Indiana Cybersecurity, Huawei and the New Normal
Subscriber Benefit
As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe NowRemote working and frequent teleconferencing comprise essential elements of doing business in today’s “New Normal.” Consequently, maintaining secure connectivity built on reliable and safe technology remains a top priority for U.S. broadband providers. Given this, eyebrows raised when former Google CEO Eric Schmidt recently declared in a BBC interview that China-based Huawei had engaged in unacceptable practices.
Schmidt, who now chairs the Pentagon’s Defense Innovation Board, went on to say: “There’s no question that information from Huawei’s routers has ultimately ended up in hands that would appear to be the [Chinese government] state.”
This details critically important considerations for Indiana companies – large and small – doing business over the internet. Reflecting these considerations, a presidential executive order banning American telecommunication companies from using equipment deemed to be a security risk was previously set in place. This order, titled “Securing the Information and Communications Technology and Services Supply Chain,” was aimed at “foreign adversaries” seeking to “commit malicious cyber-enabled actions, including economic and industrial espionage against the United States.”
China’s top equipment providers, Huawei and ZTE, have been singled out as the most significant threats to national security. The administration identified these manufacturers due to fears that possible spyware and other malware were built into their technologies at the direction of the Chinese government. The order represents a back-door way of regulating the supply chain to confront the risks posed by using Chinese manufacturers.
Why should companies be concerned?
While Smithville and many other Indiana companies do not use Huawei or ZTE in their networks, customer-initiated internet traffic will likely pass through a network that does use this equipment. For example, when a user accesses Google (sending a packet of information over a network to another computer), it may take 15 “hops” across various networks for information to reach its destination. Each hop represents a piece of equipment that the packet goes through on its lightning-fast journey. How serious is this risk? About 25% of rural telecommunication companies presently use either Huawei or ZTE equipment in their networks.
While Huawei executives deny any risks, considerable evidence exists that details the possibility that the Chinese government could compromise U.S. networks for nefarious purposes. Some of the concerns include routing or redirecting user data, permitting visibility into data packets, and remotely disrupting networks. For national security purposes, if some companies have Huawei and ZTE equipment on the network, then the information that passes through that equipment is not secure.
This ban, while understandably urgent in application, has created issues for American broadband providers. Early on, the cost of replacing Huawei equipment represented a substantial financial burden for small carriers. Many small carriers rely on recovery funding from the Federal Communications Commission (FCC) through the Universal Service Program (USF) to bridge operating costs.
Now, the FCC has said that rural telcos cannot use USF funds to continue to operate or maintain equipment from manufacturers on the banned list. Among small carriers who already have major cost issues, these added replacement expenditures portray difficult challenges.
Because most rural operators are unable to make such a financial commitment, legislation was needed to appropriate money to help providers replace and secure equipment on the banned list. In March of this year, President Trump signed a ‘rip and replace’ bill into law to provide financial assistance for companies to remove old Huawei and ZTE equipment from networks. This was a necessary solution as the security of American internet networks is at stake.
However, cost is not the only barrier. Though government funding is expected to reimburse companies for replacing equipment on the banned list, the industry anticipates difficulties complying with the order. Higher demand from approved vendors can mean higher prices and longer wait times for approved technology to be ordered, received, and installed. Additionally, COVID-19 has hit the supply chain on such equipment, especially hard, resulting in additional burdens and delays to telecommunication companies.
A possible result? Providers slow down on other projects, including expanding rural broadband, since time and resources are devoted to replacing existing equipment instead of building to customers.
The full range of impacts and implications for this ban remains unknown, and much uncertainty exists for providers on compliance and the long-term effects of the President’s order on the global supply chain. In the meantime, making investments and decisions on equipment and plans for replacement represents a spectrum of uncertainty, particularly for smaller, rural telecommunication companies.
Like many other Hoosier companies, Smithville stands in a strong position with no equipment replacement needed as a result of the executive order. But continued vigilance and collaborative public and private partnerships for strategic cybersecurity are necessary to keep American networks safe and secure as we move into a New Normal of recovery.
Cullen McCarty is executive vice president of Smithville Communications.