinese government has launched cyber-attacks against our businesses and government agencies and worked to get ahead militarily and economically with stolen American research and intellectual property," Carper said.


About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.