[Senate Hearing 116-185]
[From the U.S. Government Publishing Office]
S. Hrg. 116-185
SUPPLY CHAIN SECURITY, GLOBAL
COMPETITIVENESS, AND 5G
=======================================================================
HEARING
before the
COMMITTEE ON
HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
UNITED STATES SENATE
ONE HUNDRED SIXTEENTH CONGRESS
FIRST SESSION
__________
OCTOBER 31, 2019
__________
Available via the World Wide Web: http://www.govinfo.gov
Printed for the use of the
Committee on Homeland Security and Governmental Affairs
COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
______
U.S. GOVERNMENT PUBLISHING OFFICE
40-385 PDF WASHINGTON : 2020
RON JOHNSON, Wisconsin, Chairman
ROB PORTMAN, Ohio GARY C. PETERS, Michigan
RAND PAUL, Kentucky THOMAS R. CARPER, Delaware
JAMES LANKFORD, Oklahoma MAGGIE HASSAN, New Hampshire
MITT ROMNEY, Utah KAMALA D. HARRIS, California
RICK SCOTT, Florida KYRSTEN SINEMA, Arizona
MICHAEL B. ENZI, Wyoming JACKY ROSEN, Nevada
JOSH HAWLEY, Missouri
Gabrielle D'Adamo Singer, Staff Director
Michelle D. Woods, Director of Homeland Security
Michael J.R. Flynn, Senior Counsel
David M. Weinberg, Minority Staff Director
Alexa E. Noruk, Minority Director of Homeland Security
Jeffrey D. Rothblum, Minority Fellow
Laura W. Kilbride, Chief Clerk
Thomas J. Spino, Hearing Clerk
C O N T E N T S
------
Opening statements:
Page
Senator Johnson.............................................. 1
Senator Peters............................................... 3
Senator Hassan............................................... 15
Senator Romney............................................... 18
Senator Lankford............................................. 20
Senator Carper............................................... 23
Senator Portman.............................................. 26
Prepared statements:
Senator Johnson.............................................. 47
Senator Peters............................................... 49
WITNESSES
Thursday, October 31, 2019
Hon. Christopher C. Krebs, Director, Cybersecurity and
Infrastructure Security Agency, U.S. Department of Homeland
Security....................................................... 4
Diane Rinaldo, Acting Assistant Secretary, National
Telecommunications and Information Administration, U.S.
Department of Commerce......................................... 7
Robert L. Strayer, Deputy Assistant Secretary for Cyber and
International Communications and Information Policy, U.S.
Department of State............................................ 8
Hon. Jessica Rosenworcel, Commissioner, Federal Communications
Commission..................................................... 10
Alphabetical List of Witnesses
Krebs, Hon. Christopher C.:
Testimony.................................................... 4
Prepared statement........................................... 51
Rinaldo, Diane:
Testimony.................................................... 7
Prepared statement........................................... 60
Rosenworcel, Hon. Jessica:
Testimony.................................................... 10
Prepared statement........................................... 71
Strayer, Robert L.:
Testimony.................................................... 8
Prepared statement........................................... 66
APPENDIX
Statements submitted for the Record from:
C Band Alliance.............................................. 74
Responses to post-hearing questions for the Record:
Mr. Krebs.................................................... 83
Mr. Strayer.................................................. 87
Ms. Rosenworcel.............................................. 88
SUPPLY CHAIN SECURITY, GLOBAL COMPETITIVENESS, AND 5G
----------
THURSDAY, OCTOBER 31, 2019
U.S. Senate,
Committee on Homeland Security
and Governmental Affairs,
Washington, DC.
The Committee met, pursuant to notice, at 9:32 a.m., in
room SD-342, Dirksen Senate Office Building, Hon. Ron Johnson,
Chairman of the Committee, presiding.
Present: Senators Johnson, Portman, Lankford, Romney,
Scott, Hawley, Peters, Carper, Hassan, Sinema, and Rosen.
OPENING STATEMENT OF CHAIRMAN JOHNSON
Chairman Johnson. Good morning. This hearing is called to
order.
I want to welcome all the witnesses. Thank you for your
thoughtful written testimony, and we are looking forward to
hearing your oral testimony and answers to our questions.
I would ask that my written statement be entered into the
record.\1\
---------------------------------------------------------------------------
\1\ The prepared statement of Senator Johnson appears in the
Appendix on page 47.
---------------------------------------------------------------------------
I just want to make a couple comments about kind of what I
want to see the goal of this hearing to be, which is very
similar to pretty much the goal of every hearing as a basic
problem-solving process.
I will start out. I have not done this in a while, but this
Committee, under my chairmanship, developed a mission statement
``to enhance the economic and national security of America and
promote more efficient, effective, and accountable
government.''
The reason I am pointing it out today is I cannot really
think of a hearing where that mission statement is more
applicable to. When we start talking about 5G, we are talking
about the economic opportunity, but we are talking about the
national security risks. In order to take advantage of that
opportunity, in order to avoid those national security risks,
we need more efficient and effective government to step up to
the plate to compete against what, unfortunately, is becoming
not just a friendly economic rival but an adversary and
somewhat of, in many cases, a maligned actor on the world
stage, China.
So, in terms of the definition of this problem--and, again,
I am really hoping to be able to lay out a simplified
definition, lay out some priorities of things we need to
address, so that it can focus everybody's attention on this.
So let me take a stab at the problem definition. This is an
unusual one because it really starts as an opportunity. It is
an opportunity of moving from 4G to 5G, which globally that
will be trillions of dollars' worth of economic activity. So it
is an enormous opportunity, and, of course, there is going to
be a great deal of competition to take advantage of that
opportunity.
The problem really rests if we do not take advantage of it,
if we are not a leader, other people set the standards, and
again, those other people, primarily the threat would be in
China, not setting the standards that really contribute to a
free and open society.
We have the economic aspects of this. We have to set the
standards. The threat that China poses in terms of just
intellectual property theft--one of the reasons they can
compete with us on 5G is because they have stolen hundreds of
billions of dollars' worth of our intellectual property. Now
they are threatening to leapfrog us from that standpoint.
So, again, the actions, based on that basic problem
definition, that opportunity that also is a problem, we have to
address the spectrum allocation in at least two different types
of bands. We have a great witness from the Federal
Communications Commission (FCC) that can really talk to us
about that.
We need to be involved and hopefully be a leader in setting
the standards. We need to look at a trusted supply chain, and
then where there is not proper market activity--and I hate to
say this, but we are competing against a nonmarket economy, a
command economy, a very strategic competitor. We may have to
take a look at market breakdowns here and do something from the
standpoint of government to make sure that we support the type
of supplier base that we are going to need.
So, again, that is kind of my relatively simple, off-the-
top-of-my-head definition of what this problem is and some of
the top priorities.
Again, I read all the testimony and really appreciate it. I
just encourage everybody to try and simplify this as much as
possible so that we leave this hearing with a pretty good
understanding of what we are facing and the first steps that we
have to take.
One final comment--and, Diane, I think you were in that
secure briefing which was called probably about a month ago,
and I know my input in that was ``OK. Now who is in charge of
this effort?'' I am heartened by the fact that in testimony, we
definitely have an answer. It is literally the National
Economic Council (NEC), residing in the White House. I spoke
with Larry Kudlow last night. He has been actively engaged, and
I was really glad to hear that, together with the Chairman of
the FCC and with active involvement with President Trump as
well.
So this is a high priority. It is taken that way. I think
we have the--who is in charge of this effort, and certainly,
what we have heard in that secure briefing is we have the
interagencies working very cooperatively.
We have that final piece that I was wondering. It is great
that everybody is working cooperatively together, all the
component experts, but now, at least for my satisfaction, I
have identified this is the agency. This is the individual that
really is in charge of this and also could be held accountable
for what these goals, what these actions need to be that we
need to take.
So, again, I am already heartened by just going through the
briefing, what I have heard, what I have read, coming to this
hearing, and I am really looking forward to the hearing itself
and hopefully gain a little bit more confidence that we are not
behind, as I thought we were. We are actually getting up in
pretty good position and, I think, poised to hopefully leap
ahead and actually win this competition.
So, with that, Senator Peters.
OPENING STATEMENT OF SENATOR PETERS\1\
Senator Peters. Thank you, Mr. Chairman, and thank you to
all of our witnesses for being here today.
---------------------------------------------------------------------------
\1\ The prepared statement of Senator Peters appear in the Appendix
on page 49.
---------------------------------------------------------------------------
Our modern economy is truly global. Internet access is no
longer a luxury. It is necessary and a vital tool that connects
people with educational opportunities. It creates jobs, drives
economic development.
The introduction of 4G technology brought us live
streaming, ridesharing, on-demand delivery, and other
innovations, and now 5G era is before us.
This faster, strong, wireless connection will once again
transform our digital world, enabling new technologies like
precision agriculture, self-driving cars, and augmented
reality.
5G networks and the new technologies they spur will create
countless new jobs in Michigan and generate billions of dollars
in economic growth all across our country. 5G has the potential
to unleash new productivity and help cement the United States
as a global leader in innovation, but developing the
infrastructure needed to support 5G networks across the country
does not come without risks.
Today China, arguably our Nation's greatest global
competitor, is poised to lead the world in advancing this very
important technology. China's edge in the development of 5G
equipment and standards poses a threat to both American
economic dominance as well as our national security. The United
States is increasingly reliant on high-speed telecommunications
services to support not only our broader economy, but also our
defense industry.
In the face to expand 5G access, we face serious supply
chain security risks by purchasing and deploying Chinese-made
equipment from companies like Huawei and Zhongxing
Telecommunication Equipment (ZTE), companies that our
intelligence community (IC) has said are beholden to the
Chinese government.
The devices these companies provide potentially offer cost-
effective solutions to help close the digital divide, but they
also pose a serious national security risk and could open a
back door into critical American security networks.
Given these serious national security risks, we must
navigate a very delicate balance of ensuring that emerging 5G
networks are both secure and widely available in both rural and
urban areas.
China's advantage in 5G may be a reality for now, but it is
something we have the power to change. The U.S. Government,
including this Committee, has an opportunity to play a key role
in America's resurgence as a leader in the development of 5G
networks. A challenge of this magnitude requires a strong,
unified, and collaborative approach, capitalizing on the full
power of American ingenuity.
But, to date, our efforts have been piecemeal and
disorganized. We have not had dedicated leadership or the
coordinated national strategy needed to accomplish this very
critical mission.
I am encouraged by the bipartisan agreement this Committee
has made to support this goal. Universal 5G connectivity would
encourage renewed prosperity in both urban and rural
communities, unlock tremendous economic growth, and reestablish
America as the leader in global innovation.
I hope this hearing will serve as a driving force to help
us usher in this new age and build momentum toward recapturing
our place as the world's leader in communication technologies.
I look forward to the testimony of our witnesses. Thank you
for being here today.
Chairman Johnson. Thank you, Senator Peters.
It is the tradition of this Committee to swear in
witnesses, so if you will all stand and raise your right hand.
Do you swear the testimony you will give before this
Committee will be the truth, the whole truth, and nothing but
the truth, so help you, God?
Mr. Krebs. I do.
Ms. Rinaldo. I do.
Mr. Strayer. I do.
Ms. Rosenworcel. I do.
Chairman Johnson. Please be seated.
Our first witness is Chris Krebs. Mr. Krebs currently
serves as the Director of the Cybersecurity and Infrastructure
Security Agency (CISA). Previously, Mr. Krebs worked within the
Department of Homeland Security (DHS) as a senior advisor to
the Assistant Secretary for the Infrastructure Protection,
where he helped establish a number of national and
international risk management programs. Prior to joining the
Department of Homeland Security, Mr. Krebs was the Director of
Cybersecurity Policy for Microsoft, leading their work on
cybersecurity and technology issues. Mr. Krebs.
TESTIMONY OF THE HONORABLE CHRISTOPHER C. KREBS,\1\ DIRECTOR,
CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY, U.S.
DEPARTMENT OF HOMELAND SECURITY
Mr. Krebs. Good morning, Chairman Johnson, Ranking Member
Peters, and Members of the Committee. Thank you for holding
today's hearing and providing me an opportunity to be the first
government witness to congratulate the world champion
Washington Nationals and on behalf----
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Krebs appear in the Appendix on
page 51.
---------------------------------------------------------------------------
[Applause.]
Gotcha. Thank you.
I also ask the Lerner family to lock up Stephen Strasburg
in a lifetime contract.
I also appreciate the opportunity to testify regarding the
Cyber and Infrastructure Security Agency's ongoing efforts to
secure the supply chain of information and communications
technology, including 5G, the next generation of mobile
communications networks.
This is a timely hearing. No, not because it is Halloween,
and this is often touted as a scary topic with boogeymen hiding
behind every line of code or microchip, but because today is
the last day of National Cybersecurity Awareness Month and
because tomorrow marks the first day of Critical Infrastructure
Security and Resilience Month.
While my written testimony details CISA's broader approach
to information and communications technology, supply chain, and
risk management, I would like to focus my opening remarks on
the administration's efforts to secure 5G networks.
As agencies, we have been hard at work on supply chain and
5G security for years now, taking advantage of the respective
authorities, roles, and responsibilities of the various
Executive Branch departments and agencies, a few represented
here today.
Over the last year, our administration-wide strategy has
really come together, all under the guidance of the National
Economic Council and the National Security Council (NSC).
While there is no department of 5G, no department of supply
chain security, and nor should there be, I can say with
confidence that the U.S. Government is collaborating
effectively across the interagency and with our industry
partners.
We have tight coordination mechanisms to drive the security
and resilient results we all desire. Our goal is pretty
straightforward. We seek to foster a competitive global
ecosystem for trusted 5G vendors and promote a risk-based
approach to 5G.
In part, this will unlock American innovation and provide
untold opportunities in the development of tomorrow's
technologies. More importantly, it will deliver secure and
resilient telecommunications systems and provide a sound base
for 5G-enabled technologies.
Our approach has four primary work streams, and I will
briefly touch on the work streams and allow my colleagues to
expand, as appropriate.
First, we are addressing the policy and regulatory
considerations, domestically and abroad, stressing open
interoperable systems with respect to the rule of law and
taking into account risks posed by the undue influence of
foreign governments on suppliers.
Second, we are examining the underpinning technology
requirements, including the changes that are anticipated with
software-defined networking, virtualization, and the resulting
impacts on enabled services and features, like autonomous
vehicles, telemedicine, smart cities, and so on.
Next, our work in the economic space focuses on the
incentives needed to support growth of new technologies, with
an emphasis on a flourishing vendor base here in the United
States, while also encouraging global financial practices,
subsidies, investments, financing that are open, fair
commercially reasonable, and transparent.
Finally, we seek to promote secure and resilient systems,
developing a better understanding of where risk lies in our
networks and managing that risk accordingly.
CISA is focused here, seeking to support a risk-based
approach. Our approach is consistent with our broader supply
chain risk management philosophy, encompassing technical,
legal, and relationship aspects of a product, company, and the
regime from where the product originates.
Specifically, CISA intends to address 5G security concerns
through three primary avenues, all of which are core agency
competencies: technical evaluation and analysis, stakeholder
engagement, and cybersecurity best practices. We recognize that
although 5G is a new and transformative technology, the
essential elements to future security remain rooted in the way
CISA secures all its equities.
I would also like to reinforce that this is not solely a
U.S. Government undertaking. Our partners in industry are
critical in driving real advances in security and privacy by
design and deployment, accompanied by the transparency
necessary to inform appropriate risk management decisions by
industry and consumers alike.
Efforts like the Council to Secure the Digital Economy's
Consensus Baseline Internet of Things (IoT) Security
Capabilities as well as the Charter of Trust are both examples
of industry-driven consensus efforts to help achieve that
global competitive ecosystem for trusted vendors and
componentry.
As the director of CISA, with a mission that analyzes risk
holistically across 16 critical infrastructures and 55 national
critical functions, my commitment to you all is to continue
leading, coordinating, and catalyzing these activities for our
mutual benefit. More work needs to be done. That is clear, but
I believe we have the structures, people, and imperatives to
get the job done.
That is the goal. It is now up to a wide group of
stakeholders, both public and private, to ensure its
realization.
Once again, thank you for the opportunity to appear today,
and I look forward to your questions.
Chairman Johnson. Thank you, Mr. Krebs.
Even though the Nationals did knock the Brewers out of the
playoffs, that was a really fun game to watch, and I
congratulate them as well.
Our next witness is Diane Rinaldo. Ms. Rinaldo is the
acting Assistant Secretary for Communications and Information
for the Department of Commerce. Prior to joining the
Department, Ms. Rinaldo was with the House Permanent Select
Committee on Intelligence, where she was the lead committee
staffer on Congress' landmark cybersecurity legislation, the
Cybersecurity Act of 2015. Ms. Rinaldo also previously served
as the oversight and budget monitor for the National Security
Agency. Ms. Rinaldo.
TESTIMONY OF DIANE RINALDO,\1\ ACTING ASSISTANT SECRETARY,
NATIONAL TELECOMMUNICATIONS AND INFORMATION ADMINISTRATION,
U.S. DEPARTMENT OF COMMERCE
Ms. Rinaldo. Chairman Johnson, Ranking Member Peters,
Members of the Committee, thank you for the opportunity to
testify today on supply chain, global competitiveness, and 5G.
---------------------------------------------------------------------------
\1\ The prepared statement of Ms. Rinaldo appears in the Appendix
on page 60.
---------------------------------------------------------------------------
The National Telecommunications and Information
Administration (NTIA) is responsible for advising the White
House on telecommunications and information policy. In
consultation with other Commerce bureaus and the Executive
Branch agencies, NTIA advocates for domestic and international
policies that preserve the open Internet and advance key U.S.
interests at home and abroad.
Our role is to foster national security, economic
prosperity, and delivery of the critical public services
through telecommunications. We are involved in a host of policy
issues that affect the security of critical elements in our
Nation's telecommunications infrastructure.
Winning the race to 5G is one of the most urgent areas of
focus for NTIA, the Department, and the Administration. We are
pursuing policies that enable government and industry to work
together to deliver on the promises of secure 5G networks.
But as Secretary of Commerce Wilbur Ross has said, we
cannot be complacent. Although the United States leads the
world in the application of 4G wireless technologies, other
countries are trying hard to position themselves to dominate
the next generation of 5G technology and services.
Given the global nature of the telecommunications industry,
the fight for 5G dominance will center around key issues,
including the development of industry standards as well as the
ability to win in non-U.S. markets.
NTIA is working closely with the State Department, Homeland
Security, the Department of Defense (DOD), and the Federal
Communications Commission on policies to secure the supply
chain for critical information and communications technologies,
enable secure network deployment, and promote innovation and
free-market principles.
Our increased reliance on connectivity comes with increased
vulnerability to cyberattacks. Securing our networks must be a
major priority. We must incorporate prevention, protection, and
resiliency from the start.
One of the top priorities for the Administration is
securing the information technology (IT) and communications
supply chain, which is increasingly vulnerable to certain
foreign-sourced products and services.
At the most basic level, we must avoid clear risks.
Technology that comes from suspect origins or practices should
not be put into our critical systems. At NTIA, we are working
to increase transparency across the digital ecosystem to help
organizations make better decisions and reduce cybersecurity
risks and incidents.
NTIA is helping to address these challenges by supporting
the Secretary of Commerce in implementing the President's
Executive Order (EO) on Securing the Information and
Communications Technology and Services Supply Chain.
NTIA has led three recent and successful multi-stakeholder
processes on cybersecurity, looking at the challenges around
disclosing software vulnerabilities and patching insecure
devices.
NTIA is also involved in an ongoing effort to mitigate the
damaging effects of botnets.
In our competitive world, the United States does not have
the luxury of pursuing only some of our national priorities
that depend on spectrum. We must pursue and achieve all of
them.
We will continue to build on the excellent model of
coordination NTIA has developed with its Federal and private-
sector partners.
Again, thank you for inviting me today, and as Chris said,
go Nats.
Chairman Johnson. Thank you, Ms. Rinaldo.
Our next witness is Rob Strayer. Mr. Strayer is the Deputy
Assistant Secretary for Cyber and International Communications
and Information Policy at the State Department. In this
capacity, he leads the development of international
cybersecurity, Internet, data, and privacy policy. Earlier in
his career, Mr. Strayer served as the General Counsel (GC) to
the U.S. Senate Foreign Relations Committee and deputy chief
staff director for U.S. Senate Committee on Homeland Security
and Governmental Affairs.
Mr. Strayer, welcome back.
TESTIMONY OF ROBERT L. STRAYER,\1\ DEPUTY ASSISTANT SECRETARY
FOR CYBER AND INTERNATIONAL COMMUNICATIONS AND INFORMATION
POLICY, U.S. DEPARTMENT OF STATE
Mr. Strayer. Thank you. Thank you, Mr. Chairman, Ranking
Member Peters, and Members of the Committee. It is truly a
privilege to testify before a committee where I served as a
staffer a decade ago.
---------------------------------------------------------------------------
\1\ The prepared statement of Mr. Strayer appears in the Appendix
on page 66.
---------------------------------------------------------------------------
As the world becomes more interconnected, the security of
our information and communications technology, including the
fifth generation of wireless technology, is becoming
increasingly important for our national security and economic
prosperity, as well as the protection of privacy and individual
liberties around the world.
The State Department, under Secretary Pompeo's leadership,
is in charge of the United States' international engagement
campaign to convince our allies and partners of the importance
of adopting measures to secure their 5G networks. As you both
have noted, 5G networks will be transformative. They will
empower a vast array of new services, including traditional
critical infrastructure, like the distribution of electricity.
With all these services relying on 5G networks and the
masses amounts of personal data that they will provide, the
stakes could not be higher for securing these networks.
As countries around the world upgrade their communication
systems to 5G technology, we are urging them to adopt a risk-
based security framework.
I have been joined by colleagues from the full interagency
in probably hundreds of bilateral and multilateral meetings
over the last, almost 2 years now. I personally have done many
dozens of trips focused on 5G. I spent the Labor Day weekend,
in fact, with Chairman Pai visiting three countries in the Gulf
Region, including Saudi Arabia and Bahrain as well as going to
Germany. So we have a full-court press to educate our partners
about the security risks and ways that they can achieve a
successful future with 5G.
An important element of the 5G security approach that we
recommend is a careful evaluation of hardware and software
equipment vendors. The evaluation criteria should include the
extent to which vendors are subject to control by a foreign
government, with no meaningful checks and balances on its power
to compel cooperation of those vendors with intelligence and
security agencies.
While this should be applied to vendors in all countries,
our current concern is primarily with equipment vendors from
the People's Republic of China (PRC). Our assessment is that
the PRC could compel Chinese equipment vendors to act against
the interests of U.S. citizens and citizens of other countries
around the world.
If allowed to construct and service 5G networks, Chinese
equipment vendors will be in a privileged position in these
critical networks. They can be required by China's national
intelligence law to cooperate with Chinese intelligence and
security services and to keep that cooperation secret, and
there is no independent judiciary or rule of law to prevent
them from being required to take those actions.
This will provide Chinese Communist Party the capability to
disrupt critical infrastructure, intercept sensitive
transmissions, and acquire sensitive technology and
intellectual property as well as the information of private
citizens.
Not only will China have these capabilities, but it has
already demonstrated its intent to misuse and exploit data.
Chinese technology firms are working with authoritarian regimes
often hand-in-hand with the Chinese government to suppress
freedom of expression and other human rights through mass
arbitrary surveillance, censorship, and targeted restrictions
on Internet access. They have exported facial recognition
technology that they have perfected in the Xinjiang Province to
more than a dozen countries.
The PRC and Chinese firms also have a long history of
intellectual property theft to benefit their interests. We
should not allow 5G to be yet another vector for the PRC to
steal intellectual property.
Through our engagement, many other countries are now
acknowledging the supply chain security risk and beginning to
strengthen their 5G networks alongside the United States.
For example, Australia, Japan, and Taiwan have taken very
specific actions to protect their 5G networks from untrusted
suppliers, and in May, the Czech Republic hosted more than 140
representatives of 32 countries from around the world as well
as the European Union (EU) and North Atlantic Treaty
Organization (NATO) to build consensus on a common approach to
5G security.
This effort produced what is known as the Prague Proposals,
a set of recommendations on how to build securely and
resiliently 5G networks based on free and fair competition,
transparency, and the rule of law.
We have been working to advance the principles in the
Prague Proposals by encouraging other countries to endorse
them. We have also signed a number of memorandums of
understanding (MOUs) for research and development (R&D) in the
application of 5G technology with like-minded countries,
including Romania and Poland and will soon sign one with
Estonia. We are also working with many other countries in the
same regard.
On October 9th to be exact, the European Commission and EU
member States released their own coordinated risk assessment on
5G. We were very encouraged that the risk assessment clearly
identified the risk that 5G network suppliers, of them being
subject to pressure and control by a third country, especially
in countries without, ``legislative or democratic checks and
balances in place.''
The EU risk assessment itself is a sign of progress in our
5G campaign, and it demonstrates that our allies and partners
are recognizing the risk of untrusted vendors, but our work is
far from over.
Next, the European Commission and member States will use
that assessment to develop and agree upon a toolbox of security
measures by the end of the year. It is vital that this toolbox
address the vulnerabilities and risks that have already been
identified in their assessment, including from untrusted
suppliers, and that member States then implement those security
measures in their own binding national measures to safeguard
their networks, just as we are doing in the United States.
Thank you for the opportunity to appear today.
Chairman Johnson. Thank you, Mr. Strayer.
Our final witness is Jessica Rosenworcel. Ms. Rosenworcel
currently serves as a Commissioner for the Federal
Communications Commission. In this role, she works to foster
economic growth and security, promote accessibility, and
develop policies to help expand the reach of broadband to
schools, libraries, hospitals, and households across the
country. Prior to joining the FCC, she served as senior
communications counsel for the United States Senate
Committee on Commerce, Science, and Transportation. Ms.
Rosenworcel.
TESTIMONY OF THE HONORABLE JESSICA ROSENWORCEL,\1\
COMMISSIONER, FEDERAL COMMUNICATIONS COMMISSION
Ms. Rosenworcel. Good morning, Chairman Johnson, Ranking
Member Peters, and members of the Committee.
For the last decade, the United States has led the world in
wireless technology and performance, and we have reaped the
benefits. The smartphone revolution began here on our shores,
and it helped secure our global dominance in the technology
sector.
---------------------------------------------------------------------------
\1\ The prepared statement of Ms. Rosenworcel appears in the
Appendix on page 71.
---------------------------------------------------------------------------
So now let me be blunt. That authority is being challenged.
Extending this leadership into the next generation of wireless
technologies known as 5G is going to be difficult. Of course,
it is worth the effort because these networks are going to
kickstart the next big digital transformation.
However, earlier this year, the Defense Innovation Board,
which is our military's premier advisory board of academic
researchers and private-sector technologists, surveyed the
State of 5G networks and issued a sober warning. They found
that the country that owns 5G will own innovations and set the
standards for the rest of the world, and that country is
currently not likely to be the United States.
This is a clarion call. Other nations saw very clearly the
success the United States had in the last generation of
wireless technology, and they are working overtime to ensure
they secure a leadership position in 5G.
We see it in deployment. Switzerland, South Korea, China,
Germany, and Japan are making great strides with their 5G
efforts. We see it in activity in standards bodies, like 3rd
Generation Partnership Project (3GPP) and the International
Telecommunication Union (ITU), where 5G specifications are
being hammered out right now.
And we see it in patents and equipment. Chinese companies
own 36 percent of all 5G standard-essential patents. Here in
the United States, our companies hold just 14 percent. In fact,
there are no longer any United States-based manufacturers of
key 5G network equipment. The truth is we are facing well-
resourced challenges to our 5G leadership from every direction,
and so far, we do not have a comprehensive national plan to
meet this challenge. We need one, and here are four ideas it
should include.
First, if we want to lead in 5G, we have to secure the 5G
supply chain. To this end, at the FCC, we have a rulemaking to
ensure that our universal service fund (USF), which provides
billions annually to help support broadband in rural America,
will not be used to purchase insecure network equipment. This
rulemaking has inexplicably stalled at the agency for the last
year and a half, but now perhaps since you announced this
hearing, we have publicized we will vote on this in 3 short
weeks.
Second, we need an approach to supply chain security that
recognizes that despite our best efforts, secure networks in
the United States will only get us so far. We need to start
researching how we can build networks that can withstand
connection to equipment vulnerabilities around the world.
One way to do this is to invest in virtualizing radio
access networks Open Radio Access Network (O-RAN). If we can
unlock the RAN and diversify the equipment in this part of our
networks, we can increase security and push the market for
equipment to where the United States is strongest in software
and semiconductors.
Third, we need smarter spectrum policy. To date, the FCC
has aggressively focused its early efforts to support 5G
wireless service by bringing only high-band spectrum to market.
This is a mistake. The rest of the world does not have this
singular focus on high-band spectrum and with good reason.
These airwaves have substantial capacity, but the signals do
not travel far. That means commercializing them in all but our
most urban locations is impossible. This is not good for rural
America, and it could mean with 5G, we deepen the digital
divide.
So the FCC needs to change course and make it a priority to
auction mid-band spectrum, which is better suited to extend the
promise of 5G service to everyone everywhere.
Fourth and finally, with 5G, we are moving to a world with
billions of connected devices around us in the Internet of
Things. We need to adjust our policies now to plan for this
future.
Here is what that could look like. Every device that emits
radiofrequency at some point passes through the FCC, and if you
want proof, just pull out your smartphone or look at the back
of your computer or television. You will see an identification
number from the FCC. It is a stamp of approval. It means the
device complies with FCC interference rules and policy
objectives before it is marketed or imported in the United
States. The FCC needs to revisit this process and use it to
explore how we can encourage device manufacturers to build
security into all new products.
And to do this, we could build on the National Institutes
of Standards and Technology's (NIST) draft set of security
recommendations for devices in the Internet of Things, but the
most important thing we need to do is get started right now.
Chairman Johnson, Ranking Member Peters, and Members of the
Committee, thank you for having me here today. I look forward
to answering any questions you might have.
Chairman Johnson. Thank you, Ms. Rosenworcel.
I really appreciate the attendance of my colleagues here,
and so out of respect for their time, I will delay my
questioning and turn it over to Senator Peters.
Senator Peters. Thank you, Mr. Chairman.
On Monday, Chairman Pai of the FCC presented a plan to
address the supply chain risk in our networks. This includes a
proposal known as ``rip and replace'' that would require
carriers receiving support from the universal service fund to
remove existing equipment and services deemed to be of national
security risk from their networks and provide financial
assistance to those companies that do that.
To Commissioner Rosenworcel, is there a comprehensive
database or map where Huawei and ZTE equipment has been
deployed in the United States?
Ms. Rosenworcel. Thank you, Senator Peters, for the
question.
No, there is not right now. It is my hope that with this
proceeding, we can develop one. We know we need to. Much of
this equipment lies next to military bases in this country. It
is insecure, and we need to move it out.
Senator Peters. So who should be developing it, and what
process would that look like?
Ms. Rosenworcel. I think we have to start with our Notice
of Proposed Rulemaking and seek comment on where this equipment
lies, how much of it is out there, and at what point in its
useful network life cycle it is at, because we have to
understand where it is before we decide what dollars we make
available to help rip and replace it.
Senator Peters. Mr. Krebs, and then I would like the rest
of the panel to comment. If we do pursue this rip and replace
approach, should it apply to all equipment, without exception?
Mr. Krebs. Can you clarify? Do you mean just within rural
deployments, or do you mean Huawei and----
Senator Peters. Huawei and ZTE.
Mr. Krebs [continuing]. Globally Information and
Communications Technology (ICT) across the United States and
every environment? I would hesitate to go that far. I think we
need to look and understand where the risk truly is and focus
our efforts there, particularly if we are talking Federal
resources getting into play here, but again, focus on where the
risk lies and focus our efforts there.
Senator Peters. If we could just go down the panel, if we
could, please.
Ms. Rinaldo. Yes. I would just echo that. NTIA works
closely with DHS in their Information and Communications
Technology and Services Supply Chain Risk Assessment Task
Force. So these are the types of the conversations that we are
having, understanding that there is only a certain amount of
money available. We want to make sure that we are being smart
with that deployment.
Mr. Strayer. I think it is important to recognize, Senator,
we are talking about existing 4G networks that have this
unsecure equipment. We move to 5G; the risk profile changes
dramatically and really increasing the cyberattack surface
area. So more parts will become critical, as there is the smart
computing moving out to the edge more. So I think a vast new
array of technology that is not considered critical will become
so in the 5G network.
Ms. Rosenworcel. I largely agree with my colleagues, but I
would say the primary focus right now should be the $4.5
billion a year that the universal service fund contributes to
rural carriers across this country to deploy broadband.
Senator Peters. Well, that actually is a question. How
should the cost and impacts of rolling this out in rural
communities be factored into the risk-based decisions that I
think I have heard everyone say? How would you do that?
Ms. Rosenworcel. I think we have to start with this
rulemaking and make some assessments about it and work with
this Committee to identify what our priorities should be, but I
think that we can all agree that the goal is to take this
equipment out of our networks and to make sure it is no longer
there as we head to 5G.
Senator Peters. Anybody else on rural?
Yes, Mr. Krebs.
Mr. Krebs. I think this is the right course of the
conversation. I think what we also need to focus on are what
are the economic realities of a flash cut of pulling this
equipment out today from 4G, what as you mentioned, what
Commissioner Rosenworcel mentioned, what is the life cycle. How
are they going to age this stuff out if it is going to happen
over the next 12, 18, or 24 months? And we can contain or
manage the risk. Maybe we let it go naturally through the
process.
Just yesterday in Denver, Colorado, the U.S. Chamber of
Commerce hosted an event, a Rural Engagement Initiative, that
brought regional rural providers together with representatives
from everyone that you see up here. In fact, some of the folks
in the room were there.
One of the outcomes that came out of that engagement was on
the provider side, the telecommunications provider side, to
help develop what a playbook looks like for flash cut and what
the associated costs might be.
So, again, I think we are on the right track. I think a
Request for Proposal (RFP) or a radio frequency interference
(RFI) process is likely a good way to elicit information as
well.
Senator Peters. I think you raise an important point. We
are going to have a gap if there is a ban on Huawei and ZTE.
How would the Administration deal with the costs associated
with that? Any idea?
Mr. Krebs. I think that is the right conversation to have
between the Administration and Congress on what the appropriate
cost sharing or the cost burden between Federal Government and
the private sector and, in some cases, State and local
authorities of who is ultimately responsible.
Again, we are not talking about pulling all this stuff out
tomorrow. There is a reasonable plan likely that would allow
for transitioning out over the next year and a half to 2 years.
Senator Peters. Commissioner?
Ms. Rosenworcel. I agree with that. The estimated costs of
removal right now are between $700 million to $1 billion, but
the one good fact we have is we have a template for this.
Congress in 2012 asked the FCC to help with the relocation
of broadcasters in the 600 megahertz band and set aside funds
for us to do just that. We should borrow the template we used
for that repurposing of equipment. It involves audits, site
visits, certification of where equipment is and is not, because
I think it has worked well, and I think it could serve us well
in this environment too.
Senator Peters. If the FCC proposal is approved, American
companies and citizens will still have to transmit and connect
with networks abroad, as I think you mentioned, Commissioner,
in your opening comments, that use Huawei and ZTE equipment.
My question is for you, Mr. Strayer. Does the FCC's most
recent action protect U.S. equipment and networks from
vulnerabilities abroad, or do you share some of the concerns
that we have heard from the Commissioner?
Mr. Strayer. I think the primary concern abroad will be
that as we are increasingly interconnected, if there is ability
to disrupt critical services abroad, that will quickly have an
impact in the United States. So they will have follow-on
impacts almost immediately in the United States from having
unsecure networks if they are compromised by having untrusted
vendors.
Senator Peters. Commissioner, can you expand on your
comments that you made in your opening?
Ms. Rosenworcel. Yes. Listen, I think my colleague here,
Rob, has done incredible work going around the world and
pressing our diplomatic case for removing this equipment from
other nations' networks and not investing in it for 5G, but the
truth is we are going to need other plans on the table too.
That is why I mentioned virtualization of the Radio Access
Network. We are going to have to start thinking about
technologies that allow us to be secure in a world when we have
to connect to insecure networks.
Senator Peters. Great. Thank you.
Chairman Johnson. Thank you, Senator Peters.
A real quick comment on the rip and replace. Ms.
Rosenworcel, you are quoting figures that I also heard from
some of the vendors. I would just suggest, as we are trying to
undertake that study to talk to those alternate vendors because
they probably bid on this, and they probably know exactly where
that equipment exists, not only here, but also in Europe, which
would be a little bit more expensive.
But, again, the 700-to $1 billion when you are talking
about a significant national security threat, that sounds like
probably a pretty manageable cost that we ought to seriously
consider. But, again, I would really suggest that government
agencies go to those alternate vendors who probably quoted on
this.
Next, Senator Hassan.
OPENING STATEMENT OF SENATOR HASSAN
Senator Hassan. Well, thank you, Mr. Chair, and thank you
to you and Ranking Member Peters for holding this hearing.
Thank you to our witnesses for taking the time to testify
and help educate us all on this topic.
As a Red Sox fan, I will give a begrudging congratulations
to the Nats but acknowledge that we waited 86 years. The Nats
waited 95. So we feel your joy this morning.
I wanted to start with Ambassador Strayer on this topic of
our diplomatic efforts. I recently traveled to India and met
with India's cyber coordinator. During this meeting, we learned
that while India is very concerned about privacy and about some
of the warnings that we have been trying to impart about
Huawei, the country is seriously considering using Huawei's
infrastructure for India's 5G rollout.
They talked about, ``Well, we are just doing a pilot. They
could come and do the pilot.'' I said, ``How long would the
pilot last?'' They said, ``A year.'' That is a long time.
Moreover, many of our European allies who are ordinarily
concerned with transparency and data privacy are still
considering incorporating Huawei devices into their 5G
infrastructure, even though alternatives are available from EU-
based companies.
So, Ambassador, can you tell us what else we should be
doing as kind of a follow up to the Commissioner's points? What
else should we be doing to convince allies, partners, and other
nations to move away from Huawei and ZTE infrastructure? What
resources do you need to succeed in this mission?
Mr. Strayer. Thanks for that very insightful question. I am
glad you were able to raise that with the Indians.
We were doing a similar dialogue with them just a few weeks
ago. There is no doubt that the cheap price point for some of
the Huawei and ZTE equipment has allowed them to get into, if
you will, the legacy networks. As they move to 5G, many of the
telecom operators argued that it is going to be cost
prohibitive for them to use a more secure vendor.
There is analysis that shows that myth busting a lot of
these arguments that the telecom operators are throwing out
there.
First of all, they are not going to fall behind
technologically if they go with one of the EU vendors or
Samsung. In fact, Reliance Jio, one of the largest telecom
operators in India, is using almost exclusively Samsung at this
point, and, of course, we in the United States are using those
providers. There is no way you fall behind technologically.
There is also no real concern or should not be a serious
concern about cost. Any technology in the networks that is pre-
2016 has to be replaced anyway. So you are only looking at the
last couple years of deployment, and there are ways to make
that be replaced on a normal life cycle.
There are other concerns that these countries have that
include kind of coercive measures that the Chinese can use
against them if they were to not allow their national chain to
participate.
Senator Hassan. So, given that, let us just follow up for a
minute. I understand all those arguments. They are some of the
same arguments I have been making to countries like India,
along with you, but it does not seem that our partners are
listening. So what else should we be doing, or what additional
resources do you need?
Mr. Strayer. So, on that front, I think we are getting the
understanding. Almost every country now says they will prohibit
the untrusted vendors from the core of their network. So that
begs the question why allow them in the edge, and what is the
value of the data that is at the edge that they are going to be
willing to give up?
As far as additional resources, we are already thinking
about how we have initiated programs to help improve
connectivity, and that is trusted connectivity in developing
countries. So we already have some of that moving in the right
direction as far as resources to help develop trusted networks.
It would be helpful as you as Senators or delegations to
these countries around the world that you talk to their
parliaments. This is not just a technical discussion. Some
would want this to be resident in some kind of technical
telecom discussion. This is really about our fundamental
values----
Senator Hassan. Yes.
Mr. Strayer [continuing]. And about geopolitical threats
because it is inherently impossible to test your way into
security when it comes to telecom technology, and that is
because you can always insert a back door in the tens of
millions of lines of code.
So if you as members are willing to go out there and talk
to parliamentary colleagues around the world, I think that
would help us a tremendous amount to make sure that they are
invested in the political process. This, at the end of the day,
has to be a political process, not just a bureaucratic process.
Senator Hassan. OK. Then to follow up on that point, to all
of the witnesses--and very quickly, if you can--5G is still
taking shape. Technical standards that guide how 5G will
ultimately work are being actively developed in international
standards-setting forums, and you have all referenced that.
It is vital that the United States drives this
conversation, and that China is not allowed to dominate the
future of 5G to the detriment of the United States and our
allies.
So from each of you, how are your organizations
coordinating engagements in the international standards bodies
in order to counteract China's influence? Because China is
being really aggressive on this.
I will start with Mr. Krebs.
Mr. Krebs. So we directly coordinate both through the NSC
process and also as an operational agency to agency to ensure
that when we deploy to the 3GPP or other standards bodies that
we have consistent direction and priorities working with our
industry partners.
Senator Hassan. OK. Ms. Rinaldo, anything to add?
Ms. Rinaldo. Yes. NTIA actually participates at 3GPP on
public safety issues as well as FirstNet, which resides under
us. So we are there on the floor talking to people.
Senator Hassan. OK. Go on.
Mr. Strayer. The international conferences on worldwide
spectrum policy is taking place right now in Sharm el-Sheikh,
Egypt. We have a delegation of 120 people from the private
sector and from government there. Chairman Pai is there. We
have an ambassador from the State Department there leading
that. So we are leading these international bodies.
I think that this word about standard essential patents,
you can carve that a lot of ways. Certainly, the Chinese
propaganda has been to assert that they are leading, but there
is a report out today that says Intel and Qualcomm have the
most valuable of what are likely to be standard essential
patents.
So it is a competitive space, and we need to be vigilant,
but I think we are in a very good place for the future.
Senator Hassan. Go ahead.
Ms. Rosenworcel. I agree with you that we need to assess if
all this interagency coordination is really working, and the
best way to do it is after the World Radio Conference, which is
taking place right now in Egypt, to come back and assess what
our experience has been with the 193 nations and how successful
we have been at moving our spectrum policies forward.
Senator Hassan. Thank you.
I have a couple other questions. Mr. Krebs, briefly, I want
to invite you to come to New Hampshire and work with some of my
local and county folks on the issue of ransomware because I
think we need to have increasingly better partnerships on that.
So can you commit to helping us with that?
Mr. Krebs. Absolutely. This is a huge area of focus for us
right now, not just on normal State and locals, but also as we
think about elections and voter registration databases, a big
initiative area for us right now.
Senator Hassan. OK. Thank you.
I am running out of time, but I am going to ask--if I come
back and we are still having the hearing, I want to follow up
with Commissioner Rosenworcel on the issue of the FCC auction
of mid-band spectrum and how important that is going to be in
terms of the rural-urban digital divide. So I hope to follow up
with you on that.
Thanks.
Senator Johnson. Quick answer, it is important.
Senator Romney.
OPENING STATEMENT OF SENATOR ROMNEY
Senator Romney. Thank you, Mr. Chairman, and thank you to
each of you who are working in this very vital area.
In a lot of respects, it is sad that we are having to hold
this hearing. It is extraordinary that China has been able to
take such a substantial lead in an area that is not only
important for us economically but vital to national security,
and my prediction is that we will be repeating this picture
again and again in various other areas that are important
economically and with regards to our national security.
This is the first example of what is going to happen again
and again, and I guess I would like to address my question to
all of you or whoever would like to respond to it as to how it
is, if you will, free market economies were unsuccessful in
establishing our own lead with regards to 5G--how is it that
Chinese companies were able to get so far ahead of us on the
track that we are trying to chase them and catch up to them?
I would note that China has a very clear strategy as to
where they want to be in 5G but also economically,
geopolitically, militarily, and we as a nation do not have a
strategy. We respond on an ad hoc basis. When we see them ahead
on the track, we say, oh, we have to do something about that,
but always chasing your competitor is not a successful
strategy.
And not only do we not have a strategy to deal economically
with a player that does not play by the rules, we do not even
have a process under way or much focus under way nationally to
describe how we are going to compete with a nation that
continues to break the rules, how we and the West will do so.
I only think this can be done on a collaborative basis with
ourselves and other free nations, and so we would keep
Ambassador Strayer from having to run around, country by
country, begging people, ``Oh, please do not do what is in your
best economic interest. Hold on because we have something
better coming along.'' This just does not make sense as a
strategy for our Nation.
I will go back to my question and say how is it we got so
far behind on 5G with such extraordinary companies, in many
cases, not in the United States, but companies in South Korea,
companies in the EU, that participate in this area? How did
China get such a big lead? Why did we let them get so far
ahead?
Mr. Strayer. If I may start, Senator. I would say at the
front end that we do have, roughly, a general strategic
guidance from our National Cyber Strategy, and we are taking on
China across a range of areas, especially holding them
accountable for their inability or their reluctance to
implement the rules-based international order that they agreed
to when we let them accede to the World Trade Organization
(WTO).
And I think it is also important in 5G to recognize that
Cisco, Intel, Qualcomm are world leaders in the technology.
What we do not produce is the hardware that forms this Radio
Access Network, and we are quickly moving in that direction and
thinking about how we can virtualize more functions and moving
to the area where we will be really strong, which is in
software with more generic hardware.
I think that is how we have a general mission. We are
talking to our partners and allies about trusted technologies,
emerging technology of the future to set the right rules of the
road, but fundamentally, these Chinese companies are not
competing in any type of capital system of free and fair
markets. They are being subsidized substantially. So we need to
think about targeted R&D and efforts to work with our allies to
see how we can each play to the best of our strengths.
Senator Romney. Thank you.
Mr. Krebs. As Ambassador Strayer mentioned, I think we are
kind of in a blip. The piece that the Chinese own the most is
the Radio Access Network. I think given some of the comments
and particularly Commissioner Rosenworcel mentioned about
focusing on virtualization and Open Radio Access Networks, I
think if we were to hold this hearing in a year to 18 months to
24 months, a completely different conversation about the
options, trusted options available in the marketplace.
So what we have to do is make sure that we sync up the
timelines, particularly on an international basis. I encourage
everyone, if you have not already, go look at the Huawei
Oversight Board Report that the United Kingdom (UK) issued
earlier this year. It is a pretty damning document in terms of
an evaluation of the security quality of Huawei products, and
this is from a country that has been assessing technically,
from a cybersecurity perspective, the quality of Huawei
products now for 10 years.
First, they said not much improvement over that 10-year
period. Moreover, the transformation plan that Huawei has
issued indicates that, by their own admission, Huawei's own
public estimates are that this transformation to bring Huawei's
equipment to a commercially reasonable cybersecurity posture
will take 3 to 5 years.
This is sufficient evidence for us, as Rob goes around the
world and talks about ``Do not make a bad decision now. You
will be paying for it for the next 10 years.'' This is the sort
of the evidence we need to say, ``Hold on. Let us work, and let
us incentivize this alternative trusted vendor base to emerge,
to flourish,'' and I think this is the opportunity in front of
us. We have to put a lot more effort in, whether it is DOD in
their RFP that they have recently issued or they will be
issuing on experimentation to encourage these companies to come
forward.
There is great opportunity in front of us. Again, my hope
is that a year from now, a little bit more than that, a
different conversation.
Senator Romney. Please.
Ms. Rinaldo. Just to echo those comments, at the Department
of Commerce, we really look to answer that question. If not
them, then who? And we do see the American companies, the
software vendors that are going to fill that void, with
software-defined networks.
You also often hear that the Chinese sent swarms of people
to the standards body, and they vote en block. Whereas, we go,
work with our partners, work with industry, but that is where
you are going to get the best product.
I think as we discuss what is the answer to our success,
how do we win the race to 5G, it is not being more like them.
It is doubling down on us. So that is what we are focusing on
and collaborating together on.
Senator Romney. Thank you.
Ms. Rosenworcel. Senator, I think you are right, and I
think the evidence is around for all of us to see.
In today's Wall Street Journal, it mentions how China will
have 130,000 cell sites equipped for 5G by the end of the year.
South Korea will have 75,000, and the United States will have
10,000. The truth is we have rested on our 4G laurels, and that
is not a good place to sit. If I had to choose one thing that
we should change right now, we need a spectrum strategy that
makes sure 5G service gets to everyone all across the country.
We have doubled down in the United States on auctioning
high-band spectrum, which propagates between one corner of this
room and the other. We will never make that an economic way to
deploy 5G everywhere, and it will reduce our power and our
scale for equipment, devices, and innovation.
Senator Romney. Thank you.
Chairman Johnson. Just real quick, as long as we are on the
topic, I do want to throw out the question. Does it make sense
for the Federal Trade Commission (FTC) to be suing Qualcomm
under antitrust? Does that lawsuit continue to make sense? Ms.
Rosenworcel
Ms. Rosenworcel. That is outside of my jurisdiction, but I
will acknowledge that----
Chairman Johnson. It is close--FCC, FTC.
Ms. Rosenworcel. Yes, I know. It is just one letter, right?
I will acknowledge that the United States has really
powerful operators when it comes to software and
semiconductors, and we should figure out how to use that as we
forge our way into the future.
Chairman Johnson. Anybody else want to comment on that? It
has me scratching my head. Senator Lankford.
OPENING STATEMENT OF SENATOR LANKFORD
Senator Lankford. Mr. Chairman, thank you. Thank you all
for the work that you are doing on this. It is exceptionally
important.
I have a lot of folks that will catch me about the access
to data that Facebook or Google or different Internet providers
will have--or Microsoft will have, and they will say they have
access to a lot of data. I will typically smile at them and say
no one has more access to your data than your cell phone does
because they have all of those plus a whole lot more, and it is
remarkable to me how little focus there has been on the
security around everything that goes through your cell phone.
And for folks in rural Oklahoma, they would tell you that
many of their irrigation systems are connected to their cell
phones. Control systems for valves are connected to cell
phones. So whether it is energy, agriculture, or manufacturing,
it all goes through this cell network. So thank you for your
focus on the 5G on the security because we cannot get this
wrong, because every bit of our data and every bit of our
manufacturing and our systems and our inventions all go through
this system. So I appreciate you doing this.
Let me come back to the spectrum conversation. Why is not
there a conversation on the mid-band right now?
Ms. Rosenworcel. Well, there is a conversation, Senator, on
mid-band spectrum right now.
My primary concern is that the FCC during this
Administration has chosen to put all of its earlier efforts on
high-band. We have auctioned the 24 gigahertz band, the 28
gigahertz band. By the end of this year, we will have the 37
gigahertz band, the 39 gigahertz band, and the 47 gigahertz
band.
Senator Lankford. So why not the mid-range?
Ms. Rosenworcel. You and I have the same question. I think
we should have prioritized the 3.5 gigahertz band and done it 2
years ago because those are the airwaves that are going to help
us reach rural America and urban America.
We are making a mistake, and the rest of the world is not
auctioning high-band spectrum. There are 16 nations right now
that have already brought mid-band spectrum to market. That is
where the bulk of the economy is going for wireless, for 5G,
and the United States is behind.
Senator Lankford. So let me switch topics on that, because
that is helpful. We will follow up on it. Let me switch topics
on the hardware side of the manufacturing in this system.
You have all mentioned that one of the issues we have is
not necessarily the software. We have a lot of software that is
currently very innovative. It is the hardware manufacturing
side of that.
What is missing in the hardware side of it is that we have
just outsourced the hardware for so long to China and to other
places that we just do not have the locations. Is it a raw
material issue? It is certainly not a creativity nor capital
issue. We have that in the United States. So what is the gap on
the manufacturing side?
Ms. Rinaldo. On the manufacturing side, I have heard--that
40 percent of the makeup of the network is actually American
manufacturing companies. It is the RAN that does not have a
U.S. hardware manufacturer.
Senator Lankford. Correct. That is the part I am talking
about.
Ms. Rinaldo. Right. I think when we talk about software
defined networks to innovate around that problem, that is where
we are going to inject the innovation to create the networks of
the future. So that is what we are focusing on now, and we
believe there is beta testing as we speak, and that it could be
a reality in as early as 18 months.
Senator Lankford. So you are saying the radio access is not
as needed if we can have a software workaround?
Ms. Rinaldo. Correct.
Mr. Strayer. Senator, I would just point out that the
reason that the old Bell Labs became Lucent and it got bought
by Alcatel, a French company, that got bought out by Nokia--so
there is still research going on in America in this area. It is
just that it is owned at the headquarters level in Europe, and
there is going to be new manufacturing by Ericsson in Florida.
There is Samsung fabrication of chips going on in Austin,
Texas. They put $17 billion into it. So there is going to be
manufacturing.
The long-term solution, I think, is the lines of the acting
administrator's point, but we do see manufacturing here. And
there is obviously competition coming from China that is
massively subsidized. So that is really where the market is
failing is in subsidization.
Senator Lankford. Mr. Krebs, this is something you track
all the time on the supply chain issues. As you know extremely
well, if we have one bad link with data, that is the spot to
get a chance to infiltrate unlimited amounts of data. When you
start looking at supply chain issues, where do you see the gap?
Where do you see the engagement? What is it that the U.S.
Congress and the U.S. Government needs to be involved in, or
what do we need to do less of to allow that market to be able
to grow?
Mr. Krebs. I think supply chain is an emerging area of
focus for certainly my agency but the rest of the
Administration. It is much like cybersecurity. It is about
identifying where the risk lies, managing that risk
appropriately, and putting your attention where the gaps are.
This time last year or a little bit earlier, we established
an Information and Communications Technology Supply Chain Risk
Management Task Force. Again, all the agencies here are
represented on that task force, 20 Federal agencies, 20 tech
companies, and 20 coms companies, 4 different work streams.
One, first and foremost, is, What does information sharing
look like on supply chain risks? Second, what is a threat
profile or the categories of threats we need to be concerned
about? Third is, How do we develop trusted qualified bidders
list, kind of white listing? And, last, how do we incentivize
purchasing from original equipment manufacturers and trusted
resellers to eliminate the counterfeit problem?
This is an incredibly important area of work because it
gives everyone, whether you are super-sophisticated, highly
leveraged and invested in supply chain issues, or down to just
your average, somewhere, subcontractor in a supply chain
conversation. It gives them a common operating language or a
common framework by which to assess.
One of the big things that I think came out of this
conversation is when we talk about information sharing, when we
talk about sharing threats of companies that may be of concern,
there are examples--the National Regulatory Framework 10, Code
of Federal Regulations (CFR) Part 21, has a reporting of
defects and noncompliance. If you come across something in
supply chain, you have to report it.
There is no similar standard for other high-risk areas of
infrastructure.
Senator Lankford. Is that a gap in the law? Is that a gap
in regulatory?
Mr. Krebs. I think, at this point, it is probably both, but
I would focus on how do you have a company that comes across an
issue with an untrusted vendor. They have significant civil
litigation risk for publicly outing that company. How do we
give them the appropriate information-sharing protections that
they can make a report into whether it is government or other
industry partners, get away from antitrust issues,
anticompetitive issues? This is an area that I think we think
needs more attention.
Senator Lankford. Let me bring up two quick things on this.
One is, as we are going through supply chain conversation, we
need to deal with the raw materials and rare earth minerals.
That has been a weak area for us as a Nation. We have been
complacent to allow rare earth minerals to come from China and
to say, well, they are going to manufacture, they are going to
mine, they are going to handle all that, but we have
environmental issues, and so we are not going to do rare earth
minerals.
We can do it cleaner and better than anywhere else in the
world, and we should lean in on that one. That is near where we
need to identify.
Ms. Rosenworcel, one of the areas that is not related to
this, but every time I see anyone from the FCC, I bring up one
issue with them, and that is prison cell phone jamming. We are
not going to talk about it, but I just want to be able to bring
it up and to say it is allowed in Federal prisons. It is not
allowed in State prisons, and that is an area, a gap in the
law, that we need to address. But we need FCC's engagement on
working through standards for when that jamming device is
actually done and tested. They will want to test against a
group of standards. FCC is the one who has to establish that.
We have major problems with contraband cell phones across
the entire Country in prisons, and we need the FCC to engage in
this area.
I know it is a surprise question to you. I am not going to
ask you to respond to it, but I am not going to also miss the
opportunity to say we need that.
Thank you.
Chairman Johnson. Senator Carper.
OPENING STATEMENT OF SENATOR CARPER
Senator Carper. I remember, Senator Lankford, being down in
Guatemala, maybe with Senator Johnson. We were meeting with the
president of Guatemala, and I said to him, ``You know, we have
been visiting some of the prisons. You know, there is
technology that you have, Mr. President. Your prison guards are
allowing cell phones to be used by criminals in the prisons and
conduct their criminal business,'' and he said, ``Really?''
I said, ``Yes. There is technology that can jam those,''
and he said, ``Really?''
I said, ``Yes. You have it in your prisons.'' He said,
``Really?''
I said, ``Yes. And you do not use it.'' He said,
``Really?''
I said, Yes. You know who is responsible for making sure
that this stuff is there and has used it is your interior
minister. He is sitting right here, and he is not making sure
that is being done,'' and he said, ``Really?''
I said, ``Yes.''
Six months later, they were both in prison, and I hope they
are using their cell phones badly. But I think it is an
important point and not just for the United States.
Ms. Rosenworcel, I love your name. Have you always been a
Rosenworcel?
Ms. Rosenworcel. I have.
Senator Carper. OK, good. I would stick with that one.
[Laughter.]
You ran through four ideas to help secure U.S. leadership
on 5G. Just say those again quickly, and I am going to ask your
colleagues to respond to them and just say whether they think
you are making sense or not.
Ms. Rosenworcel. First, secure the supply chain. Second, we
need to think beyond supply chain and look to virtualization of
Radio Access Networks. Third, we have to be smarter about the
spectrum that we auction and auction more mid-band spectrum,
and fourth, we have to come up with policies to secure the
billions of devices in the Internet of Things.
Senator Carper. Mr. Strayer, nice to see you.
Mr. Strayer. Great to see you, Senator.
Senator Carper. In fact, do I call you ``Mr. Secretary''
now?
Mr. Strayer. No. I guess everyone has titles in this town,
but I will stick with being in a town with the Washington Nats
as the world champions.
Senator Carper. Very good. That is great.
Mr. Strayer. If I can respond just briefly.
Senator Carper. My favorite baseball team is the Detroit
Tigers. We had the worst record in baseball, but three of their
best former pitchers--four actually, Porcello, Red Sox. Gary
and I are both Tigers fans. We traded off Verlander. We traded
off Max Scherzer, and we traded off Sanchez. Someday we will be
good again. It will not be anytime soon.
Mr. Krebs. Thank you for those two pictures.
Mr. Strayer. The farm team.
Senator Carper. We have really good arms in AA and AAA.
Mr. Strayer. Right.
If I may, I completely agree that we need to work on the
supply chain. I do not know if I mentioned it yet today, but
President Trump signed an Executive Order on May 15th of this
year--he declared a national emergency to supply, to protect
our domestic communications technology, and that will soon be
followed by binding regulations later this year.
I think, 100 percent agree with the idea that
virtualization of the functions of the Radio Access Network
will be very important to allow the breakup of the proprietary
lock-in that many of the current Radio Access Network providers
have today, and that will also reduce cost on capital
expenditure as well as operational cost for providers. So it
can be very competitive with regard to some of the current
providers, such as those in China, if we move toward more
virtualization.
On the mid-band point, I think it is worth noting, first of
all, that getting to rural areas, under the T-Mobile/Sprint
merger, in the next 3 years, they are required to cover 97
percent of the U.S. population and in 6 years to cover 99
percent of the U.S. population.
Now, the FCC, I understand, is going to proceed with
proceeding on the 3.5 gigahertz mid-band spectrum next summer.
They had to prioritize some of the millimeter-wave, but I think
we should not denigrate the importance of millimeter-wave that
is going to be so important to manufacturing and other use
cases that are going to require the most maximal amount of
throughput, which is only available through millimeter-wave.
That is the kind of beauty of that technology is that it does
not go as far, but it has the greatest amount of data
transmission available.
Of course, Chairman Pai has said by the end of this fall,
we are going to have a plan to move forward on the C-band,
which is also mid-band, and I understand 2.5 gigahertz will
follow probably in the next year after that.
So we certainly need to keep moving forward with this, but
we have, I think, sufficient plans to ensure that we have mid-
band available in the blend of low-band, mid-band, and high-
band spectrum that we need.
Senator Carper. Thank you.
Ms. Rinaldo, I am going to ask you to answer briefly. Do
you find any of her four ideas favorable with you? Which ones?
Yes? No?
Ms. Rinaldo. Yes. Thank you.
So, at NTIA, we are the Federal regulator for government-
held spectrum. We also represent the Administration in FCC
proceedings, and the Administration believes that you need low-
,
mid-, and high-band in order to be most effective with the 5G
deployment.
The Making Opportunities for Broadband Investment and
Limiting Excessive and Needless Obstacles to Wireless Act
(MOBILE NOW ACT) tasked NTIA to look at the 3.1 to 3.5
GHZ Lands, and that review is currently under-way.
We have a report due to Congress next year.
As Deputy Assistant Secretary Strayer mentioned, there is
an auction next June on Citizens Broadband Radio Service Device
(CBRS), which is mid-band, and then there is one this December
on high-band. So we are hitting those important notes.
Also Commissioners Rosenworcel mentioned supply chain. The
Executive Order gives the Secretary of Commerce the emergency
authorities to make determination against transactions that
could be concerned with untrusted vendors in our network. So we
are currently putting together the regulations on that as well.
And we are all in agreement that software-defined networks
and Open RANs are going to be a game changer of for us.
Senator Carper. Alright. Thanks.
Do you agree with anything that she said? Ms. Rosenworcel,
that is.
Mr. Krebs. I agree with everything she said. Supply chain
security, a huge area focus for CISA going forward as well as
securing the Internet of Things.
Senator Carper. Alright. Thanks.
All of us could tell you stories about how some of our
students, our schools, our businesses are struggling in rural
parts of our States. We can all tell you stories for lack of
access to the Internet.
I would ask of you, Ms. Rosenworcel, if you would, having
said that, what is the commission--you talked about this a
little bit already, but what is the commission doing to ensure
that the Internet is accessible to all communities and that 5G
deployment is not another technological advancement that leaves
the rural communities even further behind?
Ms. Rosenworcel. Yes. Thank you, Senator. Such an important
question.
We need to do more. We have a digital divide in this
country. It is real. We have 12 million kids who cannot even do
their homework because they do not have Internet access. They
are in every State.
Senator Carper. Some of them are not complaining, but they
need to be doing their homework.
Ms. Rosenworcel. We want them to be able to access the
Internet and do their school work, and it is just a window into
this challenge we have. We have to fix it.
I think we would start with better mapping. I know that
Senator Peters has a bill on just this subject. Right now, FCC
maps wildly overstate where broadband is and is not in this
country. Go to every rural community. They will tell you. They
do not have service. Yet if you look at the FCC map, we found
one subscriber in a census block, and we decided that it is
available throughout. That is wrong. We are never going to know
where to devote our scarce Federal resources if we do not first
get our maps right.
Senator Carper. Let me just interrupt you. Aside from
grants, what other support can government agencies provide to
help advance Internet access?
Ms. Rosenworcel. I think that by refocusing now on mid-band
spectrum, we could make a meaningful difference in the
deployment of 5G. It propagates further and requires fewer
towers. It is more economic to deploy in rural communities, and
if we want rural America to see 5G, I think we have to focus on
that sooner rather than later.
Senator Carper. Alright. Thanks.
Mr. Chairman, Albert Einstein's wife as much--he was
married to a brilliant woman, and she was once asked if she
understood her husband's theory of relativity. And she
responded, famously. She said, ``I understand the words but not
the sentences.''
I just want to say that a hearing like this is helpful to
me in not just understanding the words but some of the
sentences too. So thank you all.
Chairman Johnson. Senator Portman.
OPENING STATEMENT OF SENATOR PORTMAN
Senator Portman. Well, Chairman, thank you for having this
hearing. I apologize. I had another commitment earlier, so I
did not get to hear all the testimony. But I did have a chance
to review it.
To me, this is ultimately about our competitiveness as a
Country, and we have kind of all the ingredients for a major
problem here. One is the importance of 5G. The other is a China
that I would say has become almost a techno-nationalist
country, where they use State power, and often a disregard for
international trade rules. This includes subsidies, but it also
includes tech transfer. And often it is driving market-oriented
companies out of business, and at the same time, we have a loss
of production here of 5G hardware.
You talked a lot about the supply chain this afternoon or
this morning, and I think that is part of the issue here.
In terms of being a driver for 21st Century competiveness,
5G just seems to me is very worrisome.
By the way, we started an Artificial Intelligence (AI)
Caucus here in the Congress. We are trying to avoid getting
sort of a decade behind on artificial intelligence. It is, in a
sense, what I think we have on 5G. So this hearing is really
timely and really important.
Commissioner, I was just listening to some of your
responses, and by the way, I totally agree with you on the
maps. It concerns me because, in rural Ohio, we have some areas
that under the FCC map are said to have broadband capability,
and they do not, certainly not for the school children but also
not for a lot of our small businesses that are eager to be able
to expand in some of our rural areas, but are being told it is
going to be a long time and a big expense to get the ability to
have fast Internet. So they tend to go to the urban areas;
therefore, Columbus is expanding substantially but not
southeast Ohio.
On the issue of Chinese technology being at the center of
the 5G future, I think we cannot concede that. We have to
figure out how to deal with that.
There are some non-Chinese 5G hardware providers, I am
told, but there is no provider of that hardware in the United
States; is that correct?
Ms. Rosenworcel. That is correct.
Senator Portman. What policies do you believe we should
adopt to promote the reshoring of this production, and do you
believe the United States can rely on some of these non-Chinese
suppliers as an alternative?
Ms. Rosenworcel. Thank you for the question.
First, I am confident that we are going to figure a way to
make sure that the United States succeeds, but here is some
important data points. At the turn of the millennium, there
were 13 big network equipment providers around the world. By
the time the 4G revolution started, there were seven. Now we
have three or four, and I think we have to be honest about the
fact that we are allowing consolidation to take place among our
largest wireless providers. And by doing that, we are reducing
the number of providers that equipment manufacturers can sell
to. It gets harder and harder to get into the business under
those circumstances. That is a problem.
I think our way out is to instead focus on where we are
best, which involves software, and so what we need to do now is
what you have heard from some of my colleagues--and it is in my
testimony--is we have to look at the Radio Access Network and
identify how we can introduce virtualization there. That would
mean using off-the-shelf hardware, but its intelligence would
come from United States sources and software. I think that is
where we need to focus our energies, and I would like to see
the FCC develop some testbeds and policies to encourage that to
happen.
Senator Portman. Can that be done with the current
consolidation, or are you saying that these supply chains are
necessarily limited because of the fewer buyers, customers?
Ms. Rosenworcel. I think we have harmed ourselves with the
current state of consolidation. It is hard to ask new entrants
to get into a marketplace where there are a very small number
of potential purchasers.
But under these circumstances, I think what we have to do
now is go to what we do best, and that is software.
Senator Portman. Focus on software. OK.
Let me touch quickly on standards. This is a topic that may
or may not have come up here today. Probably not because it may
seem a little esoteric, but I have raised this issue at the
Belt and Road hearings we have had at the Senate Foreign
Relations Committee as well because I think it relates directly
to what is really happening out there on the international
front.
China has increased their membership in these international
standard-setting bodies substantially and take it very
seriously. We do not. It does not mean that China is going to
hijack all these international standard-setting bodies, but it
does mean that our interests are not going to be well
represented unless we begin to put more emphasis on it.
So I do not know. Maybe, Secretary Strayer, since you use
to work for this Committee and also the Senate Foreign
Relations Committee, we will focus on you on this one.
In general, what do you believe the government can do to
incentivize increased participation in the international
standard-setting bodies, and specifically, do you believe that
by making it easier to grant visas for foreign individuals to
come to this country that we could have more of these standards
conferences in the United States? Because we do not typically
have them here anymore. And can we incentivize more of these
conferences to be happening here and get more U.S. involvement?
Mr. Strayer. Yes. Thanks for that, roughly, two-part
question, and I just want to break up the standards-making
bodies, between those that are dominated by governments that
are multilateral, like the International Telecommunication
Union, the big 5G conference that they are having to harmonize
worldwide spectrum policies, occurring right now in Sharm el-
Sheikh, Egypt. We have more than 120 U.S. Government officials
and private-sector delegates representing us there.
So we are taking a pretty aggressive posture in all of
these standards-making bodies, and I think I can let my
colleagues talk a little bit about what they do, what the
Commerce Department and others, how they are involved
internationally in these standards-making bodies. But we are
vigilant about what is going on there.
We have noticed that the Chinese have come in, in larger
forces there. We think there has been a pretty successful
distribution of patents coming to U.S. companies and to western
companies generally. We work closely with our partners to
ensure that we are having the right policy outcomes in all of
those conferences.
I think it is also important that we think about how we can
encourage the private sector to participate fully in standards
bodies. Companies partake in standards bodies because they see
a value in them. Some companies just run to market with the
latest technology. So there has to be a reason that they are
participating in the standards body itself because that takes a
lot of resources from their own internal research and
development efforts to actually participate in these standards
bodies, which can take years to bear fruit. So I think we can
think about policies on that front.
Senator Portman. How about the conferences? My question was
in part about these visas and the fact that we are not having
the conferences here in this country and that puts us at a
disadvantage.
Mr. Strayer. So we are looking at hosting a broadband
conference next year, and so I think we are analyzing that.
One of the issues is that we have National Security Reviews
for people coming to our conferences, and the world wants to
participate in our conferences, including some countries. We
have very substantial concerns about the activities of their
governments and some of the officials in their governments.
Senator Portman. So when was the last time we had a
conference in the United States?
Mr. Strayer. I know we had an IT conference about 20 years
ago.
Senator Portman. About 20 years ago?
Mr. Strayer. And that is just one narrow sliver.
But we host all kinds of meetings all the time here on a
smaller delegation level. All of Western Hemisphere comes here
to Washington for the pre-meetings for the larger global----
Senator Portman. Do you think it would be helpful to have
some of the global conferences here on standard setting?
Mr. Strayer. Yes. But I am not sure that it is impeded by
the visa issue.
Senator Portman. Is it impeded by the visa issues?
Mr. Strayer. I do not know that it is. You are telling me
this. I mean, we can look at that.
Senator Portman. We are told that it is, and also, with
regard to standards-setting on the private-sector side, we have
an issue of American participation that we have to address. So
I hope you will be doing that in your role.
Thank you, Mr. Chairman.
Chairman Johnson. Thank you, Senator Portman.
I want to go back to mid-band and just ask a question. Are
there bureaucratic road blocks preventing that, or are we just
moving too slow on it?
Ms. Rosenworcel. Thank you, Senator.
I think we are moving too slow. There are 16 other
countries that have already brought mid-band spectrum to
market. They are developing scale that we do not yet have.
I think that, frankly, the Administration made the easy
choice, which was to focus on fairly unoccupied high-band
airwaves first and push them to market through auction, but I
think that is a strategic mistake.
Chairman Johnson. The reason I am asking, a couple months
ago in a Commerce Committee hearing, we were sensing a
roadblock. I had met with Chairman Pai on 24 gigahertz. I kind
of raised the issue that the roadblock was no longer there,
which is good.
So I am just wondering. Are there other roadblocks that
people maybe are not willing to testify to at the table today?
I would encourage you to let me know so we can write letters or
whatever to get rid of those.
Ms. Rosenworcel. Our airwaves are a finite resource. We are
not making more, and every one of us is using our device more
often. We are using them all the time. We are demanding more
from our airwaves. We are connecting more things.
So the challenge comes in how you manage the incumbents
that are in those airwaves today--they are often Federal actors
that NTIA oversees--and how you incentivize them to relocate
and refine their operation so we can move commercial operations
into the same hands.
Chairman Johnson. So, again, it is a difficult challenge. I
just want to make sure there are not equities or bureaucratic
roadblocks preventing us to overcome those challenges and get
moving on this because it is a top priority.
Ms. Rosenworcel. Well, I think that part of the problem is
our process is flawed.
Right now, the commercial actors go, and they tell us to
start knocking on the doors of Federal actors that have access
to spectrum. And then we go back and forth and back and forth,
and it takes years.
What we should do, instead, is we should build a structural
incentive into their budgets for them to be efficient with the
airwaves they have, so that when they relinquish them, they see
gain and not just loss from reallocation.
Chairman Johnson. OK. So it is a difficult problem.
Does anybody else want to weigh in on this?
Ms. Rinaldo. I am happy to outline some of the work that
NTIA has done over the past years on reallocating additional
spectrum.
Back in August of this year, I sent a letter to all of our
spectrum Federal partners asking them to assess their current
needs and what could possibly be made available. We delivered a
repurposing report that documented all the work that we have
done.
And NTIA has also worked with the Department of Defense on
dynamic spectrum sharing.
Chairman Johnson. No offense. I do not care to hear what
you did. I am trying to go what is preventing you from moving
faster. Again, I am trying to figure out what is preventing us
from moving faster when this is such a top priority.
Mr. Strayer. I just want to point out one thing that is a
major impediment; that is, as you may be aware, the Sprint/T-
Mobile merger will expand the better use of their massive
amount of mid-band spectrum. That has been approved by the
Federal Government, but it has not been approved by the lawsuit
brought by the States' Attorneys General (AG). So that has been
slowing that process down.
Chairman Johnson. So lawyers are----
Mr. Strayer. Yes. I would just say if you look at mid-band
spectrum there, that is going to cover--with mid-band,
specifically by mid-band, they will cover three-quarters of the
U.S. population in 3 years pursuant to enforceable terms of
that merger. So I think it is important to that----
Chairman Johnson. I do not want to dwell on this, but I am
going to encourage after this to meet with me, meet with staff.
If there are roadblocks, I want to know about them so that we
can utilize our oversight capacity to try and knock those
things down because, again, this is a top priority.
Senator Romney was making quite a few comments about how
far behind we are. I thought it was interesting in the brief, a
report by the Cellular Telecommunications Industry Association,
basically, in 2018 said that when looking at spectrum
availability, licensing, and deployment of 5G, industry
analysts concluded that China ranks highest in overall scoring
for 5G readiness with South Korea and the United States and
Japan not far behind.
In their April 2019 report, they said that the United
States has made progress and pulled even with China.
So, again, I do not want to overstate if we are lagging. We
should be ahead, but is that an accurate assessment? I mean,
should we be feeling a little bit better here, or is it as dire
as basically Senator Romney was pointing out?
Mr. Krebs, you are moving there. So do you want to answer
that?
Mr. Krebs. I want to go back to a number of the points that
the panel has made, starting with Commissioner Rosenworcel on--
and that I made about this is a blip. This is just a temporal
anomaly, almost. If we can unlock the Open Radio Access Network
piece, the vender base in the United States, the innovation
base is going to explode. Again, this is going to be a
conversation we are going to think fondly back on.
Chairman Johnson. So you said if we can unlock, so what do
we need to do to unlock that? What is the roadblock on
unlocking that?
Mr. Krebs. I think there are a series of incentives that
need to be put in place to provide--testbeds, for example, some
of the work DOD is doing in experimentation on their bases,
some of the work that I am doing with my agency at Idaho
National Labs. There is a whole bunch of testing and
opportunity development, but that is just a small slice of it.
There are others. Federal Government contracting----
Chairman Johnson. Does that have to be funded by the
government? Is there no private-sector incentive?
Mr. Krebs. Some of it should be funded by the Federal
Government, but again, the private sector is going to surge
into the market if we can make it compelling. I think the
standards piece--achieving true interoperability globally is
going to be critical, not just interoperability in the sense
that a Huawei technical stack works together, but it is that
you can start putting bits and pieces of different vendors
together. That is true in interoperability.
You already think about cloud globally--Microsoft, Amazon,
Google, all these cloud service providers. We dominate the
hyperscale cloud market in the world.
OK. What we are talking about here with virtualized
networks and O-RAN is cloud. That is all it is. It is dumb
metal with software riding on top. We own that space. OK. Let
us make it a compelling economic incentive for us to get in
there from an O-RAN perspective.
Chairman Johnson. OK. So what I am asking, not at this
setting, is break this down so it is understandable if there
are things that Congress can do, that this Committee can do,
either targeted oversight letters to break down barriers or a
piece of legislation that will incentivize the private sector
or provide funding to an agency to do this through government.
I mean, we need to know that.
Ms. Rosenworcel. I got an idea.
Chairman Johnson. OK, good.
Ms. Rosenworcel. By the way, I agree completely with
everything that Chris just said at the end of the table.
I think the FCC set up something called ``innovation
zones'' during the last several months in New York City and
Salt Lake City, where it will be issuing experimental licenses
for 5G. We should see how we can use those zones to start
creating testbeds for more activity with Open Radio Access
Networks and we should comb through our rules to see how we can
incentivize that and make it happen, and certainly, with this
Committee's help, I hope my colleagues would agree.
Chairman Johnson. Again, this is prodding coming from
somebody who is not a real fan of government, OK? Really does
believe in the private sector as being innovators, but again,
we are in a competition with a command and control economy that
is subsidizing and making it very difficult to compete. It is
breaking down the marketplace. So we have to recognize that
reality, but again, we need to understand what we need to do in
a very complex environment.
So, again, there is going to be a lot more work. You are
going to have a homework assignment after this hearing. That is
one of the benefits of coming before this Committee.
Do you have some more questions?
Senator Peters. Thank you, Mr. Chair.
Commissioner Rosenworcel, I just want to say I appreciate
your passion on expanding broadband access everywhere. We have
heard that today and in meetings prior to this as well.
I have certainly seen firsthand in my State of Michigan
that access to broadband is as critical as clean water and
electricity. We have to look at it that way to make sure
everybody in this country, no matter who they are, no matter
where they live, have access to that. Remember that a lot of
rural areas do not have 4G now. So, to be talking about 5G,
they are really very far behind. So I appreciate your comments
on the mid-band as well as the mapping, and we have to continue
to work in that area.
But my question to you is the FCC proposal would also bar
communication companies from using support they receive from
the universal service fund to purchase equipment or services
from companies that pose a security threat.
So my question to you, Why is this proposal only focused on
service providers using Universal Service Fund (USF) funds when
the FCC has jurisdiction over the entire wireless industry?
Ms. Rosenworcel. This is a good question.
It is my understanding that based on the Executive Order,
the Department of Commerce has an obligation to look at this
issue more broadly across the economy, and so the FCC has
focused on its distribution of $4.5 billion a year for rural
America and making sure that those funds do not go toward
insecure equipment.
But I believe that under the Executive Order, the broader
choices in the economy fall to the Department of Commerce, and
they were supposed to have rules, I think, by this month.
Senator Peters. Anybody else care to comment?
Ms. Rinaldo. Yes. On May 15th of this year, the President
issued an Executive Order giving the Secretary of Commerce
emergency authority to make determinations against transactions
into our ecosystem through information communications
technology and services. It gave him immediate authority. He
could act today, if necessary, but we are currently working
through the regulations, which lays out the process.
Senator Peters. So there could be other funds that are
being used besides just USF?
Ms. Rinaldo. So there are no funds. This is just a
procedural determination.
Senator Peters. OK. So right now, just USF funds, though.
If this is a national security threat, why would there not be
other sources?
Ms. Rosenworcel. I am familiar with what the FCC is doing
with the universal service funds----
Senator Peters. Right.
Ms. Rosenworcel [continuing]. And I believe the broader
obligations in the economy would fall to the Department of
Commerce.
Senator Peters. Are there proposals to prevent companies
from using their own funding, non-Federal dollars, from
purchasing Huawei and ZTE so they could be getting Federal
funds, but as a result of that, now they can use their private
funds?
Ms. Rosenworcel. Again, I believe that that would fall to
the Department of Commerce.
Senator Peters. Any thoughts on that area?
Ms. Rinaldo. Yes. Again, we are currently moving through
the drafting of the regulations, laying out the process.
Senator Peters. OK. Just one final thought. We know--and I
think there is some discussion as to whether we are behind or
we are in a blip or wherever we are related to 5G, but we know
we were the leader in 4G. And we were well ahead of everybody
else. Now we are in a situation where we are debating whether
we are behind or we are in a blip.
We want to make sure the United States is a leader in
verging technologies on a regular basis, and we are at the
verge of a massive explosion of emerging technologies that are
coming on the market.
Going forward, is there something we should be thinking
about, what we have learned from how we were leader in 4G, went
to 5G, still trying to figure out how we get back ahead? Are
there some lessons learned for emerging technologies generally
that we should be thinking about right now as we approach this?
Mr. Strayer. Senator, exactly. That is the bigger-picture
issue that a lot of us are wrestling with now. You might know
that we actually have an Executive Order on artificial
intelligence----
Senator Peters. Right.
Mr. Strayer [continuing]. Basically the Artificial
Intelligence Strategy, and that is composed of a couple
elements. One is looking at how we advance R&D in the domestic
markets as well as we buildup a workforce that is going to be
in that area, at the same time protecting our critical
technologies from other countries, such as China, from
acquiring those and using them for their military through their
process of military civil fusion.
So we need strategies on each of these, and we are
developing--we have strategies on 5G and now a strategy on AI,
and I think that is how we have to address all of these. And we
have to do it with our partners around the world that share the
same values that we do because these are inherently discussions
about how we are going to see data used by governments and by
the private sector over a much longer term.
Senator Peters. Well, I appreciate you bringing up AI. If
you look at the investments that the Chinese are marking in 5G,
those are probably dwarfed compared to what they are doing in
AI. I understand that is one of the most transformative
technologies coming forward. Mr. Krebs.
Mr. Krebs. It is not just about our investments and where
we are putting our areas of focus, but it is also about
ensuring a level playing field globally, thinking about how do
we keep technologies that have been derived from theft or other
nefarious means, how do we keep them out of the marketplace.
CrowdStrike, a couple weeks ago, released a report about a
Chinese airliner that was cobbled together from 20-some-odd
stolen technologies from a number of different countries. Is it
fair? Is it equitable for that airframe to be in the global
marketplace? These are the sorts of conversations that I think
we need to tease out further.
Senator Peters. Right. Yes.
Ms. Rinaldo. I would also like to mention our work with the
American Broadband Initiative. NTIA has been co-leading along
with the Department of Agriculture (USDA) a plan on how we cut
red tape on moving forward on the deployment. You mentioned
rural areas. Currently, the Federal Government owns 30 percent
of land in the United States. So how can we site? How can we
build out fiber on Federal lands? As you know, fiber will
underpin 5G. So these are some of the important issues that
will help promote the deployment of 5G as well as help rural
areas.
Senator Peters. Commissioner.
Ms. Rosenworcel. Three things. First, we have an eight-page
Executive Order on artificial intelligence. We need a national
plan and a national strategy. Other countries have them with
clear goals. We do not. We have to fix that.
Next, we need a smarter national spectrum strategy. A
national strategy was due in April of this year. We still do
not have one, and at the FCC, I think we are auctioning the
wrong spectrum right now.
Then, third and finally, if Congress sees fit to ever pass
an infrastructure bill, I think it would be important to
incentivize municipalities to help with the streamlining of
siting of terrestrial facilities required for next-generation
wireless networks.
Senator Peters. Great. Thank you. Thanks to all of you.
Chairman Johnson. Senator Hassan.
Senator Hassan. Well, thank you, and thanks for allowing a
second round of questions.
Thank you all for sticking with the hearing this morning.
It has been a really helpful one.
I do want to note that this Committee passed a bill that
Senator Warner and I had introduced on the Internet of Things
security. It was a bipartisan vote, and it basically just said
that if vendors want to sell IoT devices to the Federal
Government, they have to meet certain cybersecurity standards.
And it would be a very good way for us influencing the private-
sector cybersecurity on those IoT devices.
We passed it out of this Committee. It has not been taken
up for a vote on the Senate floor, and I think it would be a
great thing for us to be able to do to help our commercial
sector move forward in this way.
I wanted to follow up a little bit with you, Mr. Krebs, on
the issue of ransomware. So thank you for your willingness to
work with local, county, and State partners on this. Obviously,
ransomware has been impacting government entities across the
Country at all levels, including in my State of New Hampshire,
where recently a county government was hit. Luckily, they had a
backup plan. They recognized the threat. They shut down their
systems, but they had to run a jail, a nursing home, and
dispatch with pen and paper until they could get it back up.
And everybody needs to, obviously, be prepared for that.
I understand that CISA has briefed State and local entities
and has tried to share information with them about the nature
of these threats, and that is certainly movement in the right
direction. But I think we have to do more.
So beyond briefings and advisories, what is your agency
doing right now to get resources and expertise to those
entities that have either suffered these attacks or at risk of
being targeted by ransomware attacks, and what help do you need
from Congress to succeed in this?
Mr. Krebs. Yes, ma'am. Thank you.
Within CISA, we have a cadre of field professionals,
whether cybersecurity or broader protective security advisors,
that work day in and day out with State and local officials,
sharing information, sharing best practices, reviewing response
plans, reviewing architectures, trying to get them to a
position where they can better defend their networks.
With more of those field professionals, I can have more
reach and more engagement, and we are not talking about a dozen
here or there. I am talking about a pretty significant uptick
in folks out in the field. So that is something that we are
working through right now.
I also think that we have to get to a point where we accept
the fact that we are never going to be able to completely
defend our way out of this. You are never going to patch every
system. From a financial perspective, some folks just will not
be able to keep up. They have, in fact, been left behind.
So what is industry doing to help fill the gap? How are
companies shifting from a stockholder-centric approach to more
of a stakeholder-centric approach and providing reasonable
resources?
Then last thing, I think we need to be thinking much more
about what we can do to disrupt these actors. So it is bigger
than, again, defending, but what is the role of other agencies
within the Federal Government and the role they can play to
stop these attacks before they actually happen and put the bad
guys on the run?
Senator Hassan. Thank you.
And then I wanted to come back to you, Commissioner, just
to talk a little bit more about 5G.
You have heard it--and all of you have heard it from
Members of this Committee and I think probably an awful lot of
Members of Congress. We need to continue to turn to the needs
of our rural communities when it comes to connectivity.
As Governor and now as Senator, I drive all around my
State, and I can tell you where we do not have access to
broadband to cell service. And I am as frustrated by our
mapping deficiencies as anybody else.
We are all aware too, to Senator Peters' point, the
benefits that 5G can bring. We have to get 5G right for
Americans who live in rural communities, not just in our
largest cities. To that end, I have reintroduced the bipartisan
Advancing Innovation and Reinvigorating Widespread Access to
Viable Electromagnetic Spectrum Act (AIRWAVES ACT) with Senator
Gardner, which directs the FCC to auction valuable mid-band
spectrum, to your point, Commissioner, and then to use some of
those auction proceeds to fund rural broadband deployment.
Mid-band spectrum is crucial to developing a 5G
architecture that works in rural areas, and making mid-band
spectrum available will let companies innovate and develop new
technologies that are suitable for rural deployment.
As the world looks for leadership on 5G standards and
technologies, the FCC has an important role to play in ensuring
that America is the preeminent voice on what 5G will look like
and whom it will serve.
So, Commissioner, you have talked about this some, but I
really would just like you to use this time to tell us anything
you have not said about how the FCC plans to use its existing
authority to free up mid-band spectrum for 5G use and how new
technology can be used to drive down the costs of rural
networks.
Ms. Rosenworcel. Alright. Thank you for the question.
Listen, there are a lot of places in this country that have
no G's----
Senator Hassan. Right.
Ms. Rosenworcel [continuing]. And getting to 5G is going to
be a long way, and the reason they frequently do not have that
infrastructure is that it is costly to deploy, and there are
not a lot of people to spread the costs around.
Senator Hassan. Right.
Ms. Rosenworcel. So the best way you can lower the cost is
use the spectrum that propagates further.
Right now, the FCC has focused all of its early energies on
high-band airwaves, the 24 gigahertz band, the 28 gigahertz
band, the 37 gigahertz band, the 39 gigahertz band, the 47
gigahertz band, that propagate roughly 300 feet. There is no
math that is ever going to make that effective in rural New
Hampshire.
It could be interesting in discrete areas, but it will not
be ubiquitous service, and it will not help the economy thrive,
which is what you need.
So what we have to do now is reprioritize and start
auctioning off mid-band spectrum. It is where the rest of the
world is building 5G. We need to do it too. It is the spectrum
that will get to everyone, everywhere, fastest, and most
economically.
Senator Hassan. Thank you very much, and thank you, Mr.
Chair and Ranking Member Peters.
Chairman Johnson. Senator Portman.
Senator Portman. Thanks. Thanks for allowing a second
round.
So much here. One thing I am told that has not come up yet
is looking at EINSTEIN and how it is working. Director Krebs, I
am going to pose this question to you. EINSTEIN is an effort to
ensure that our Federal agencies are protected from
cyberattacks. We have EINSTEIN 1. We have EINSTEIN 2. We have
EINSTEIN 3.A, I guess, or 3A. My understanding is that this
current program, while effective in terms of the monitoring of
the Federal networks, does not scan the cloud or traffic that
comes in from mobile source. Is that correct?
Mr. Krebs. So EINSTEIN 3A, in particular, Domain Name
System (DNS) sink-holing and email filtering is architected to
traditional on-premise environment with an exchange server and
things of that nature.
As we shift to the cloud and more agencies are shifting to
the cloud, we are going to have to take a different approach.
We are having a number of conversations, both with the
major cloud providers and email providers that work with the
Federal Government on how we can get the transparency outcomes,
the certain tags that we are looking for in email, in
particular. The progress we are making is noteworthy.
But we are accelerating quickly into the cloud, and we are
going to have to take a different approach.
There is a recent policy, TIC 3.0 policy, and we are going
to be sending out an additional security architecture baseline
behind that in the next month or so, I think.
But, again, we are working through what some of the
alternative architectures look like for cloud. I am very much
interested and vested in this space, less about putting a
physical device on a network and more about what do a few lines
of code look like in the Azure marketplace, in the Amazon Web
Services (AWS) marketplace, to get, again, the information that
we need to ensure that government clouds are protected.
And I would add that these are the sorts of capabilities,
as we build them out and refine them for the Federal
Government, we should also be thinking about how they scale to
State and local governments, with the appropriate privacy
protections in place.
We have similar capabilities under the Albert program for
NetFlow and intrusion detection systems. How are these things
also able to assist State and local capabilities as they also
move to the cloud?
Senator Portman. You just raised a whole other issue, which
is State and local government, which is a huge problem as well.
But we are glad you are there. You have experience working in
the private sector on companies that are very active in the
cloud, and we want to be helpful. So let us know.
As the Chairman said earlier, if there are any impediments
to that--because you are right. This is where so much of what
we should be concerned about in terms of cyberattacks is
moving, and yet EINSTEIN, for all of its good work 10 years
ago, is not keeping up with the technological changes. So let
us know if we can help you to accelerate that.
On the State and local side, since you mentioned that,
there is legislation that has been reported out of this
Committee. We are patting ourselves on the back a lot on this
Committee today because we have actually reported out some good
stuff.
Senator Peters, you were the coauthor of this legislation,
and it basically says what you just said, which is we need to
help State and local more. It is called the State and Local
Cybersecurity Act. It would authorize you guys to work with
some of these groups, including with the Multi-State
Information Sharing and Analysis Center, and I know you are
already doing this. This gives you the clear authorization to
do it, to be able to help our State and local partners.
I guess one question I would have for you is, what
opportunities exist to partner with some of these nonprofits to
protect against the Chinese threats in the 5G space?
Mr. Krebs. So that is a conversation we are having. Again,
I mentioned the Denver event, the Rural Engagement Initiative,
where we met with a number of rural providers and some of their
trade associations on how we pull together kind of a best
practice guide and playbook for how these rural organizations
might be able to shift into a non-Huawei, non-ZTE environment.
What we have to do is distill down some of the investments
that the larger carriers have made, the successes, the best
practices they have developed, and then we have to push those
down as far as possible, because you are just simply not going
to find the ability to invest the way some of the larger
carriers--so how do we, again, harness that investment, how do
I distill down my own insights as a cybersecurity agency and
then put into easy-to-apply playbooks and frameworks for these
agencies or these carriers to do the things they need to do.
Senator Portman. Well, again, we want to be helpful in
that, and we think it is timely.
One final question to Ms. Rinaldo because you have not
gotten any questions in a while. [Laughter.]
We were talking earlier about your work on the expansion of
broadband into rural areas, and you mentioned working with the
U.S. Department of Agriculture.
In the Farm Bill last time, we also had legislation that
came out of this Committee, at some point, maybe focused more
on the rural communities, and the focus is to give them the
ability through a new commission and so on to do more in terms
of broadband.
We also have legislation to help the co-ops do more, called
the Rural Act, because right now under our new tax law, there
is some confusion as to whether co-ops might lose their tax-
exempt status if they get involved in broadband.
Can you tell us a little more about what you are doing,
one, with Department of Agriculture, and has the Farm Bill
legislation helped, to your knowledge? And, second, with regard
to co-ops, are you working with rural co-ops at all in
expansion of broadband?
Ms. Rinaldo. Sure. So our current work with the American
Broadband Initiative involves helping coalesce more than 20
different departments and agencies on what we can do as a
government to help break down barriers, and as I mentioned, 30
percent of lands are federally held. So, as to their siting,
can we build fiber? We are also looking at how money is spent.
We recently created a tool on our website where you can go
for a one-stop shop to see where Federal grants--I have not
worked particularly with co-ops, but I am happy to take that
back. And I will get you an answer, and I will be happy to sit
down with your staff and go over more of the work that we are
doing in that area.
Senator Portman. Well, if you could, that would be great.
Ms. Rinaldo. Absolutely.
Senator Portman. They are a natural partner in this, and
they have the interest and ability, just as they have had with
electricity. Now it is broadband. So we would appreciate that.
Thank you very much, Mr. Chairman.
Ms. Rinaldo. Thank you.
Chairman Johnson. Senator Portman, I was at an event
earlier this morning on 5G, and there was a former mayor that
was involved in one of these 5G test site cities. He was
talking about the resistance from the population of putting up
the antennas.
Also mentioned, apparently, there are Russian bots that are
out there putting out false information in terms of the health
dangers of 5G.
I just want to ask you. First of all, is that true? Second,
do we have in any of your agencies, the research to refute
that, and are you publicizing that?
Mr. Krebs. So I am generally aware of open-source reporting
that Russian disinformation campaigns are promulgating the
concept that 5G is a dangerous technology.
My agency is focused on raising public awareness of
disinformation campaigns and misinformation campaigns, how they
work, and the things that individually you can do as a consumer
of media, social media, traditional media, or otherwise of
spotting these sorts of campaigns and not contributing and
doing their work for them.
This is going to be the battlefield really of the future.
It is easy to invest. It is low level of investment, broad
coverage, and it is really hard to stop.
So while the intelligence community and the Department of
Defense are on the operational disruption side, we have to do a
lot more, I think, in terms of engaging the public on helping
them understand how these things are happening and kind of how
the Russians and others, increasingly Iranians, Chinese, are
trying to hack our brain to get----
Chairman Johnson. It is really kind of a twofold counter.
First of all, I just point out the fact that Russia is engaged
in this type of disinformation, but then we need to provide the
accurate information. We need to have the research to put the
public's mind at ease on this. Do we have that research? Are we
pushing that out, either through the Department of Commerce or
through the FCC?
Ms. Rinaldo. I am not familiar with a particular white
paper on this.
I know through our broadband work that we are in the
communities doing seminars, webinars, with local communities to
counteract any information that might be out there. So I am
happy to dig a little deeper and see if there is a report
available.
Chairman Johnson. Commissioner, do you know of any effort?
Ms. Rosenworcel. Well, I too have seen news reports like
the ones you suggest, and the FCC does have an open proceeding
on some of these issues.
But I would also say this. In the bigger picture, if we
want to get the facilities deployed on the ground everywhere in
this country, we are all going to have to figure out how to
work with States and localities to do so.
We have a 10th Amendment in this country. We treasure our
local control, and we are going to have to figure out how we
are all rowing in the same direction. And that is going to take
some work.
Chairman Johnson. Well, that particular State passed a
preemption law so that all the communities can do it.
Ms. Rosenworcel. OK.
Chairman Johnson. Again, we also have to provide accurate
information. We need to understand that this disinformation is
out there, and we need to have a program for that.
Commissioner, you talked about the FCC's seal of approval
or whatever. Again, with the Internet of Things, you are going
to have an explosion of devices. Do you have the capacity and
capability of providing that type of approval for all these
devices? Is there something in place, or can you envision
something in place to do that?
Ms. Rosenworcel. That is a good question. It is so radical,
the increase we are going to see in connected devices. By the
end of the decade, we could have 20 billion things that are
connected worldwide.
For the FCC, this is a challenge because we are going to
have so much more that is connected, but one thing I would
point out is that we do have a process in place where the
agency itself is not the only one certifying that these devices
are safe and effective. We often do that through third-party
certification bodies.
So what we are going to have to do, though, is identify new
ways to streamline this work, but I think we should also look
at that process and see how we can build security into it from
the get-go, so our authorization is not strictly about
interference but also is about security.
Chairman Johnson. So my suggestion would be the government
help write standards through NIST or whatever and then using
underwriter laboratories or those types of private sector----
Ms. Rosenworcel. Yes. And that is historically how we have
done a lot of these authorizations. If there is a totally new
use of spectrum, the FCC will take a look at it, if there are
new devices with new capabilities.
But once devices become routine, it typically shifts to a
certification model done through third parties, and I think
that that process could serve us, though it will be bigger in
this environment.
Chairman Johnson. Director Krebs, you talked earlier about
the airplane cobbled together with all of the stolen
technology. One of the questions I have is just patents. Are we
going to challenge or is there an effort to challenge some of
these? You say that China holds, what, 34-some percentage, a
pretty high percentage of the patents around 5G. Are those
valid patents? To what extent are those patents based on
previously stolen intellectual technology, and is that one of
the ways we can potentially combat them in terms of just not
recognizing some of those patents?
Mr. Krebs. Extending out of my lane here for CISA, but I
think this is a reasonable path to do patents that are issued
in China, do they matter on a global scale.
Chairman Johnson. Anybody else want to weigh in? Mr.
Strayer.
Mr. Strayer. Yes, Senator. All patents are going to have
the same impact over the long term of the ecosystem, and I
think it is a little overstated about the success of China in
this area. We have a report out today that says that Intel,
Qualcomm are leading with the patents that will be the most
valuable for the 5G ecosystem.
China has definitely played in a lot more teams that are
fielding. So there will be a consortium of companies that come
together, and Huawei and others will put their people on that
team just so they can take credit for that and tick that up in
their count.
So I just would recommend a little caution in some of the
public debate about how you arbitrate where success lies in
this.
Our companies seem to be doing just fine overall, but as I
said before, we need to be vigilant about how we participate
and how we exercise control over the multilateral institutions
that set up other frameworks that set the rules for
participation and the later specifications that are developed
under those.
Chairman Johnson. I am all about recognizing reality as it
actually exists.
One of the things, we were talking about the buildout, the
150,000 in antennas already deployed in China. In the end, that
is really not that big a deal. These are pretty small little
antennas. They do not cost that much.
We are trying to build out these individual cities, really
get the technology down right, know how to do it. The Chinese
just may have wasted a lot of money putting up 150,000 antennas
that are not going to really be all that useful. Is that a
relatively accurate statement?
That in itself does not scare me. It is a scary number, but
in actuality----
Ms. Rosenworcel. Sure. I think it is a useful data point.
It tells us that they are ahead.
Chairman Johnson. Oh, yes. They are aggressive.
Ms. Rosenworcel. It tells us that South Korea is ahead too
when it comes to deployment, and one thing about technology is
that deploying early and at scale gives you leadership
opportunities. So I think we need to be mindful of it.
Mr. Strayer. Senator, if I could just weigh in on the point
about us, we are leading on 5G. Using the standard of how many
towers deploy in the field is not accurate.
Just 2 months ago, China put in licenses for its operators
to do 5G. So there is no way they could already be deploying
5G. They built towers for it, but they just gave out the
licenses to the companies.
We have it in more than three dozen cities in the United
States. We are leading in 5G. South Korea is right there with
us.
I am not saying we should not pay attention to competitors
in the space, but a lot of this falls from the Chinese
Communist Party and Huawei working so closely together to push
out millions of dollars of propaganda through all kinds of
means around the world, and I just want to let out----
Chairman Johnson. China also leads in terms of producing
these massive ghost cities.
Mr. Strayer. Yes. And they----
Chairman Johnson. Again, their system misallocates capital,
but, again, they can also be very strategic. And they can
subsidize and really hurt a free-market competitive system as
well. Ms. Rinaldo.
Ms. Rinaldo. I would just echo that it is population
density. When it comes to patents, it is quality over quantity.
It is my understanding that we are going to have more than 100
cities built out by the end of the year. So we are firing on
all the points that we need to be.
Chairman Johnson. OK. Magically, my time never even
started, so I still got 7 minutes.
Let me close this out, though, by kind of getting back to
where I started, the problem-solving process, gathering
information, defining the problem, the opportunity of the
problem, but then establishing achievable goals.
So, again, what I wanted to come out of this hearing, the
goals, what can this Committee do? What can Congress do in
terms of priorities that we need to set, the goals we have to
establish as you are continuing down your paths? What can we do
to help you? Can we kind of get some answers on that?
Let us start with spectrum. I will go back to the homework
assignment. If there is any roadblocks that we can help knock
down, either legislatively or just with oversight letters or
shine a big old bright light on it, ``OK, guys. Let us get this
resolved, and let us move forward.'' That is kind of what I
want out of the close-out statement.
So why do not I start with Director Krebs. What are those
top three things, let us say? If you really got five, go ahead,
but what are the top three things you would like this
Committee, you would like Congress to do in terms of achieving
your priorities and your goals?
Mr. Krebs. At the top of the list right now is make it
easier for companies to share information on risky vendors that
they come across and make it similarly easy for me to share
that information. I do not want to ever have to go through
another Kaspersky Labs antivirus product situation. We need to
be able to rapidly get information out.
Second is make it easier for me to be able to convene
groups to develop frameworks, to share more broadly.
Chairman Johnson. Why do you have a difficult time now?
Just because of antitrust?
Mr. Krebs. There are some antitrust issues involved here. I
am restricted to some of the Sector Coordinating Councils (SCC)
at this point in terms of those trusted convening mechanisms.
So I think we can take a harder look at the way we pull groups
together.
And third and finally, we are working on an administrative
subpoena proposal right now with your Committee. That is a big
priority for me. Once we identify vulnerable systems out there,
whether it is industrial control systems or telecommunication
systems, we need to be able to get to the people that are
managing those systems so that we can close down those
vulnerabilities before a bad guy gets to them.
Chairman Johnson. I am quite sure that piece of legislation
is on our markup next week.
Mr. Krebs. Good to hear.
Chairman Johnson. Hopeful to get that passed with strong
bipartisan support----
Mr. Krebs. Excellent.
Chairman Johnson [continuing]. And then figure out some way
to wind it through the congressional process to get that signed
into law.
Mr. Krebs. Thanks for your support.
Chairman Johnson. Ms. Rinaldo.
Ms. Rinaldo. I would say, first, as you talk to business
leaders around the country, encourage them to participate in
standards-setting bodies.
Second, as you talk to your constituents, tell them about--
alleviate any concerns they might have--about 5G. Talk to them
about the benefits of it.
Third, keep doing things like this. Keep having hearings.
The underlying element of my three points is education. I
believe education is the unsung hero in this debate.
Chairman Johnson. OK. Mr. Strayer.
Mr. Strayer. Thank you for that question.
One thing that we have been working on at the State
Department is creating the architecture internally so that we
can be full competitors with China and Russia and others in
emerging technologies. So we propose that there be a
cybersecurity and emerging technologies bureau. That proposal
has been sitting up here in Congress for the last 5 months
under review in the Senate Foreign Relations Committee. If you
could help facilitate----
Chairman Johnson. Which I do not chair.
Mr. Strayer. Yes. But you might know some of the other
Senators there.
Chairman Johnson. OK.
Mr. Strayer. We would want to engage in a real dialogue
about how we can set up an emerging technologies bureau that
will make us able to fully work with our partners, our key
like-minded partners on emerging technology issues and
developing the strategies of the future because we are not
going to have all the solutions in the United States. So we
really need to be equipped at the State Department to be able
to engage in future discussions with our key partners, and part
of that is resources in that, and part of that is the
imprimatur that we are a major part of the Department's effort
in the future of digital technologies.
The other thing I just want to mention was we really
appreciate the financing we get through foreign assistance
money that can help us work with other governments on their
deployment of trusted technologies in both 5G and future
connected technologies.
And, last, I would just say the way that I think you all
have a united view about the threat and the risk from these
types of vendors and if you are enabled or in a position to
share that in CODELs and other places with interlocutors and
other governments and with legislators around the world, that
it would be very helpful to us as we do our own messaging
efforts in that regard.
Chairman Johnson. Just a quick comment. A year ago, as we
are visiting all of these delegations, nobody really understood
Huawei. At least now they have the knowledge of it, and it
sounds like they are starting to take action on it as well.
Maybe not fully as much as we want, but we have come quite a
long ways from complete ignorance of the issue and the problem
to not only not acknowledgment of it and taking steps to
alleviate it.
Mr. Strayer. Completely agree. Thank you.
Chairman Johnson. Commissioner.
Ms. Rosenworcel. Thank you.
First, we need a national spectrum strategy, not just for
this year or next, for the long haul, and it is going to have
to have incentives for Federal actors to relinquish airwaves
for commercial purposes over time. The absence of those
incentives slows us down.
Second, we need broadband mapping, and Senator Peters knows
this. We cannot manage a problem if we do not measure it, and
we are not measuring broadband in rural America right now. I
think it is going to have chilling effects for both national
and economic security.
Third, anything we can do to help with network
virtualization and the Open RAN is something we should invest
in. It is a way to help us manage the supply chain challenges
going forward.
Then, fourth, and this is just adjacent, but I think it is
important--we do not have a national artificial intelligence
strategy. Other nations do. We need one.
Chairman Johnson. And what about quantum computing?
Again, this hearing is so within this Committee's mission
statement. Our top priority is border security but then
cybersecurity, protecting critical infrastructure, countering
violent extremism, which is more and more often done online.
This is something we will continue to be fully engaged with. We
want to be engaged.
So, again, I am just asking all of you to work very
cooperatively with not only Members, but our staffs, and we
will keep pushing the ball forward. Any time you need any help
from this Committee or Congress, please do not hesitate to ask,
and we will do whatever we can do.
I got to get the magic words here. Thank you again for your
time, your testimony. I thought this was an excellent hearing,
and again, it is just a start.
The hearing record will remain open for 15 days until
November 15th at 5 p.m. for the submission of statements and
questions for the record.
This hearing is adjourned.
[Whereupon, at 11:32 a.m., the Committee was adjourned.]
A P P E N D I X
----------
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]