When most of us think of cyberattacks, we think of hackers breaching the networks of companies or governments, then proceeding to steal valuable data. In reality, many cyberattacks are more fundamental—exploiting vulnerabilities that work their way through the supply chain, in chips or devices that were already infected when they hit the market.
This problem may soon be addressed, however. Federal Communications Commission (FCC) Chairman Ajit Pai unveiled a proposal on March 26 to help resolve the threats to U.S. communications networks found in their supply chains.
“Threats to national security posed by certain communications equipment providers are a matter of bipartisan concern,” he said. “Hidden ‘backdoors’ to our networks in routers, switches—and virtually any other type of telecommunications equipment—can provide an avenue for hostile governments to inject viruses, launch denial-of-service attacks, steal data, and more.”
Pai proposed in a draft notice that money from the FCC’s Universal Service Fund should not be allowed to be spent on technology or services from companies that, according to the statement, “pose a national security threat to United States communications networks or the communications supply chain.”
While the statement does not name any companies or countries directly, many analysts noted it could have a direct impact on Chinese companies—especially telecom companies Huawei and ZTE, which have in the past been listed as security threats.
Many other Chinese technology companies could also be affected by the policy, since many have been found in the past to have backdoors or other security threats in their products. Policies from the Chinese Communist Party could also impact tech firms, since Chinese companies are required to provide the regime with access to customer data.
Pai’s proposal is meant to address these threats and others, and he called for a vote on it on April 17.
He said the proposal would prohibit the FCC’s $8.5 billion Universal Service Fund from going to equipment “from any company that poses a national security threat to the integrity of communications networks or their supply chains.”
“The money in the Universal Service Fund comes from fees paid by the American people,” he said, “and I believe that the FCC has the responsibility to ensure that this money is not spent on equipment or services that pose a threat to national security.”