[Senate Hearing 116-185]
[From the U.S. Government Publishing Office]



                                                        S. Hrg. 116-185
 
                     SUPPLY CHAIN SECURITY, GLOBAL
                        COMPETITIVENESS, AND 5G

=======================================================================

                                HEARING

                               before the

                              COMMITTEE ON
                              
               HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
               
                          UNITED STATES SENATE

                     ONE HUNDRED SIXTEENTH CONGRESS


                             FIRST SESSION

                               __________

                            OCTOBER 31, 2019

                               __________

        Available via the World Wide Web: http://www.govinfo.gov

                       Printed for the use of the
        Committee on Homeland Security and Governmental Affairs

        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
        
        
        
        
        
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]        




                              ______
                          

             U.S. GOVERNMENT PUBLISHING OFFICE 
 40-385 PDF           WASHINGTON : 2020


        
        

                    RON JOHNSON, Wisconsin, Chairman
ROB PORTMAN, Ohio                    GARY C. PETERS, Michigan
RAND PAUL, Kentucky                  THOMAS R. CARPER, Delaware
JAMES LANKFORD, Oklahoma             MAGGIE HASSAN, New Hampshire
MITT ROMNEY, Utah                    KAMALA D. HARRIS, California
RICK SCOTT, Florida                  KYRSTEN SINEMA, Arizona
MICHAEL B. ENZI, Wyoming             JACKY ROSEN, Nevada
JOSH HAWLEY, Missouri

                Gabrielle D'Adamo Singer, Staff Director
            Michelle D. Woods, Director of Homeland Security
                   Michael J.R. Flynn, Senior Counsel
               David M. Weinberg, Minority Staff Director
         Alexa E. Noruk, Minority Director of Homeland Security
                  Jeffrey D. Rothblum, Minority Fellow
                     Laura W. Kilbride, Chief Clerk
                     Thomas J. Spino, Hearing Clerk
                     

                            C O N T E N T S

                                 ------                                
Opening statements:
                                                                   Page
    Senator Johnson..............................................     1
    Senator Peters...............................................     3
    Senator Hassan...............................................    15
    Senator Romney...............................................    18
    Senator Lankford.............................................    20
    Senator Carper...............................................    23
    Senator Portman..............................................    26
Prepared statements:
    Senator Johnson..............................................    47
    Senator Peters...............................................    49

                               WITNESSES
                       Thursday, October 31, 2019

Hon. Christopher C. Krebs, Director, Cybersecurity and 
  Infrastructure Security Agency, U.S. Department of Homeland 
  Security.......................................................     4
Diane Rinaldo, Acting Assistant Secretary, National 
  Telecommunications and Information Administration, U.S. 
  Department of Commerce.........................................     7
Robert L. Strayer, Deputy Assistant Secretary for Cyber and 
  International Communications and Information Policy, U.S. 
  Department of State............................................     8
Hon. Jessica Rosenworcel, Commissioner, Federal Communications 
  Commission.....................................................    10

                     Alphabetical List of Witnesses

Krebs, Hon. Christopher C.:
    Testimony....................................................     4
    Prepared statement...........................................    51
Rinaldo, Diane:
    Testimony....................................................     7
    Prepared statement...........................................    60
Rosenworcel, Hon. Jessica:
    Testimony....................................................    10
    Prepared statement...........................................    71
Strayer, Robert L.:
    Testimony....................................................     8
    Prepared statement...........................................    66

                                APPENDIX

Statements submitted for the Record from:
    C Band Alliance..............................................    74
Responses to post-hearing questions for the Record:
    Mr. Krebs....................................................    83
    Mr. Strayer..................................................    87
    Ms. Rosenworcel..............................................    88


         SUPPLY CHAIN SECURITY, GLOBAL COMPETITIVENESS, AND 5G

                              ----------                              


                       THURSDAY, OCTOBER 31, 2019

                                     U.S. Senate,  
                           Committee on Homeland Security  
                                  and Governmental Affairs,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 9:32 a.m., in 
room SD-342, Dirksen Senate Office Building, Hon. Ron Johnson, 
Chairman of the Committee, presiding.
    Present: Senators Johnson, Portman, Lankford, Romney, 
Scott, Hawley, Peters, Carper, Hassan, Sinema, and Rosen.

             OPENING STATEMENT OF CHAIRMAN JOHNSON

    Chairman Johnson. Good morning. This hearing is called to 
order.
    I want to welcome all the witnesses. Thank you for your 
thoughtful written testimony, and we are looking forward to 
hearing your oral testimony and answers to our questions.
    I would ask that my written statement be entered into the 
record.\1\
---------------------------------------------------------------------------
    \1\ The prepared statement of Senator Johnson appears in the 
Appendix on page 47.
---------------------------------------------------------------------------
    I just want to make a couple comments about kind of what I 
want to see the goal of this hearing to be, which is very 
similar to pretty much the goal of every hearing as a basic 
problem-solving process.
    I will start out. I have not done this in a while, but this 
Committee, under my chairmanship, developed a mission statement 
``to enhance the economic and national security of America and 
promote more efficient, effective, and accountable 
government.''
    The reason I am pointing it out today is I cannot really 
think of a hearing where that mission statement is more 
applicable to. When we start talking about 5G, we are talking 
about the economic opportunity, but we are talking about the 
national security risks. In order to take advantage of that 
opportunity, in order to avoid those national security risks, 
we need more efficient and effective government to step up to 
the plate to compete against what, unfortunately, is becoming 
not just a friendly economic rival but an adversary and 
somewhat of, in many cases, a maligned actor on the world 
stage, China.
    So, in terms of the definition of this problem--and, again, 
I am really hoping to be able to lay out a simplified 
definition, lay out some priorities of things we need to 
address, so that it can focus everybody's attention on this.
    So let me take a stab at the problem definition. This is an 
unusual one because it really starts as an opportunity. It is 
an opportunity of moving from 4G to 5G, which globally that 
will be trillions of dollars' worth of economic activity. So it 
is an enormous opportunity, and, of course, there is going to 
be a great deal of competition to take advantage of that 
opportunity.
    The problem really rests if we do not take advantage of it, 
if we are not a leader, other people set the standards, and 
again, those other people, primarily the threat would be in 
China, not setting the standards that really contribute to a 
free and open society.
    We have the economic aspects of this. We have to set the 
standards. The threat that China poses in terms of just 
intellectual property theft--one of the reasons they can 
compete with us on 5G is because they have stolen hundreds of 
billions of dollars' worth of our intellectual property. Now 
they are threatening to leapfrog us from that standpoint.
    So, again, the actions, based on that basic problem 
definition, that opportunity that also is a problem, we have to 
address the spectrum allocation in at least two different types 
of bands. We have a great witness from the Federal 
Communications Commission (FCC) that can really talk to us 
about that.
    We need to be involved and hopefully be a leader in setting 
the standards. We need to look at a trusted supply chain, and 
then where there is not proper market activity--and I hate to 
say this, but we are competing against a nonmarket economy, a 
command economy, a very strategic competitor. We may have to 
take a look at market breakdowns here and do something from the 
standpoint of government to make sure that we support the type 
of supplier base that we are going to need.
    So, again, that is kind of my relatively simple, off-the-
top-of-my-head definition of what this problem is and some of 
the top priorities.
    Again, I read all the testimony and really appreciate it. I 
just encourage everybody to try and simplify this as much as 
possible so that we leave this hearing with a pretty good 
understanding of what we are facing and the first steps that we 
have to take.
    One final comment--and, Diane, I think you were in that 
secure briefing which was called probably about a month ago, 
and I know my input in that was ``OK. Now who is in charge of 
this effort?'' I am heartened by the fact that in testimony, we 
definitely have an answer. It is literally the National 
Economic Council (NEC), residing in the White House. I spoke 
with Larry Kudlow last night. He has been actively engaged, and 
I was really glad to hear that, together with the Chairman of 
the FCC and with active involvement with President Trump as 
well.
    So this is a high priority. It is taken that way. I think 
we have the--who is in charge of this effort, and certainly, 
what we have heard in that secure briefing is we have the 
interagencies working very cooperatively.
    We have that final piece that I was wondering. It is great 
that everybody is working cooperatively together, all the 
component experts, but now, at least for my satisfaction, I 
have identified this is the agency. This is the individual that 
really is in charge of this and also could be held accountable 
for what these goals, what these actions need to be that we 
need to take.
    So, again, I am already heartened by just going through the 
briefing, what I have heard, what I have read, coming to this 
hearing, and I am really looking forward to the hearing itself 
and hopefully gain a little bit more confidence that we are not 
behind, as I thought we were. We are actually getting up in 
pretty good position and, I think, poised to hopefully leap 
ahead and actually win this competition.
    So, with that, Senator Peters.

             OPENING STATEMENT OF SENATOR PETERS\1\

    Senator Peters. Thank you, Mr. Chairman, and thank you to 
all of our witnesses for being here today.
---------------------------------------------------------------------------
    \1\ The prepared statement of Senator Peters appear in the Appendix 
on page 49.
---------------------------------------------------------------------------
    Our modern economy is truly global. Internet access is no 
longer a luxury. It is necessary and a vital tool that connects 
people with educational opportunities. It creates jobs, drives 
economic development.
    The introduction of 4G technology brought us live 
streaming, ridesharing, on-demand delivery, and other 
innovations, and now 5G era is before us.
    This faster, strong, wireless connection will once again 
transform our digital world, enabling new technologies like 
precision agriculture, self-driving cars, and augmented 
reality.
    5G networks and the new technologies they spur will create 
countless new jobs in Michigan and generate billions of dollars 
in economic growth all across our country. 5G has the potential 
to unleash new productivity and help cement the United States 
as a global leader in innovation, but developing the 
infrastructure needed to support 5G networks across the country 
does not come without risks.
    Today China, arguably our Nation's greatest global 
competitor, is poised to lead the world in advancing this very 
important technology. China's edge in the development of 5G 
equipment and standards poses a threat to both American 
economic dominance as well as our national security. The United 
States is increasingly reliant on high-speed telecommunications 
services to support not only our broader economy, but also our 
defense industry.
    In the face to expand 5G access, we face serious supply 
chain security risks by purchasing and deploying Chinese-made 
equipment from companies like Huawei and Zhongxing 
Telecommunication Equipment (ZTE), companies that our 
intelligence community (IC) has said are beholden to the 
Chinese government.
    The devices these companies provide potentially offer cost-
effective solutions to help close the digital divide, but they 
also pose a serious national security risk and could open a 
back door into critical American security networks.
    Given these serious national security risks, we must 
navigate a very delicate balance of ensuring that emerging 5G 
networks are both secure and widely available in both rural and 
urban areas.
    China's advantage in 5G may be a reality for now, but it is 
something we have the power to change. The U.S. Government, 
including this Committee, has an opportunity to play a key role 
in America's resurgence as a leader in the development of 5G 
networks. A challenge of this magnitude requires a strong, 
unified, and collaborative approach, capitalizing on the full 
power of American ingenuity.
    But, to date, our efforts have been piecemeal and 
disorganized. We have not had dedicated leadership or the 
coordinated national strategy needed to accomplish this very 
critical mission.
    I am encouraged by the bipartisan agreement this Committee 
has made to support this goal. Universal 5G connectivity would 
encourage renewed prosperity in both urban and rural 
communities, unlock tremendous economic growth, and reestablish 
America as the leader in global innovation.
    I hope this hearing will serve as a driving force to help 
us usher in this new age and build momentum toward recapturing 
our place as the world's leader in communication technologies.
    I look forward to the testimony of our witnesses. Thank you 
for being here today.
    Chairman Johnson. Thank you, Senator Peters.
    It is the tradition of this Committee to swear in 
witnesses, so if you will all stand and raise your right hand.
    Do you swear the testimony you will give before this 
Committee will be the truth, the whole truth, and nothing but 
the truth, so help you, God?
    Mr. Krebs. I do.
    Ms. Rinaldo. I do.
    Mr. Strayer. I do.
    Ms. Rosenworcel. I do.
    Chairman Johnson. Please be seated.
    Our first witness is Chris Krebs. Mr. Krebs currently 
serves as the Director of the Cybersecurity and Infrastructure 
Security Agency (CISA). Previously, Mr. Krebs worked within the 
Department of Homeland Security (DHS) as a senior advisor to 
the Assistant Secretary for the Infrastructure Protection, 
where he helped establish a number of national and 
international risk management programs. Prior to joining the 
Department of Homeland Security, Mr. Krebs was the Director of 
Cybersecurity Policy for Microsoft, leading their work on 
cybersecurity and technology issues. Mr. Krebs.

 TESTIMONY OF THE HONORABLE CHRISTOPHER C. KREBS,\1\ DIRECTOR, 
    CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY, U.S. 
                DEPARTMENT OF HOMELAND SECURITY

    Mr. Krebs. Good morning, Chairman Johnson, Ranking Member 
Peters, and Members of the Committee. Thank you for holding 
today's hearing and providing me an opportunity to be the first 
government witness to congratulate the world champion 
Washington Nationals and on behalf----
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Krebs appear in the Appendix on 
page 51.
---------------------------------------------------------------------------
    [Applause.]
    Gotcha. Thank you.
    I also ask the Lerner family to lock up Stephen Strasburg 
in a lifetime contract.
    I also appreciate the opportunity to testify regarding the 
Cyber and Infrastructure Security Agency's ongoing efforts to 
secure the supply chain of information and communications 
technology, including 5G, the next generation of mobile 
communications networks.
    This is a timely hearing. No, not because it is Halloween, 
and this is often touted as a scary topic with boogeymen hiding 
behind every line of code or microchip, but because today is 
the last day of National Cybersecurity Awareness Month and 
because tomorrow marks the first day of Critical Infrastructure 
Security and Resilience Month.
    While my written testimony details CISA's broader approach 
to information and communications technology, supply chain, and 
risk management, I would like to focus my opening remarks on 
the administration's efforts to secure 5G networks.
    As agencies, we have been hard at work on supply chain and 
5G security for years now, taking advantage of the respective 
authorities, roles, and responsibilities of the various 
Executive Branch departments and agencies, a few represented 
here today.
    Over the last year, our administration-wide strategy has 
really come together, all under the guidance of the National 
Economic Council and the National Security Council (NSC).
    While there is no department of 5G, no department of supply 
chain security, and nor should there be, I can say with 
confidence that the U.S. Government is collaborating 
effectively across the interagency and with our industry 
partners.
    We have tight coordination mechanisms to drive the security 
and resilient results we all desire. Our goal is pretty 
straightforward. We seek to foster a competitive global 
ecosystem for trusted 5G vendors and promote a risk-based 
approach to 5G.
    In part, this will unlock American innovation and provide 
untold opportunities in the development of tomorrow's 
technologies. More importantly, it will deliver secure and 
resilient telecommunications systems and provide a sound base 
for 5G-enabled technologies.
    Our approach has four primary work streams, and I will 
briefly touch on the work streams and allow my colleagues to 
expand, as appropriate.
    First, we are addressing the policy and regulatory 
considerations, domestically and abroad, stressing open 
interoperable systems with respect to the rule of law and 
taking into account risks posed by the undue influence of 
foreign governments on suppliers.
    Second, we are examining the underpinning technology 
requirements, including the changes that are anticipated with 
software-defined networking, virtualization, and the resulting 
impacts on enabled services and features, like autonomous 
vehicles, telemedicine, smart cities, and so on.
    Next, our work in the economic space focuses on the 
incentives needed to support growth of new technologies, with 
an emphasis on a flourishing vendor base here in the United 
States, while also encouraging global financial practices, 
subsidies, investments, financing that are open, fair 
commercially reasonable, and transparent.
    Finally, we seek to promote secure and resilient systems, 
developing a better understanding of where risk lies in our 
networks and managing that risk accordingly.
    CISA is focused here, seeking to support a risk-based 
approach. Our approach is consistent with our broader supply 
chain risk management philosophy, encompassing technical, 
legal, and relationship aspects of a product, company, and the 
regime from where the product originates.
    Specifically, CISA intends to address 5G security concerns 
through three primary avenues, all of which are core agency 
competencies: technical evaluation and analysis, stakeholder 
engagement, and cybersecurity best practices. We recognize that 
although 5G is a new and transformative technology, the 
essential elements to future security remain rooted in the way 
CISA secures all its equities.
    I would also like to reinforce that this is not solely a 
U.S. Government undertaking. Our partners in industry are 
critical in driving real advances in security and privacy by 
design and deployment, accompanied by the transparency 
necessary to inform appropriate risk management decisions by 
industry and consumers alike.
    Efforts like the Council to Secure the Digital Economy's 
Consensus Baseline Internet of Things (IoT) Security 
Capabilities as well as the Charter of Trust are both examples 
of industry-driven consensus efforts to help achieve that 
global competitive ecosystem for trusted vendors and 
componentry.
    As the director of CISA, with a mission that analyzes risk 
holistically across 16 critical infrastructures and 55 national 
critical functions, my commitment to you all is to continue 
leading, coordinating, and catalyzing these activities for our 
mutual benefit. More work needs to be done. That is clear, but 
I believe we have the structures, people, and imperatives to 
get the job done.
    That is the goal. It is now up to a wide group of 
stakeholders, both public and private, to ensure its 
realization.
    Once again, thank you for the opportunity to appear today, 
and I look forward to your questions.
    Chairman Johnson. Thank you, Mr. Krebs.
    Even though the Nationals did knock the Brewers out of the 
playoffs, that was a really fun game to watch, and I 
congratulate them as well.
    Our next witness is Diane Rinaldo. Ms. Rinaldo is the 
acting Assistant Secretary for Communications and Information 
for the Department of Commerce. Prior to joining the 
Department, Ms. Rinaldo was with the House Permanent Select 
Committee on Intelligence, where she was the lead committee 
staffer on Congress' landmark cybersecurity legislation, the 
Cybersecurity Act of 2015. Ms. Rinaldo also previously served 
as the oversight and budget monitor for the National Security 
Agency. Ms. Rinaldo.

  TESTIMONY OF DIANE RINALDO,\1\ ACTING ASSISTANT SECRETARY, 
  NATIONAL TELECOMMUNICATIONS AND INFORMATION ADMINISTRATION, 
                  U.S. DEPARTMENT OF COMMERCE

    Ms. Rinaldo. Chairman Johnson, Ranking Member Peters, 
Members of the Committee, thank you for the opportunity to 
testify today on supply chain, global competitiveness, and 5G.
---------------------------------------------------------------------------
    \1\ The prepared statement of Ms. Rinaldo appears in the Appendix 
on page 60.
---------------------------------------------------------------------------
    The National Telecommunications and Information 
Administration (NTIA) is responsible for advising the White 
House on telecommunications and information policy. In 
consultation with other Commerce bureaus and the Executive 
Branch agencies, NTIA advocates for domestic and international 
policies that preserve the open Internet and advance key U.S. 
interests at home and abroad.
    Our role is to foster national security, economic 
prosperity, and delivery of the critical public services 
through telecommunications. We are involved in a host of policy 
issues that affect the security of critical elements in our 
Nation's telecommunications infrastructure.
    Winning the race to 5G is one of the most urgent areas of 
focus for NTIA, the Department, and the Administration. We are 
pursuing policies that enable government and industry to work 
together to deliver on the promises of secure 5G networks.
    But as Secretary of Commerce Wilbur Ross has said, we 
cannot be complacent. Although the United States leads the 
world in the application of 4G wireless technologies, other 
countries are trying hard to position themselves to dominate 
the next generation of 5G technology and services.
    Given the global nature of the telecommunications industry, 
the fight for 5G dominance will center around key issues, 
including the development of industry standards as well as the 
ability to win in non-U.S. markets.
    NTIA is working closely with the State Department, Homeland 
Security, the Department of Defense (DOD), and the Federal 
Communications Commission on policies to secure the supply 
chain for critical information and communications technologies, 
enable secure network deployment, and promote innovation and 
free-market principles.
    Our increased reliance on connectivity comes with increased 
vulnerability to cyberattacks. Securing our networks must be a 
major priority. We must incorporate prevention, protection, and 
resiliency from the start.
    One of the top priorities for the Administration is 
securing the information technology (IT) and communications 
supply chain, which is increasingly vulnerable to certain 
foreign-sourced products and services.
    At the most basic level, we must avoid clear risks. 
Technology that comes from suspect origins or practices should 
not be put into our critical systems. At NTIA, we are working 
to increase transparency across the digital ecosystem to help 
organizations make better decisions and reduce cybersecurity 
risks and incidents.
    NTIA is helping to address these challenges by supporting 
the Secretary of Commerce in implementing the President's 
Executive Order (EO) on Securing the Information and 
Communications Technology and Services Supply Chain.
    NTIA has led three recent and successful multi-stakeholder 
processes on cybersecurity, looking at the challenges around 
disclosing software vulnerabilities and patching insecure 
devices.
    NTIA is also involved in an ongoing effort to mitigate the 
damaging effects of botnets.
    In our competitive world, the United States does not have 
the luxury of pursuing only some of our national priorities 
that depend on spectrum. We must pursue and achieve all of 
them.
    We will continue to build on the excellent model of 
coordination NTIA has developed with its Federal and private-
sector partners.
    Again, thank you for inviting me today, and as Chris said, 
go Nats.
    Chairman Johnson. Thank you, Ms. Rinaldo.
    Our next witness is Rob Strayer. Mr. Strayer is the Deputy 
Assistant Secretary for Cyber and International Communications 
and Information Policy at the State Department. In this 
capacity, he leads the development of international 
cybersecurity, Internet, data, and privacy policy. Earlier in 
his career, Mr. Strayer served as the General Counsel (GC) to 
the U.S. Senate Foreign Relations Committee and deputy chief 
staff director for U.S. Senate Committee on Homeland Security 
and Governmental Affairs.
    Mr. Strayer, welcome back.

 TESTIMONY OF ROBERT L. STRAYER,\1\ DEPUTY ASSISTANT SECRETARY 
  FOR CYBER AND INTERNATIONAL COMMUNICATIONS AND INFORMATION 
                POLICY, U.S. DEPARTMENT OF STATE

    Mr. Strayer. Thank you. Thank you, Mr. Chairman, Ranking 
Member Peters, and Members of the Committee. It is truly a 
privilege to testify before a committee where I served as a 
staffer a decade ago.
---------------------------------------------------------------------------
    \1\ The prepared statement of Mr. Strayer appears in the Appendix 
on page 66.
---------------------------------------------------------------------------
    As the world becomes more interconnected, the security of 
our information and communications technology, including the 
fifth generation of wireless technology, is becoming 
increasingly important for our national security and economic 
prosperity, as well as the protection of privacy and individual 
liberties around the world.
    The State Department, under Secretary Pompeo's leadership, 
is in charge of the United States' international engagement 
campaign to convince our allies and partners of the importance 
of adopting measures to secure their 5G networks. As you both 
have noted, 5G networks will be transformative. They will 
empower a vast array of new services, including traditional 
critical infrastructure, like the distribution of electricity.
    With all these services relying on 5G networks and the 
masses amounts of personal data that they will provide, the 
stakes could not be higher for securing these networks.
    As countries around the world upgrade their communication 
systems to 5G technology, we are urging them to adopt a risk-
based security framework.
    I have been joined by colleagues from the full interagency 
in probably hundreds of bilateral and multilateral meetings 
over the last, almost 2 years now. I personally have done many 
dozens of trips focused on 5G. I spent the Labor Day weekend, 
in fact, with Chairman Pai visiting three countries in the Gulf 
Region, including Saudi Arabia and Bahrain as well as going to 
Germany. So we have a full-court press to educate our partners 
about the security risks and ways that they can achieve a 
successful future with 5G.
    An important element of the 5G security approach that we 
recommend is a careful evaluation of hardware and software 
equipment vendors. The evaluation criteria should include the 
extent to which vendors are subject to control by a foreign 
government, with no meaningful checks and balances on its power 
to compel cooperation of those vendors with intelligence and 
security agencies.
    While this should be applied to vendors in all countries, 
our current concern is primarily with equipment vendors from 
the People's Republic of China (PRC). Our assessment is that 
the PRC could compel Chinese equipment vendors to act against 
the interests of U.S. citizens and citizens of other countries 
around the world.
    If allowed to construct and service 5G networks, Chinese 
equipment vendors will be in a privileged position in these 
critical networks. They can be required by China's national 
intelligence law to cooperate with Chinese intelligence and 
security services and to keep that cooperation secret, and 
there is no independent judiciary or rule of law to prevent 
them from being required to take those actions.
    This will provide Chinese Communist Party the capability to 
disrupt critical infrastructure, intercept sensitive 
transmissions, and acquire sensitive technology and 
intellectual property as well as the information of private 
citizens.
    Not only will China have these capabilities, but it has 
already demonstrated its intent to misuse and exploit data. 
Chinese technology firms are working with authoritarian regimes 
often hand-in-hand with the Chinese government to suppress 
freedom of expression and other human rights through mass 
arbitrary surveillance, censorship, and targeted restrictions 
on Internet access. They have exported facial recognition 
technology that they have perfected in the Xinjiang Province to 
more than a dozen countries.
    The PRC and Chinese firms also have a long history of 
intellectual property theft to benefit their interests. We 
should not allow 5G to be yet another vector for the PRC to 
steal intellectual property.
    Through our engagement, many other countries are now 
acknowledging the supply chain security risk and beginning to 
strengthen their 5G networks alongside the United States.
    For example, Australia, Japan, and Taiwan have taken very 
specific actions to protect their 5G networks from untrusted 
suppliers, and in May, the Czech Republic hosted more than 140 
representatives of 32 countries from around the world as well 
as the European Union (EU) and North Atlantic Treaty 
Organization (NATO) to build consensus on a common approach to 
5G security.
    This effort produced what is known as the Prague Proposals, 
a set of recommendations on how to build securely and 
resiliently 5G networks based on free and fair competition, 
transparency, and the rule of law.
    We have been working to advance the principles in the 
Prague Proposals by encouraging other countries to endorse 
them. We have also signed a number of memorandums of 
understanding (MOUs) for research and development (R&D) in the 
application of 5G technology with like-minded countries, 
including Romania and Poland and will soon sign one with 
Estonia. We are also working with many other countries in the 
same regard.
    On October 9th to be exact, the European Commission and EU 
member States released their own coordinated risk assessment on 
5G. We were very encouraged that the risk assessment clearly 
identified the risk that 5G network suppliers, of them being 
subject to pressure and control by a third country, especially 
in countries without, ``legislative or democratic checks and 
balances in place.''
    The EU risk assessment itself is a sign of progress in our 
5G campaign, and it demonstrates that our allies and partners 
are recognizing the risk of untrusted vendors, but our work is 
far from over.
    Next, the European Commission and member States will use 
that assessment to develop and agree upon a toolbox of security 
measures by the end of the year. It is vital that this toolbox 
address the vulnerabilities and risks that have already been 
identified in their assessment, including from untrusted 
suppliers, and that member States then implement those security 
measures in their own binding national measures to safeguard 
their networks, just as we are doing in the United States.
    Thank you for the opportunity to appear today.
    Chairman Johnson. Thank you, Mr. Strayer.
    Our final witness is Jessica Rosenworcel. Ms. Rosenworcel 
currently serves as a Commissioner for the Federal 
Communications Commission. In this role, she works to foster 
economic growth and security, promote accessibility, and 
develop policies to help expand the reach of broadband to 
schools, libraries, hospitals, and households across the 
country. Prior to joining the FCC, she served as senior 
communications counsel for the United States Senate 
Committee on Commerce, Science, and Transportation. Ms. 
Rosenworcel.

      TESTIMONY OF THE HONORABLE JESSICA ROSENWORCEL,\1\ 
        COMMISSIONER, FEDERAL COMMUNICATIONS COMMISSION

    Ms. Rosenworcel. Good morning, Chairman Johnson, Ranking 
Member Peters, and members of the Committee.
    For the last decade, the United States has led the world in 
wireless technology and performance, and we have reaped the 
benefits. The smartphone revolution began here on our shores, 
and it helped secure our global dominance in the technology 
sector.
---------------------------------------------------------------------------
    \1\ The prepared statement of Ms. Rosenworcel appears in the 
Appendix on page 71.
---------------------------------------------------------------------------
    So now let me be blunt. That authority is being challenged. 
Extending this leadership into the next generation of wireless 
technologies known as 5G is going to be difficult. Of course, 
it is worth the effort because these networks are going to 
kickstart the next big digital transformation.
    However, earlier this year, the Defense Innovation Board, 
which is our military's premier advisory board of academic 
researchers and private-sector technologists, surveyed the 
State of 5G networks and issued a sober warning. They found 
that the country that owns 5G will own innovations and set the 
standards for the rest of the world, and that country is 
currently not likely to be the United States.
    This is a clarion call. Other nations saw very clearly the 
success the United States had in the last generation of 
wireless technology, and they are working overtime to ensure 
they secure a leadership position in 5G.
    We see it in deployment. Switzerland, South Korea, China, 
Germany, and Japan are making great strides with their 5G 
efforts. We see it in activity in standards bodies, like 3rd 
Generation Partnership Project (3GPP) and the International 
Telecommunication Union (ITU), where 5G specifications are 
being hammered out right now.
    And we see it in patents and equipment. Chinese companies 
own 36 percent of all 5G standard-essential patents. Here in 
the United States, our companies hold just 14 percent. In fact, 
there are no longer any United States-based manufacturers of 
key 5G network equipment. The truth is we are facing well-
resourced challenges to our 5G leadership from every direction, 
and so far, we do not have a comprehensive national plan to 
meet this challenge. We need one, and here are four ideas it 
should include.
    First, if we want to lead in 5G, we have to secure the 5G 
supply chain. To this end, at the FCC, we have a rulemaking to 
ensure that our universal service fund (USF), which provides 
billions annually to help support broadband in rural America, 
will not be used to purchase insecure network equipment. This 
rulemaking has inexplicably stalled at the agency for the last 
year and a half, but now perhaps since you announced this 
hearing, we have publicized we will vote on this in 3 short 
weeks.
    Second, we need an approach to supply chain security that 
recognizes that despite our best efforts, secure networks in 
the United States will only get us so far. We need to start 
researching how we can build networks that can withstand 
connection to equipment vulnerabilities around the world.
    One way to do this is to invest in virtualizing radio 
access networks Open Radio Access Network (O-RAN). If we can 
unlock the RAN and diversify the equipment in this part of our 
networks, we can increase security and push the market for 
equipment to where the United States is strongest in software 
and semiconductors.
    Third, we need smarter spectrum policy. To date, the FCC 
has aggressively focused its early efforts to support 5G 
wireless service by bringing only high-band spectrum to market. 
This is a mistake. The rest of the world does not have this 
singular focus on high-band spectrum and with good reason. 
These airwaves have substantial capacity, but the signals do 
not travel far. That means commercializing them in all but our 
most urban locations is impossible. This is not good for rural 
America, and it could mean with 5G, we deepen the digital 
divide.
    So the FCC needs to change course and make it a priority to 
auction mid-band spectrum, which is better suited to extend the 
promise of 5G service to everyone everywhere.
    Fourth and finally, with 5G, we are moving to a world with 
billions of connected devices around us in the Internet of 
Things. We need to adjust our policies now to plan for this 
future.
    Here is what that could look like. Every device that emits 
radiofrequency at some point passes through the FCC, and if you 
want proof, just pull out your smartphone or look at the back 
of your computer or television. You will see an identification 
number from the FCC. It is a stamp of approval. It means the 
device complies with FCC interference rules and policy 
objectives before it is marketed or imported in the United 
States. The FCC needs to revisit this process and use it to 
explore how we can encourage device manufacturers to build 
security into all new products.
    And to do this, we could build on the National Institutes 
of Standards and Technology's (NIST) draft set of security 
recommendations for devices in the Internet of Things, but the 
most important thing we need to do is get started right now.
    Chairman Johnson, Ranking Member Peters, and Members of the 
Committee, thank you for having me here today. I look forward 
to answering any questions you might have.
    Chairman Johnson. Thank you, Ms. Rosenworcel.
    I really appreciate the attendance of my colleagues here, 
and so out of respect for their time, I will delay my 
questioning and turn it over to Senator Peters.
    Senator Peters. Thank you, Mr. Chairman.
    On Monday, Chairman Pai of the FCC presented a plan to 
address the supply chain risk in our networks. This includes a 
proposal known as ``rip and replace'' that would require 
carriers receiving support from the universal service fund to 
remove existing equipment and services deemed to be of national 
security risk from their networks and provide financial 
assistance to those companies that do that.
    To Commissioner Rosenworcel, is there a comprehensive 
database or map where Huawei and ZTE equipment has been 
deployed in the United States?
    Ms. Rosenworcel. Thank you, Senator Peters, for the 
question.
    No, there is not right now. It is my hope that with this 
proceeding, we can develop one. We know we need to. Much of 
this equipment lies next to military bases in this country. It 
is insecure, and we need to move it out.
    Senator Peters. So who should be developing it, and what 
process would that look like?
    Ms. Rosenworcel. I think we have to start with our Notice 
of Proposed Rulemaking and seek comment on where this equipment 
lies, how much of it is out there, and at what point in its 
useful network life cycle it is at, because we have to 
understand where it is before we decide what dollars we make 
available to help rip and replace it.
    Senator Peters. Mr. Krebs, and then I would like the rest 
of the panel to comment. If we do pursue this rip and replace 
approach, should it apply to all equipment, without exception?
    Mr. Krebs. Can you clarify? Do you mean just within rural 
deployments, or do you mean Huawei and----
    Senator Peters. Huawei and ZTE.
    Mr. Krebs [continuing]. Globally Information and 
Communications Technology (ICT) across the United States and 
every environment? I would hesitate to go that far. I think we 
need to look and understand where the risk truly is and focus 
our efforts there, particularly if we are talking Federal 
resources getting into play here, but again, focus on where the 
risk lies and focus our efforts there.
    Senator Peters. If we could just go down the panel, if we 
could, please.
    Ms. Rinaldo. Yes. I would just echo that. NTIA works 
closely with DHS in their Information and Communications 
Technology and Services Supply Chain Risk Assessment Task 
Force. So these are the types of the conversations that we are 
having, understanding that there is only a certain amount of 
money available. We want to make sure that we are being smart 
with that deployment.
    Mr. Strayer. I think it is important to recognize, Senator, 
we are talking about existing 4G networks that have this 
unsecure equipment. We move to 5G; the risk profile changes 
dramatically and really increasing the cyberattack surface 
area. So more parts will become critical, as there is the smart 
computing moving out to the edge more. So I think a vast new 
array of technology that is not considered critical will become 
so in the 5G network.
    Ms. Rosenworcel. I largely agree with my colleagues, but I 
would say the primary focus right now should be the $4.5 
billion a year that the universal service fund contributes to 
rural carriers across this country to deploy broadband.
    Senator Peters. Well, that actually is a question. How 
should the cost and impacts of rolling this out in rural 
communities be factored into the risk-based decisions that I 
think I have heard everyone say? How would you do that?
    Ms. Rosenworcel. I think we have to start with this 
rulemaking and make some assessments about it and work with 
this Committee to identify what our priorities should be, but I 
think that we can all agree that the goal is to take this 
equipment out of our networks and to make sure it is no longer 
there as we head to 5G.
    Senator Peters. Anybody else on rural?
    Yes, Mr. Krebs.
    Mr. Krebs. I think this is the right course of the 
conversation. I think what we also need to focus on are what 
are the economic realities of a flash cut of pulling this 
equipment out today from 4G, what as you mentioned, what 
Commissioner Rosenworcel mentioned, what is the life cycle. How 
are they going to age this stuff out if it is going to happen 
over the next 12, 18, or 24 months? And we can contain or 
manage the risk. Maybe we let it go naturally through the 
process.
    Just yesterday in Denver, Colorado, the U.S. Chamber of 
Commerce hosted an event, a Rural Engagement Initiative, that 
brought regional rural providers together with representatives 
from everyone that you see up here. In fact, some of the folks 
in the room were there.
    One of the outcomes that came out of that engagement was on 
the provider side, the telecommunications provider side, to 
help develop what a playbook looks like for flash cut and what 
the associated costs might be.
    So, again, I think we are on the right track. I think a 
Request for Proposal (RFP) or a radio frequency interference 
(RFI) process is likely a good way to elicit information as 
well.
    Senator Peters. I think you raise an important point. We 
are going to have a gap if there is a ban on Huawei and ZTE. 
How would the Administration deal with the costs associated 
with that? Any idea?
    Mr. Krebs. I think that is the right conversation to have 
between the Administration and Congress on what the appropriate 
cost sharing or the cost burden between Federal Government and 
the private sector and, in some cases, State and local 
authorities of who is ultimately responsible.
    Again, we are not talking about pulling all this stuff out 
tomorrow. There is a reasonable plan likely that would allow 
for transitioning out over the next year and a half to 2 years.
    Senator Peters. Commissioner?
    Ms. Rosenworcel. I agree with that. The estimated costs of 
removal right now are between $700 million to $1 billion, but 
the one good fact we have is we have a template for this.
    Congress in 2012 asked the FCC to help with the relocation 
of broadcasters in the 600 megahertz band and set aside funds 
for us to do just that. We should borrow the template we used 
for that repurposing of equipment. It involves audits, site 
visits, certification of where equipment is and is not, because 
I think it has worked well, and I think it could serve us well 
in this environment too.
    Senator Peters. If the FCC proposal is approved, American 
companies and citizens will still have to transmit and connect 
with networks abroad, as I think you mentioned, Commissioner, 
in your opening comments, that use Huawei and ZTE equipment.
    My question is for you, Mr. Strayer. Does the FCC's most 
recent action protect U.S. equipment and networks from 
vulnerabilities abroad, or do you share some of the concerns 
that we have heard from the Commissioner?
    Mr. Strayer. I think the primary concern abroad will be 
that as we are increasingly interconnected, if there is ability 
to disrupt critical services abroad, that will quickly have an 
impact in the United States. So they will have follow-on 
impacts almost immediately in the United States from having 
unsecure networks if they are compromised by having untrusted 
vendors.
    Senator Peters. Commissioner, can you expand on your 
comments that you made in your opening?
    Ms. Rosenworcel. Yes. Listen, I think my colleague here, 
Rob, has done incredible work going around the world and 
pressing our diplomatic case for removing this equipment from 
other nations' networks and not investing in it for 5G, but the 
truth is we are going to need other plans on the table too.
    That is why I mentioned virtualization of the Radio Access 
Network. We are going to have to start thinking about 
technologies that allow us to be secure in a world when we have 
to connect to insecure networks.
    Senator Peters. Great. Thank you.
    Chairman Johnson. Thank you, Senator Peters.
    A real quick comment on the rip and replace. Ms. 
Rosenworcel, you are quoting figures that I also heard from 
some of the vendors. I would just suggest, as we are trying to 
undertake that study to talk to those alternate vendors because 
they probably bid on this, and they probably know exactly where 
that equipment exists, not only here, but also in Europe, which 
would be a little bit more expensive.
    But, again, the 700-to $1 billion when you are talking 
about a significant national security threat, that sounds like 
probably a pretty manageable cost that we ought to seriously 
consider. But, again, I would really suggest that government 
agencies go to those alternate vendors who probably quoted on 
this.
    Next, Senator Hassan.

              OPENING STATEMENT OF SENATOR HASSAN

    Senator Hassan. Well, thank you, Mr. Chair, and thank you 
to you and Ranking Member Peters for holding this hearing.
    Thank you to our witnesses for taking the time to testify 
and help educate us all on this topic.
    As a Red Sox fan, I will give a begrudging congratulations 
to the Nats but acknowledge that we waited 86 years. The Nats 
waited 95. So we feel your joy this morning.
    I wanted to start with Ambassador Strayer on this topic of 
our diplomatic efforts. I recently traveled to India and met 
with India's cyber coordinator. During this meeting, we learned 
that while India is very concerned about privacy and about some 
of the warnings that we have been trying to impart about 
Huawei, the country is seriously considering using Huawei's 
infrastructure for India's 5G rollout.
    They talked about, ``Well, we are just doing a pilot. They 
could come and do the pilot.'' I said, ``How long would the 
pilot last?'' They said, ``A year.'' That is a long time.
    Moreover, many of our European allies who are ordinarily 
concerned with transparency and data privacy are still 
considering incorporating Huawei devices into their 5G 
infrastructure, even though alternatives are available from EU-
based companies.
    So, Ambassador, can you tell us what else we should be 
doing as kind of a follow up to the Commissioner's points? What 
else should we be doing to convince allies, partners, and other 
nations to move away from Huawei and ZTE infrastructure? What 
resources do you need to succeed in this mission?
    Mr. Strayer. Thanks for that very insightful question. I am 
glad you were able to raise that with the Indians.
    We were doing a similar dialogue with them just a few weeks 
ago. There is no doubt that the cheap price point for some of 
the Huawei and ZTE equipment has allowed them to get into, if 
you will, the legacy networks. As they move to 5G, many of the 
telecom operators argued that it is going to be cost 
prohibitive for them to use a more secure vendor.
    There is analysis that shows that myth busting a lot of 
these arguments that the telecom operators are throwing out 
there.
    First of all, they are not going to fall behind 
technologically if they go with one of the EU vendors or 
Samsung. In fact, Reliance Jio, one of the largest telecom 
operators in India, is using almost exclusively Samsung at this 
point, and, of course, we in the United States are using those 
providers. There is no way you fall behind technologically.
    There is also no real concern or should not be a serious 
concern about cost. Any technology in the networks that is pre-
2016 has to be replaced anyway. So you are only looking at the 
last couple years of deployment, and there are ways to make 
that be replaced on a normal life cycle.
    There are other concerns that these countries have that 
include kind of coercive measures that the Chinese can use 
against them if they were to not allow their national chain to 
participate.
    Senator Hassan. So, given that, let us just follow up for a 
minute. I understand all those arguments. They are some of the 
same arguments I have been making to countries like India, 
along with you, but it does not seem that our partners are 
listening. So what else should we be doing, or what additional 
resources do you need?
    Mr. Strayer. So, on that front, I think we are getting the 
understanding. Almost every country now says they will prohibit 
the untrusted vendors from the core of their network. So that 
begs the question why allow them in the edge, and what is the 
value of the data that is at the edge that they are going to be 
willing to give up?
    As far as additional resources, we are already thinking 
about how we have initiated programs to help improve 
connectivity, and that is trusted connectivity in developing 
countries. So we already have some of that moving in the right 
direction as far as resources to help develop trusted networks.
    It would be helpful as you as Senators or delegations to 
these countries around the world that you talk to their 
parliaments. This is not just a technical discussion. Some 
would want this to be resident in some kind of technical 
telecom discussion. This is really about our fundamental 
values----
    Senator Hassan. Yes.
    Mr. Strayer [continuing]. And about geopolitical threats 
because it is inherently impossible to test your way into 
security when it comes to telecom technology, and that is 
because you can always insert a back door in the tens of 
millions of lines of code.
    So if you as members are willing to go out there and talk 
to parliamentary colleagues around the world, I think that 
would help us a tremendous amount to make sure that they are 
invested in the political process. This, at the end of the day, 
has to be a political process, not just a bureaucratic process.
    Senator Hassan. OK. Then to follow up on that point, to all 
of the witnesses--and very quickly, if you can--5G is still 
taking shape. Technical standards that guide how 5G will 
ultimately work are being actively developed in international 
standards-setting forums, and you have all referenced that.
    It is vital that the United States drives this 
conversation, and that China is not allowed to dominate the 
future of 5G to the detriment of the United States and our 
allies.
    So from each of you, how are your organizations 
coordinating engagements in the international standards bodies 
in order to counteract China's influence? Because China is 
being really aggressive on this.
    I will start with Mr. Krebs.
    Mr. Krebs. So we directly coordinate both through the NSC 
process and also as an operational agency to agency to ensure 
that when we deploy to the 3GPP or other standards bodies that 
we have consistent direction and priorities working with our 
industry partners.
    Senator Hassan. OK. Ms. Rinaldo, anything to add?
    Ms. Rinaldo. Yes. NTIA actually participates at 3GPP on 
public safety issues as well as FirstNet, which resides under 
us. So we are there on the floor talking to people.
    Senator Hassan. OK. Go on.
    Mr. Strayer. The international conferences on worldwide 
spectrum policy is taking place right now in Sharm el-Sheikh, 
Egypt. We have a delegation of 120 people from the private 
sector and from government there. Chairman Pai is there. We 
have an ambassador from the State Department there leading 
that. So we are leading these international bodies.
    I think that this word about standard essential patents, 
you can carve that a lot of ways. Certainly, the Chinese 
propaganda has been to assert that they are leading, but there 
is a report out today that says Intel and Qualcomm have the 
most valuable of what are likely to be standard essential 
patents.
    So it is a competitive space, and we need to be vigilant, 
but I think we are in a very good place for the future.
    Senator Hassan. Go ahead.
    Ms. Rosenworcel. I agree with you that we need to assess if 
all this interagency coordination is really working, and the 
best way to do it is after the World Radio Conference, which is 
taking place right now in Egypt, to come back and assess what 
our experience has been with the 193 nations and how successful 
we have been at moving our spectrum policies forward.
    Senator Hassan. Thank you.
    I have a couple other questions. Mr. Krebs, briefly, I want 
to invite you to come to New Hampshire and work with some of my 
local and county folks on the issue of ransomware because I 
think we need to have increasingly better partnerships on that. 
So can you commit to helping us with that?
    Mr. Krebs. Absolutely. This is a huge area of focus for us 
right now, not just on normal State and locals, but also as we 
think about elections and voter registration databases, a big 
initiative area for us right now.
    Senator Hassan. OK. Thank you.
    I am running out of time, but I am going to ask--if I come 
back and we are still having the hearing, I want to follow up 
with Commissioner Rosenworcel on the issue of the FCC auction 
of mid-band spectrum and how important that is going to be in 
terms of the rural-urban digital divide. So I hope to follow up 
with you on that.
    Thanks.
    Senator Johnson. Quick answer, it is important.
    Senator Romney.

              OPENING STATEMENT OF SENATOR ROMNEY

    Senator Romney. Thank you, Mr. Chairman, and thank you to 
each of you who are working in this very vital area.
    In a lot of respects, it is sad that we are having to hold 
this hearing. It is extraordinary that China has been able to 
take such a substantial lead in an area that is not only 
important for us economically but vital to national security, 
and my prediction is that we will be repeating this picture 
again and again in various other areas that are important 
economically and with regards to our national security.
    This is the first example of what is going to happen again 
and again, and I guess I would like to address my question to 
all of you or whoever would like to respond to it as to how it 
is, if you will, free market economies were unsuccessful in 
establishing our own lead with regards to 5G--how is it that 
Chinese companies were able to get so far ahead of us on the 
track that we are trying to chase them and catch up to them?
    I would note that China has a very clear strategy as to 
where they want to be in 5G but also economically, 
geopolitically, militarily, and we as a nation do not have a 
strategy. We respond on an ad hoc basis. When we see them ahead 
on the track, we say, oh, we have to do something about that, 
but always chasing your competitor is not a successful 
strategy.
    And not only do we not have a strategy to deal economically 
with a player that does not play by the rules, we do not even 
have a process under way or much focus under way nationally to 
describe how we are going to compete with a nation that 
continues to break the rules, how we and the West will do so.
    I only think this can be done on a collaborative basis with 
ourselves and other free nations, and so we would keep 
Ambassador Strayer from having to run around, country by 
country, begging people, ``Oh, please do not do what is in your 
best economic interest. Hold on because we have something 
better coming along.'' This just does not make sense as a 
strategy for our Nation.
    I will go back to my question and say how is it we got so 
far behind on 5G with such extraordinary companies, in many 
cases, not in the United States, but companies in South Korea, 
companies in the EU, that participate in this area? How did 
China get such a big lead? Why did we let them get so far 
ahead?
    Mr. Strayer. If I may start, Senator. I would say at the 
front end that we do have, roughly, a general strategic 
guidance from our National Cyber Strategy, and we are taking on 
China across a range of areas, especially holding them 
accountable for their inability or their reluctance to 
implement the rules-based international order that they agreed 
to when we let them accede to the World Trade Organization 
(WTO).
    And I think it is also important in 5G to recognize that 
Cisco, Intel, Qualcomm are world leaders in the technology. 
What we do not produce is the hardware that forms this Radio 
Access Network, and we are quickly moving in that direction and 
thinking about how we can virtualize more functions and moving 
to the area where we will be really strong, which is in 
software with more generic hardware.
    I think that is how we have a general mission. We are 
talking to our partners and allies about trusted technologies, 
emerging technology of the future to set the right rules of the 
road, but fundamentally, these Chinese companies are not 
competing in any type of capital system of free and fair 
markets. They are being subsidized substantially. So we need to 
think about targeted R&D and efforts to work with our allies to 
see how we can each play to the best of our strengths.
    Senator Romney. Thank you.
    Mr. Krebs. As Ambassador Strayer mentioned, I think we are 
kind of in a blip. The piece that the Chinese own the most is 
the Radio Access Network. I think given some of the comments 
and particularly Commissioner Rosenworcel mentioned about 
focusing on virtualization and Open Radio Access Networks, I 
think if we were to hold this hearing in a year to 18 months to 
24 months, a completely different conversation about the 
options, trusted options available in the marketplace.
    So what we have to do is make sure that we sync up the 
timelines, particularly on an international basis. I encourage 
everyone, if you have not already, go look at the Huawei 
Oversight Board Report that the United Kingdom (UK) issued 
earlier this year. It is a pretty damning document in terms of 
an evaluation of the security quality of Huawei products, and 
this is from a country that has been assessing technically, 
from a cybersecurity perspective, the quality of Huawei 
products now for 10 years.
    First, they said not much improvement over that 10-year 
period. Moreover, the transformation plan that Huawei has 
issued indicates that, by their own admission, Huawei's own 
public estimates are that this transformation to bring Huawei's 
equipment to a commercially reasonable cybersecurity posture 
will take 3 to 5 years.
    This is sufficient evidence for us, as Rob goes around the 
world and talks about ``Do not make a bad decision now. You 
will be paying for it for the next 10 years.'' This is the sort 
of the evidence we need to say, ``Hold on. Let us work, and let 
us incentivize this alternative trusted vendor base to emerge, 
to flourish,'' and I think this is the opportunity in front of 
us. We have to put a lot more effort in, whether it is DOD in 
their RFP that they have recently issued or they will be 
issuing on experimentation to encourage these companies to come 
forward.
    There is great opportunity in front of us. Again, my hope 
is that a year from now, a little bit more than that, a 
different conversation.
    Senator Romney. Please.
    Ms. Rinaldo. Just to echo those comments, at the Department 
of Commerce, we really look to answer that question. If not 
them, then who? And we do see the American companies, the 
software vendors that are going to fill that void, with 
software-defined networks.
    You also often hear that the Chinese sent swarms of people 
to the standards body, and they vote en block. Whereas, we go, 
work with our partners, work with industry, but that is where 
you are going to get the best product.
    I think as we discuss what is the answer to our success, 
how do we win the race to 5G, it is not being more like them. 
It is doubling down on us. So that is what we are focusing on 
and collaborating together on.
    Senator Romney. Thank you.
    Ms. Rosenworcel. Senator, I think you are right, and I 
think the evidence is around for all of us to see.
    In today's Wall Street Journal, it mentions how China will 
have 130,000 cell sites equipped for 5G by the end of the year. 
South Korea will have 75,000, and the United States will have 
10,000. The truth is we have rested on our 4G laurels, and that 
is not a good place to sit. If I had to choose one thing that 
we should change right now, we need a spectrum strategy that 
makes sure 5G service gets to everyone all across the country.
    We have doubled down in the United States on auctioning 
high-band spectrum, which propagates between one corner of this 
room and the other. We will never make that an economic way to 
deploy 5G everywhere, and it will reduce our power and our 
scale for equipment, devices, and innovation.
    Senator Romney. Thank you.
    Chairman Johnson. Just real quick, as long as we are on the 
topic, I do want to throw out the question. Does it make sense 
for the Federal Trade Commission (FTC) to be suing Qualcomm 
under antitrust? Does that lawsuit continue to make sense? Ms. 
Rosenworcel
    Ms. Rosenworcel. That is outside of my jurisdiction, but I 
will acknowledge that----
    Chairman Johnson. It is close--FCC, FTC.
    Ms. Rosenworcel. Yes, I know. It is just one letter, right?
    I will acknowledge that the United States has really 
powerful operators when it comes to software and 
semiconductors, and we should figure out how to use that as we 
forge our way into the future.
    Chairman Johnson. Anybody else want to comment on that? It 
has me scratching my head. Senator Lankford.

             OPENING STATEMENT OF SENATOR LANKFORD

    Senator Lankford. Mr. Chairman, thank you. Thank you all 
for the work that you are doing on this. It is exceptionally 
important.
    I have a lot of folks that will catch me about the access 
to data that Facebook or Google or different Internet providers 
will have--or Microsoft will have, and they will say they have 
access to a lot of data. I will typically smile at them and say 
no one has more access to your data than your cell phone does 
because they have all of those plus a whole lot more, and it is 
remarkable to me how little focus there has been on the 
security around everything that goes through your cell phone.
    And for folks in rural Oklahoma, they would tell you that 
many of their irrigation systems are connected to their cell 
phones. Control systems for valves are connected to cell 
phones. So whether it is energy, agriculture, or manufacturing, 
it all goes through this cell network. So thank you for your 
focus on the 5G on the security because we cannot get this 
wrong, because every bit of our data and every bit of our 
manufacturing and our systems and our inventions all go through 
this system. So I appreciate you doing this.
    Let me come back to the spectrum conversation. Why is not 
there a conversation on the mid-band right now?
    Ms. Rosenworcel. Well, there is a conversation, Senator, on 
mid-band spectrum right now.
    My primary concern is that the FCC during this 
Administration has chosen to put all of its earlier efforts on 
high-band. We have auctioned the 24 gigahertz band, the 28 
gigahertz band. By the end of this year, we will have the 37 
gigahertz band, the 39 gigahertz band, and the 47 gigahertz 
band.
    Senator Lankford. So why not the mid-range?
    Ms. Rosenworcel. You and I have the same question. I think 
we should have prioritized the 3.5 gigahertz band and done it 2 
years ago because those are the airwaves that are going to help 
us reach rural America and urban America.
    We are making a mistake, and the rest of the world is not 
auctioning high-band spectrum. There are 16 nations right now 
that have already brought mid-band spectrum to market. That is 
where the bulk of the economy is going for wireless, for 5G, 
and the United States is behind.
    Senator Lankford. So let me switch topics on that, because 
that is helpful. We will follow up on it. Let me switch topics 
on the hardware side of the manufacturing in this system.
    You have all mentioned that one of the issues we have is 
not necessarily the software. We have a lot of software that is 
currently very innovative. It is the hardware manufacturing 
side of that.
    What is missing in the hardware side of it is that we have 
just outsourced the hardware for so long to China and to other 
places that we just do not have the locations. Is it a raw 
material issue? It is certainly not a creativity nor capital 
issue. We have that in the United States. So what is the gap on 
the manufacturing side?
    Ms. Rinaldo. On the manufacturing side, I have heard--that 
40 percent of the makeup of the network is actually American 
manufacturing companies. It is the RAN that does not have a 
U.S. hardware manufacturer.
    Senator Lankford. Correct. That is the part I am talking 
about.
    Ms. Rinaldo. Right. I think when we talk about software 
defined networks to innovate around that problem, that is where 
we are going to inject the innovation to create the networks of 
the future. So that is what we are focusing on now, and we 
believe there is beta testing as we speak, and that it could be 
a reality in as early as 18 months.
    Senator Lankford. So you are saying the radio access is not 
as needed if we can have a software workaround?
    Ms. Rinaldo. Correct.
    Mr. Strayer. Senator, I would just point out that the 
reason that the old Bell Labs became Lucent and it got bought 
by Alcatel, a French company, that got bought out by Nokia--so 
there is still research going on in America in this area. It is 
just that it is owned at the headquarters level in Europe, and 
there is going to be new manufacturing by Ericsson in Florida. 
There is Samsung fabrication of chips going on in Austin, 
Texas. They put $17 billion into it. So there is going to be 
manufacturing.
    The long-term solution, I think, is the lines of the acting 
administrator's point, but we do see manufacturing here. And 
there is obviously competition coming from China that is 
massively subsidized. So that is really where the market is 
failing is in subsidization.
    Senator Lankford. Mr. Krebs, this is something you track 
all the time on the supply chain issues. As you know extremely 
well, if we have one bad link with data, that is the spot to 
get a chance to infiltrate unlimited amounts of data. When you 
start looking at supply chain issues, where do you see the gap? 
Where do you see the engagement? What is it that the U.S. 
Congress and the U.S. Government needs to be involved in, or 
what do we need to do less of to allow that market to be able 
to grow?
    Mr. Krebs. I think supply chain is an emerging area of 
focus for certainly my agency but the rest of the 
Administration. It is much like cybersecurity. It is about 
identifying where the risk lies, managing that risk 
appropriately, and putting your attention where the gaps are.
    This time last year or a little bit earlier, we established 
an Information and Communications Technology Supply Chain Risk 
Management Task Force. Again, all the agencies here are 
represented on that task force, 20 Federal agencies, 20 tech 
companies, and 20 coms companies, 4 different work streams.
    One, first and foremost, is, What does information sharing 
look like on supply chain risks? Second, what is a threat 
profile or the categories of threats we need to be concerned 
about? Third is, How do we develop trusted qualified bidders 
list, kind of white listing? And, last, how do we incentivize 
purchasing from original equipment manufacturers and trusted 
resellers to eliminate the counterfeit problem?
    This is an incredibly important area of work because it 
gives everyone, whether you are super-sophisticated, highly 
leveraged and invested in supply chain issues, or down to just 
your average, somewhere, subcontractor in a supply chain 
conversation. It gives them a common operating language or a 
common framework by which to assess.
    One of the big things that I think came out of this 
conversation is when we talk about information sharing, when we 
talk about sharing threats of companies that may be of concern, 
there are examples--the National Regulatory Framework 10, Code 
of Federal Regulations (CFR) Part 21, has a reporting of 
defects and noncompliance. If you come across something in 
supply chain, you have to report it.
    There is no similar standard for other high-risk areas of 
infrastructure.
    Senator Lankford. Is that a gap in the law? Is that a gap 
in regulatory?
    Mr. Krebs. I think, at this point, it is probably both, but 
I would focus on how do you have a company that comes across an 
issue with an untrusted vendor. They have significant civil 
litigation risk for publicly outing that company. How do we 
give them the appropriate information-sharing protections that 
they can make a report into whether it is government or other 
industry partners, get away from antitrust issues, 
anticompetitive issues? This is an area that I think we think 
needs more attention.
    Senator Lankford. Let me bring up two quick things on this. 
One is, as we are going through supply chain conversation, we 
need to deal with the raw materials and rare earth minerals. 
That has been a weak area for us as a Nation. We have been 
complacent to allow rare earth minerals to come from China and 
to say, well, they are going to manufacture, they are going to 
mine, they are going to handle all that, but we have 
environmental issues, and so we are not going to do rare earth 
minerals.
    We can do it cleaner and better than anywhere else in the 
world, and we should lean in on that one. That is near where we 
need to identify.
    Ms. Rosenworcel, one of the areas that is not related to 
this, but every time I see anyone from the FCC, I bring up one 
issue with them, and that is prison cell phone jamming. We are 
not going to talk about it, but I just want to be able to bring 
it up and to say it is allowed in Federal prisons. It is not 
allowed in State prisons, and that is an area, a gap in the 
law, that we need to address. But we need FCC's engagement on 
working through standards for when that jamming device is 
actually done and tested. They will want to test against a 
group of standards. FCC is the one who has to establish that.
    We have major problems with contraband cell phones across 
the entire Country in prisons, and we need the FCC to engage in 
this area.
    I know it is a surprise question to you. I am not going to 
ask you to respond to it, but I am not going to also miss the 
opportunity to say we need that.
    Thank you.
    Chairman Johnson. Senator Carper.

              OPENING STATEMENT OF SENATOR CARPER

    Senator Carper. I remember, Senator Lankford, being down in 
Guatemala, maybe with Senator Johnson. We were meeting with the 
president of Guatemala, and I said to him, ``You know, we have 
been visiting some of the prisons. You know, there is 
technology that you have, Mr. President. Your prison guards are 
allowing cell phones to be used by criminals in the prisons and 
conduct their criminal business,'' and he said, ``Really?''
    I said, ``Yes. There is technology that can jam those,'' 
and he said, ``Really?''
    I said, ``Yes. You have it in your prisons.'' He said, 
``Really?''
    I said, ``Yes. And you do not use it.'' He said, 
``Really?''
    I said, Yes. You know who is responsible for making sure 
that this stuff is there and has used it is your interior 
minister. He is sitting right here, and he is not making sure 
that is being done,'' and he said, ``Really?''
    I said, ``Yes.''
    Six months later, they were both in prison, and I hope they 
are using their cell phones badly. But I think it is an 
important point and not just for the United States.
    Ms. Rosenworcel, I love your name. Have you always been a 
Rosenworcel?
    Ms. Rosenworcel. I have.
    Senator Carper. OK, good. I would stick with that one. 
[Laughter.]
    You ran through four ideas to help secure U.S. leadership 
on 5G. Just say those again quickly, and I am going to ask your 
colleagues to respond to them and just say whether they think 
you are making sense or not.
    Ms. Rosenworcel. First, secure the supply chain. Second, we 
need to think beyond supply chain and look to virtualization of 
Radio Access Networks. Third, we have to be smarter about the 
spectrum that we auction and auction more mid-band spectrum, 
and fourth, we have to come up with policies to secure the 
billions of devices in the Internet of Things.
    Senator Carper. Mr. Strayer, nice to see you.
    Mr. Strayer. Great to see you, Senator.
    Senator Carper. In fact, do I call you ``Mr. Secretary'' 
now?
    Mr. Strayer. No. I guess everyone has titles in this town, 
but I will stick with being in a town with the Washington Nats 
as the world champions.
    Senator Carper. Very good. That is great.
    Mr. Strayer. If I can respond just briefly.
    Senator Carper. My favorite baseball team is the Detroit 
Tigers. We had the worst record in baseball, but three of their 
best former pitchers--four actually, Porcello, Red Sox. Gary 
and I are both Tigers fans. We traded off Verlander. We traded 
off Max Scherzer, and we traded off Sanchez. Someday we will be 
good again. It will not be anytime soon.
    Mr. Krebs. Thank you for those two pictures.
    Mr. Strayer. The farm team.
    Senator Carper. We have really good arms in AA and AAA.
    Mr. Strayer. Right.
    If I may, I completely agree that we need to work on the 
supply chain. I do not know if I mentioned it yet today, but 
President Trump signed an Executive Order on May 15th of this 
year--he declared a national emergency to supply, to protect 
our domestic communications technology, and that will soon be 
followed by binding regulations later this year.
    I think, 100 percent agree with the idea that 
virtualization of the functions of the Radio Access Network 
will be very important to allow the breakup of the proprietary 
lock-in that many of the current Radio Access Network providers 
have today, and that will also reduce cost on capital 
expenditure as well as operational cost for providers. So it 
can be very competitive with regard to some of the current 
providers, such as those in China, if we move toward more 
virtualization.
    On the mid-band point, I think it is worth noting, first of 
all, that getting to rural areas, under the T-Mobile/Sprint 
merger, in the next 3 years, they are required to cover 97 
percent of the U.S. population and in 6 years to cover 99 
percent of the U.S. population.
    Now, the FCC, I understand, is going to proceed with 
proceeding on the 3.5 gigahertz mid-band spectrum next summer. 
They had to prioritize some of the millimeter-wave, but I think 
we should not denigrate the importance of millimeter-wave that 
is going to be so important to manufacturing and other use 
cases that are going to require the most maximal amount of 
throughput, which is only available through millimeter-wave. 
That is the kind of beauty of that technology is that it does 
not go as far, but it has the greatest amount of data 
transmission available.
    Of course, Chairman Pai has said by the end of this fall, 
we are going to have a plan to move forward on the C-band, 
which is also mid-band, and I understand 2.5 gigahertz will 
follow probably in the next year after that.
    So we certainly need to keep moving forward with this, but 
we have, I think, sufficient plans to ensure that we have mid-
band available in the blend of low-band, mid-band, and high-
band spectrum that we need.
    Senator Carper. Thank you.
    Ms. Rinaldo, I am going to ask you to answer briefly. Do 
you find any of her four ideas favorable with you? Which ones? 
Yes? No?
    Ms. Rinaldo. Yes. Thank you.
    So, at NTIA, we are the Federal regulator for government-
held spectrum. We also represent the Administration in FCC 
proceedings, and the Administration believes that you need low-
, 
mid-, and high-band in order to be most effective with the 5G 
deployment.
    The Making Opportunities for Broadband Investment and 
Limiting Excessive and Needless Obstacles to Wireless Act 
(MOBILE NOW ACT) tasked NTIA to look at the 3.1 to 3.5 
GHZ Lands, and that review is currently under-way. 
We have a report due to Congress next year.
    As Deputy Assistant Secretary Strayer mentioned, there is 
an auction next June on Citizens Broadband Radio Service Device 
(CBRS), which is mid-band, and then there is one this December 
on high-band. So we are hitting those important notes.
    Also Commissioners Rosenworcel mentioned supply chain. The 
Executive Order gives the Secretary of Commerce the emergency 
authorities to make determination against transactions that 
could be concerned with untrusted vendors in our network. So we 
are currently putting together the regulations on that as well.
    And we are all in agreement that software-defined networks 
and Open RANs are going to be a game changer of for us.
    Senator Carper. Alright. Thanks.
    Do you agree with anything that she said? Ms. Rosenworcel, 
that is.
    Mr. Krebs. I agree with everything she said. Supply chain 
security, a huge area focus for CISA going forward as well as 
securing the Internet of Things.
    Senator Carper. Alright. Thanks.
    All of us could tell you stories about how some of our 
students, our schools, our businesses are struggling in rural 
parts of our States. We can all tell you stories for lack of 
access to the Internet.
    I would ask of you, Ms. Rosenworcel, if you would, having 
said that, what is the commission--you talked about this a 
little bit already, but what is the commission doing to ensure 
that the Internet is accessible to all communities and that 5G 
deployment is not another technological advancement that leaves 
the rural communities even further behind?
    Ms. Rosenworcel. Yes. Thank you, Senator. Such an important 
question.
    We need to do more. We have a digital divide in this 
country. It is real. We have 12 million kids who cannot even do 
their homework because they do not have Internet access. They 
are in every State.
    Senator Carper. Some of them are not complaining, but they 
need to be doing their homework.
    Ms. Rosenworcel. We want them to be able to access the 
Internet and do their school work, and it is just a window into 
this challenge we have. We have to fix it.
    I think we would start with better mapping. I know that 
Senator Peters has a bill on just this subject. Right now, FCC 
maps wildly overstate where broadband is and is not in this 
country. Go to every rural community. They will tell you. They 
do not have service. Yet if you look at the FCC map, we found 
one subscriber in a census block, and we decided that it is 
available throughout. That is wrong. We are never going to know 
where to devote our scarce Federal resources if we do not first 
get our maps right.
    Senator Carper. Let me just interrupt you. Aside from 
grants, what other support can government agencies provide to 
help advance Internet access?
    Ms. Rosenworcel. I think that by refocusing now on mid-band 
spectrum, we could make a meaningful difference in the 
deployment of 5G. It propagates further and requires fewer 
towers. It is more economic to deploy in rural communities, and 
if we want rural America to see 5G, I think we have to focus on 
that sooner rather than later.
    Senator Carper. Alright. Thanks.
    Mr. Chairman, Albert Einstein's wife as much--he was 
married to a brilliant woman, and she was once asked if she 
understood her husband's theory of relativity. And she 
responded, famously. She said, ``I understand the words but not 
the sentences.''
    I just want to say that a hearing like this is helpful to 
me in not just understanding the words but some of the 
sentences too. So thank you all.
    Chairman Johnson. Senator Portman.

              OPENING STATEMENT OF SENATOR PORTMAN

    Senator Portman. Well, Chairman, thank you for having this 
hearing. I apologize. I had another commitment earlier, so I 
did not get to hear all the testimony. But I did have a chance 
to review it.
    To me, this is ultimately about our competitiveness as a 
Country, and we have kind of all the ingredients for a major 
problem here. One is the importance of 5G. The other is a China 
that I would say has become almost a techno-nationalist 
country, where they use State power, and often a disregard for 
international trade rules. This includes subsidies, but it also 
includes tech transfer. And often it is driving market-oriented 
companies out of business, and at the same time, we have a loss 
of production here of 5G hardware.
    You talked a lot about the supply chain this afternoon or 
this morning, and I think that is part of the issue here.
    In terms of being a driver for 21st Century competiveness, 
5G just seems to me is very worrisome.
    By the way, we started an Artificial Intelligence (AI) 
Caucus here in the Congress. We are trying to avoid getting 
sort of a decade behind on artificial intelligence. It is, in a 
sense, what I think we have on 5G. So this hearing is really 
timely and really important.
    Commissioner, I was just listening to some of your 
responses, and by the way, I totally agree with you on the 
maps. It concerns me because, in rural Ohio, we have some areas 
that under the FCC map are said to have broadband capability, 
and they do not, certainly not for the school children but also 
not for a lot of our small businesses that are eager to be able 
to expand in some of our rural areas, but are being told it is 
going to be a long time and a big expense to get the ability to 
have fast Internet. So they tend to go to the urban areas; 
therefore, Columbus is expanding substantially but not 
southeast Ohio.
    On the issue of Chinese technology being at the center of 
the 5G future, I think we cannot concede that. We have to 
figure out how to deal with that.
    There are some non-Chinese 5G hardware providers, I am 
told, but there is no provider of that hardware in the United 
States; is that correct?
    Ms. Rosenworcel. That is correct.
    Senator Portman. What policies do you believe we should 
adopt to promote the reshoring of this production, and do you 
believe the United States can rely on some of these non-Chinese 
suppliers as an alternative?
    Ms. Rosenworcel. Thank you for the question.
    First, I am confident that we are going to figure a way to 
make sure that the United States succeeds, but here is some 
important data points. At the turn of the millennium, there 
were 13 big network equipment providers around the world. By 
the time the 4G revolution started, there were seven. Now we 
have three or four, and I think we have to be honest about the 
fact that we are allowing consolidation to take place among our 
largest wireless providers. And by doing that, we are reducing 
the number of providers that equipment manufacturers can sell 
to. It gets harder and harder to get into the business under 
those circumstances. That is a problem.
    I think our way out is to instead focus on where we are 
best, which involves software, and so what we need to do now is 
what you have heard from some of my colleagues--and it is in my 
testimony--is we have to look at the Radio Access Network and 
identify how we can introduce virtualization there. That would 
mean using off-the-shelf hardware, but its intelligence would 
come from United States sources and software. I think that is 
where we need to focus our energies, and I would like to see 
the FCC develop some testbeds and policies to encourage that to 
happen.
    Senator Portman. Can that be done with the current 
consolidation, or are you saying that these supply chains are 
necessarily limited because of the fewer buyers, customers?
    Ms. Rosenworcel. I think we have harmed ourselves with the 
current state of consolidation. It is hard to ask new entrants 
to get into a marketplace where there are a very small number 
of potential purchasers.
    But under these circumstances, I think what we have to do 
now is go to what we do best, and that is software.
    Senator Portman. Focus on software. OK.
    Let me touch quickly on standards. This is a topic that may 
or may not have come up here today. Probably not because it may 
seem a little esoteric, but I have raised this issue at the 
Belt and Road hearings we have had at the Senate Foreign 
Relations Committee as well because I think it relates directly 
to what is really happening out there on the international 
front.
    China has increased their membership in these international 
standard-setting bodies substantially and take it very 
seriously. We do not. It does not mean that China is going to 
hijack all these international standard-setting bodies, but it 
does mean that our interests are not going to be well 
represented unless we begin to put more emphasis on it.
    So I do not know. Maybe, Secretary Strayer, since you use 
to work for this Committee and also the Senate Foreign 
Relations Committee, we will focus on you on this one.
    In general, what do you believe the government can do to 
incentivize increased participation in the international 
standard-setting bodies, and specifically, do you believe that 
by making it easier to grant visas for foreign individuals to 
come to this country that we could have more of these standards 
conferences in the United States? Because we do not typically 
have them here anymore. And can we incentivize more of these 
conferences to be happening here and get more U.S. involvement?
    Mr. Strayer. Yes. Thanks for that, roughly, two-part 
question, and I just want to break up the standards-making 
bodies, between those that are dominated by governments that 
are multilateral, like the International Telecommunication 
Union, the big 5G conference that they are having to harmonize 
worldwide spectrum policies, occurring right now in Sharm el-
Sheikh, Egypt. We have more than 120 U.S. Government officials 
and private-sector delegates representing us there.
    So we are taking a pretty aggressive posture in all of 
these standards-making bodies, and I think I can let my 
colleagues talk a little bit about what they do, what the 
Commerce Department and others, how they are involved 
internationally in these standards-making bodies. But we are 
vigilant about what is going on there.
    We have noticed that the Chinese have come in, in larger 
forces there. We think there has been a pretty successful 
distribution of patents coming to U.S. companies and to western 
companies generally. We work closely with our partners to 
ensure that we are having the right policy outcomes in all of 
those conferences.
    I think it is also important that we think about how we can 
encourage the private sector to participate fully in standards 
bodies. Companies partake in standards bodies because they see 
a value in them. Some companies just run to market with the 
latest technology. So there has to be a reason that they are 
participating in the standards body itself because that takes a 
lot of resources from their own internal research and 
development efforts to actually participate in these standards 
bodies, which can take years to bear fruit. So I think we can 
think about policies on that front.
    Senator Portman. How about the conferences? My question was 
in part about these visas and the fact that we are not having 
the conferences here in this country and that puts us at a 
disadvantage.
    Mr. Strayer. So we are looking at hosting a broadband 
conference next year, and so I think we are analyzing that.
    One of the issues is that we have National Security Reviews 
for people coming to our conferences, and the world wants to 
participate in our conferences, including some countries. We 
have very substantial concerns about the activities of their 
governments and some of the officials in their governments.
    Senator Portman. So when was the last time we had a 
conference in the United States?
    Mr. Strayer. I know we had an IT conference about 20 years 
ago.
    Senator Portman. About 20 years ago?
    Mr. Strayer. And that is just one narrow sliver.
    But we host all kinds of meetings all the time here on a 
smaller delegation level. All of Western Hemisphere comes here 
to Washington for the pre-meetings for the larger global----
    Senator Portman. Do you think it would be helpful to have 
some of the global conferences here on standard setting?
    Mr. Strayer. Yes. But I am not sure that it is impeded by 
the visa issue.
    Senator Portman. Is it impeded by the visa issues?
    Mr. Strayer. I do not know that it is. You are telling me 
this. I mean, we can look at that.
    Senator Portman. We are told that it is, and also, with 
regard to standards-setting on the private-sector side, we have 
an issue of American participation that we have to address. So 
I hope you will be doing that in your role.
    Thank you, Mr. Chairman.
    Chairman Johnson. Thank you, Senator Portman.
    I want to go back to mid-band and just ask a question. Are 
there bureaucratic road blocks preventing that, or are we just 
moving too slow on it?
    Ms. Rosenworcel. Thank you, Senator.
    I think we are moving too slow. There are 16 other 
countries that have already brought mid-band spectrum to 
market. They are developing scale that we do not yet have.
    I think that, frankly, the Administration made the easy 
choice, which was to focus on fairly unoccupied high-band 
airwaves first and push them to market through auction, but I 
think that is a strategic mistake.
    Chairman Johnson. The reason I am asking, a couple months 
ago in a Commerce Committee hearing, we were sensing a 
roadblock. I had met with Chairman Pai on 24 gigahertz. I kind 
of raised the issue that the roadblock was no longer there, 
which is good.
    So I am just wondering. Are there other roadblocks that 
people maybe are not willing to testify to at the table today? 
I would encourage you to let me know so we can write letters or 
whatever to get rid of those.
    Ms. Rosenworcel. Our airwaves are a finite resource. We are 
not making more, and every one of us is using our device more 
often. We are using them all the time. We are demanding more 
from our airwaves. We are connecting more things.
    So the challenge comes in how you manage the incumbents 
that are in those airwaves today--they are often Federal actors 
that NTIA oversees--and how you incentivize them to relocate 
and refine their operation so we can move commercial operations 
into the same hands.
    Chairman Johnson. So, again, it is a difficult challenge. I 
just want to make sure there are not equities or bureaucratic 
roadblocks preventing us to overcome those challenges and get 
moving on this because it is a top priority.
    Ms. Rosenworcel. Well, I think that part of the problem is 
our process is flawed.
    Right now, the commercial actors go, and they tell us to 
start knocking on the doors of Federal actors that have access 
to spectrum. And then we go back and forth and back and forth, 
and it takes years.
    What we should do, instead, is we should build a structural 
incentive into their budgets for them to be efficient with the 
airwaves they have, so that when they relinquish them, they see 
gain and not just loss from reallocation.
    Chairman Johnson. OK. So it is a difficult problem.
    Does anybody else want to weigh in on this?
    Ms. Rinaldo. I am happy to outline some of the work that 
NTIA has done over the past years on reallocating additional 
spectrum.
    Back in August of this year, I sent a letter to all of our 
spectrum Federal partners asking them to assess their current 
needs and what could possibly be made available. We delivered a 
repurposing report that documented all the work that we have 
done.
    And NTIA has also worked with the Department of Defense on 
dynamic spectrum sharing.
    Chairman Johnson. No offense. I do not care to hear what 
you did. I am trying to go what is preventing you from moving 
faster. Again, I am trying to figure out what is preventing us 
from moving faster when this is such a top priority.
    Mr. Strayer. I just want to point out one thing that is a 
major impediment; that is, as you may be aware, the Sprint/T-
Mobile merger will expand the better use of their massive 
amount of mid-band spectrum. That has been approved by the 
Federal Government, but it has not been approved by the lawsuit 
brought by the States' Attorneys General (AG). So that has been 
slowing that process down.
    Chairman Johnson. So lawyers are----
    Mr. Strayer. Yes. I would just say if you look at mid-band 
spectrum there, that is going to cover--with mid-band, 
specifically by mid-band, they will cover three-quarters of the 
U.S. population in 3 years pursuant to enforceable terms of 
that merger. So I think it is important to that----
    Chairman Johnson. I do not want to dwell on this, but I am 
going to encourage after this to meet with me, meet with staff. 
If there are roadblocks, I want to know about them so that we 
can utilize our oversight capacity to try and knock those 
things down because, again, this is a top priority.
    Senator Romney was making quite a few comments about how 
far behind we are. I thought it was interesting in the brief, a 
report by the Cellular Telecommunications Industry Association, 
basically, in 2018 said that when looking at spectrum 
availability, licensing, and deployment of 5G, industry 
analysts concluded that China ranks highest in overall scoring 
for 5G readiness with South Korea and the United States and 
Japan not far behind.
    In their April 2019 report, they said that the United 
States has made progress and pulled even with China.
    So, again, I do not want to overstate if we are lagging. We 
should be ahead, but is that an accurate assessment? I mean, 
should we be feeling a little bit better here, or is it as dire 
as basically Senator Romney was pointing out?
    Mr. Krebs, you are moving there. So do you want to answer 
that?
    Mr. Krebs. I want to go back to a number of the points that 
the panel has made, starting with Commissioner Rosenworcel on--
and that I made about this is a blip. This is just a temporal 
anomaly, almost. If we can unlock the Open Radio Access Network 
piece, the vender base in the United States, the innovation 
base is going to explode. Again, this is going to be a 
conversation we are going to think fondly back on.
    Chairman Johnson. So you said if we can unlock, so what do 
we need to do to unlock that? What is the roadblock on 
unlocking that?
    Mr. Krebs. I think there are a series of incentives that 
need to be put in place to provide--testbeds, for example, some 
of the work DOD is doing in experimentation on their bases, 
some of the work that I am doing with my agency at Idaho 
National Labs. There is a whole bunch of testing and 
opportunity development, but that is just a small slice of it. 
There are others. Federal Government contracting----
    Chairman Johnson. Does that have to be funded by the 
government? Is there no private-sector incentive?
    Mr. Krebs. Some of it should be funded by the Federal 
Government, but again, the private sector is going to surge 
into the market if we can make it compelling. I think the 
standards piece--achieving true interoperability globally is 
going to be critical, not just interoperability in the sense 
that a Huawei technical stack works together, but it is that 
you can start putting bits and pieces of different vendors 
together. That is true in interoperability.
    You already think about cloud globally--Microsoft, Amazon, 
Google, all these cloud service providers. We dominate the 
hyperscale cloud market in the world.
    OK. What we are talking about here with virtualized 
networks and O-RAN is cloud. That is all it is. It is dumb 
metal with software riding on top. We own that space. OK. Let 
us make it a compelling economic incentive for us to get in 
there from an O-RAN perspective.
    Chairman Johnson. OK. So what I am asking, not at this 
setting, is break this down so it is understandable if there 
are things that Congress can do, that this Committee can do, 
either targeted oversight letters to break down barriers or a 
piece of legislation that will incentivize the private sector 
or provide funding to an agency to do this through government. 
I mean, we need to know that.
    Ms. Rosenworcel. I got an idea.
    Chairman Johnson. OK, good.
    Ms. Rosenworcel. By the way, I agree completely with 
everything that Chris just said at the end of the table.
    I think the FCC set up something called ``innovation 
zones'' during the last several months in New York City and 
Salt Lake City, where it will be issuing experimental licenses 
for 5G. We should see how we can use those zones to start 
creating testbeds for more activity with Open Radio Access 
Networks and we should comb through our rules to see how we can 
incentivize that and make it happen, and certainly, with this 
Committee's help, I hope my colleagues would agree.
    Chairman Johnson. Again, this is prodding coming from 
somebody who is not a real fan of government, OK? Really does 
believe in the private sector as being innovators, but again, 
we are in a competition with a command and control economy that 
is subsidizing and making it very difficult to compete. It is 
breaking down the marketplace. So we have to recognize that 
reality, but again, we need to understand what we need to do in 
a very complex environment.
    So, again, there is going to be a lot more work. You are 
going to have a homework assignment after this hearing. That is 
one of the benefits of coming before this Committee.
    Do you have some more questions?
    Senator Peters. Thank you, Mr. Chair.
    Commissioner Rosenworcel, I just want to say I appreciate 
your passion on expanding broadband access everywhere. We have 
heard that today and in meetings prior to this as well.
    I have certainly seen firsthand in my State of Michigan 
that access to broadband is as critical as clean water and 
electricity. We have to look at it that way to make sure 
everybody in this country, no matter who they are, no matter 
where they live, have access to that. Remember that a lot of 
rural areas do not have 4G now. So, to be talking about 5G, 
they are really very far behind. So I appreciate your comments 
on the mid-band as well as the mapping, and we have to continue 
to work in that area.
    But my question to you is the FCC proposal would also bar 
communication companies from using support they receive from 
the universal service fund to purchase equipment or services 
from companies that pose a security threat.
    So my question to you, Why is this proposal only focused on 
service providers using Universal Service Fund (USF) funds when 
the FCC has jurisdiction over the entire wireless industry?
    Ms. Rosenworcel. This is a good question.
    It is my understanding that based on the Executive Order, 
the Department of Commerce has an obligation to look at this 
issue more broadly across the economy, and so the FCC has 
focused on its distribution of $4.5 billion a year for rural 
America and making sure that those funds do not go toward 
insecure equipment.
    But I believe that under the Executive Order, the broader 
choices in the economy fall to the Department of Commerce, and 
they were supposed to have rules, I think, by this month.
    Senator Peters. Anybody else care to comment?
    Ms. Rinaldo. Yes. On May 15th of this year, the President 
issued an Executive Order giving the Secretary of Commerce 
emergency authority to make determinations against transactions 
into our ecosystem through information communications 
technology and services. It gave him immediate authority. He 
could act today, if necessary, but we are currently working 
through the regulations, which lays out the process.
    Senator Peters. So there could be other funds that are 
being used besides just USF?
    Ms. Rinaldo. So there are no funds. This is just a 
procedural determination.
    Senator Peters. OK. So right now, just USF funds, though. 
If this is a national security threat, why would there not be 
other sources?
    Ms. Rosenworcel. I am familiar with what the FCC is doing 
with the universal service funds----
    Senator Peters. Right.
    Ms. Rosenworcel [continuing]. And I believe the broader 
obligations in the economy would fall to the Department of 
Commerce.
    Senator Peters. Are there proposals to prevent companies 
from using their own funding, non-Federal dollars, from 
purchasing Huawei and ZTE so they could be getting Federal 
funds, but as a result of that, now they can use their private 
funds?
    Ms. Rosenworcel. Again, I believe that that would fall to 
the Department of Commerce.
    Senator Peters. Any thoughts on that area?
    Ms. Rinaldo. Yes. Again, we are currently moving through 
the drafting of the regulations, laying out the process.
    Senator Peters. OK. Just one final thought. We know--and I 
think there is some discussion as to whether we are behind or 
we are in a blip or wherever we are related to 5G, but we know 
we were the leader in 4G. And we were well ahead of everybody 
else. Now we are in a situation where we are debating whether 
we are behind or we are in a blip.
    We want to make sure the United States is a leader in 
verging technologies on a regular basis, and we are at the 
verge of a massive explosion of emerging technologies that are 
coming on the market.
    Going forward, is there something we should be thinking 
about, what we have learned from how we were leader in 4G, went 
to 5G, still trying to figure out how we get back ahead? Are 
there some lessons learned for emerging technologies generally 
that we should be thinking about right now as we approach this?
    Mr. Strayer. Senator, exactly. That is the bigger-picture 
issue that a lot of us are wrestling with now. You might know 
that we actually have an Executive Order on artificial 
intelligence----
    Senator Peters. Right.
    Mr. Strayer [continuing]. Basically the Artificial 
Intelligence Strategy, and that is composed of a couple 
elements. One is looking at how we advance R&D in the domestic 
markets as well as we buildup a workforce that is going to be 
in that area, at the same time protecting our critical 
technologies from other countries, such as China, from 
acquiring those and using them for their military through their 
process of military civil fusion.
    So we need strategies on each of these, and we are 
developing--we have strategies on 5G and now a strategy on AI, 
and I think that is how we have to address all of these. And we 
have to do it with our partners around the world that share the 
same values that we do because these are inherently discussions 
about how we are going to see data used by governments and by 
the private sector over a much longer term.
    Senator Peters. Well, I appreciate you bringing up AI. If 
you look at the investments that the Chinese are marking in 5G, 
those are probably dwarfed compared to what they are doing in 
AI. I understand that is one of the most transformative 
technologies coming forward. Mr. Krebs.
    Mr. Krebs. It is not just about our investments and where 
we are putting our areas of focus, but it is also about 
ensuring a level playing field globally, thinking about how do 
we keep technologies that have been derived from theft or other 
nefarious means, how do we keep them out of the marketplace.
    CrowdStrike, a couple weeks ago, released a report about a 
Chinese airliner that was cobbled together from 20-some-odd 
stolen technologies from a number of different countries. Is it 
fair? Is it equitable for that airframe to be in the global 
marketplace? These are the sorts of conversations that I think 
we need to tease out further.
    Senator Peters. Right. Yes.
    Ms. Rinaldo. I would also like to mention our work with the 
American Broadband Initiative. NTIA has been co-leading along 
with the Department of Agriculture (USDA) a plan on how we cut 
red tape on moving forward on the deployment. You mentioned 
rural areas. Currently, the Federal Government owns 30 percent 
of land in the United States. So how can we site? How can we 
build out fiber on Federal lands? As you know, fiber will 
underpin 5G. So these are some of the important issues that 
will help promote the deployment of 5G as well as help rural 
areas.
    Senator Peters. Commissioner.
    Ms. Rosenworcel. Three things. First, we have an eight-page 
Executive Order on artificial intelligence. We need a national 
plan and a national strategy. Other countries have them with 
clear goals. We do not. We have to fix that.
    Next, we need a smarter national spectrum strategy. A 
national strategy was due in April of this year. We still do 
not have one, and at the FCC, I think we are auctioning the 
wrong spectrum right now.
    Then, third and finally, if Congress sees fit to ever pass 
an infrastructure bill, I think it would be important to 
incentivize municipalities to help with the streamlining of 
siting of terrestrial facilities required for next-generation 
wireless networks.
    Senator Peters. Great. Thank you. Thanks to all of you.
    Chairman Johnson. Senator Hassan.
    Senator Hassan. Well, thank you, and thanks for allowing a 
second round of questions.
    Thank you all for sticking with the hearing this morning. 
It has been a really helpful one.
    I do want to note that this Committee passed a bill that 
Senator Warner and I had introduced on the Internet of Things 
security. It was a bipartisan vote, and it basically just said 
that if vendors want to sell IoT devices to the Federal 
Government, they have to meet certain cybersecurity standards. 
And it would be a very good way for us influencing the private-
sector cybersecurity on those IoT devices.
    We passed it out of this Committee. It has not been taken 
up for a vote on the Senate floor, and I think it would be a 
great thing for us to be able to do to help our commercial 
sector move forward in this way.
    I wanted to follow up a little bit with you, Mr. Krebs, on 
the issue of ransomware. So thank you for your willingness to 
work with local, county, and State partners on this. Obviously, 
ransomware has been impacting government entities across the 
Country at all levels, including in my State of New Hampshire, 
where recently a county government was hit. Luckily, they had a 
backup plan. They recognized the threat. They shut down their 
systems, but they had to run a jail, a nursing home, and 
dispatch with pen and paper until they could get it back up. 
And everybody needs to, obviously, be prepared for that.
    I understand that CISA has briefed State and local entities 
and has tried to share information with them about the nature 
of these threats, and that is certainly movement in the right 
direction. But I think we have to do more.
    So beyond briefings and advisories, what is your agency 
doing right now to get resources and expertise to those 
entities that have either suffered these attacks or at risk of 
being targeted by ransomware attacks, and what help do you need 
from Congress to succeed in this?
    Mr. Krebs. Yes, ma'am. Thank you.
    Within CISA, we have a cadre of field professionals, 
whether cybersecurity or broader protective security advisors, 
that work day in and day out with State and local officials, 
sharing information, sharing best practices, reviewing response 
plans, reviewing architectures, trying to get them to a 
position where they can better defend their networks.
    With more of those field professionals, I can have more 
reach and more engagement, and we are not talking about a dozen 
here or there. I am talking about a pretty significant uptick 
in folks out in the field. So that is something that we are 
working through right now.
    I also think that we have to get to a point where we accept 
the fact that we are never going to be able to completely 
defend our way out of this. You are never going to patch every 
system. From a financial perspective, some folks just will not 
be able to keep up. They have, in fact, been left behind.
    So what is industry doing to help fill the gap? How are 
companies shifting from a stockholder-centric approach to more 
of a stakeholder-centric approach and providing reasonable 
resources?
    Then last thing, I think we need to be thinking much more 
about what we can do to disrupt these actors. So it is bigger 
than, again, defending, but what is the role of other agencies 
within the Federal Government and the role they can play to 
stop these attacks before they actually happen and put the bad 
guys on the run?
    Senator Hassan. Thank you.
    And then I wanted to come back to you, Commissioner, just 
to talk a little bit more about 5G.
    You have heard it--and all of you have heard it from 
Members of this Committee and I think probably an awful lot of 
Members of Congress. We need to continue to turn to the needs 
of our rural communities when it comes to connectivity.
    As Governor and now as Senator, I drive all around my 
State, and I can tell you where we do not have access to 
broadband to cell service. And I am as frustrated by our 
mapping deficiencies as anybody else.
    We are all aware too, to Senator Peters' point, the 
benefits that 5G can bring. We have to get 5G right for 
Americans who live in rural communities, not just in our 
largest cities. To that end, I have reintroduced the bipartisan 
Advancing Innovation and Reinvigorating Widespread Access to 
Viable Electromagnetic Spectrum Act (AIRWAVES ACT) with Senator 
Gardner, which directs the FCC to auction valuable mid-band 
spectrum, to your point, Commissioner, and then to use some of 
those auction proceeds to fund rural broadband deployment.
    Mid-band spectrum is crucial to developing a 5G 
architecture that works in rural areas, and making mid-band 
spectrum available will let companies innovate and develop new 
technologies that are suitable for rural deployment.
    As the world looks for leadership on 5G standards and 
technologies, the FCC has an important role to play in ensuring 
that America is the preeminent voice on what 5G will look like 
and whom it will serve.
    So, Commissioner, you have talked about this some, but I 
really would just like you to use this time to tell us anything 
you have not said about how the FCC plans to use its existing 
authority to free up mid-band spectrum for 5G use and how new 
technology can be used to drive down the costs of rural 
networks.
    Ms. Rosenworcel. Alright. Thank you for the question.
    Listen, there are a lot of places in this country that have 
no G's----
    Senator Hassan. Right.
    Ms. Rosenworcel [continuing]. And getting to 5G is going to 
be a long way, and the reason they frequently do not have that 
infrastructure is that it is costly to deploy, and there are 
not a lot of people to spread the costs around.
    Senator Hassan. Right.
    Ms. Rosenworcel. So the best way you can lower the cost is 
use the spectrum that propagates further.
    Right now, the FCC has focused all of its early energies on 
high-band airwaves, the 24 gigahertz band, the 28 gigahertz 
band, the 37 gigahertz band, the 39 gigahertz band, the 47 
gigahertz band, that propagate roughly 300 feet. There is no 
math that is ever going to make that effective in rural New 
Hampshire.
    It could be interesting in discrete areas, but it will not 
be ubiquitous service, and it will not help the economy thrive, 
which is what you need.
    So what we have to do now is reprioritize and start 
auctioning off mid-band spectrum. It is where the rest of the 
world is building 5G. We need to do it too. It is the spectrum 
that will get to everyone, everywhere, fastest, and most 
economically.
    Senator Hassan. Thank you very much, and thank you, Mr. 
Chair and Ranking Member Peters.
    Chairman Johnson. Senator Portman.
    Senator Portman. Thanks. Thanks for allowing a second 
round.
    So much here. One thing I am told that has not come up yet 
is looking at EINSTEIN and how it is working. Director Krebs, I 
am going to pose this question to you. EINSTEIN is an effort to 
ensure that our Federal agencies are protected from 
cyberattacks. We have EINSTEIN 1. We have EINSTEIN 2. We have 
EINSTEIN 3.A, I guess, or 3A. My understanding is that this 
current program, while effective in terms of the monitoring of 
the Federal networks, does not scan the cloud or traffic that 
comes in from mobile source. Is that correct?
    Mr. Krebs. So EINSTEIN 3A, in particular, Domain Name 
System (DNS) sink-holing and email filtering is architected to 
traditional on-premise environment with an exchange server and 
things of that nature.
    As we shift to the cloud and more agencies are shifting to 
the cloud, we are going to have to take a different approach.
    We are having a number of conversations, both with the 
major cloud providers and email providers that work with the 
Federal Government on how we can get the transparency outcomes, 
the certain tags that we are looking for in email, in 
particular. The progress we are making is noteworthy.
    But we are accelerating quickly into the cloud, and we are 
going to have to take a different approach.
    There is a recent policy, TIC 3.0 policy, and we are going 
to be sending out an additional security architecture baseline 
behind that in the next month or so, I think.
    But, again, we are working through what some of the 
alternative architectures look like for cloud. I am very much 
interested and vested in this space, less about putting a 
physical device on a network and more about what do a few lines 
of code look like in the Azure marketplace, in the Amazon Web 
Services (AWS) marketplace, to get, again, the information that 
we need to ensure that government clouds are protected.
    And I would add that these are the sorts of capabilities, 
as we build them out and refine them for the Federal 
Government, we should also be thinking about how they scale to 
State and local governments, with the appropriate privacy 
protections in place.
    We have similar capabilities under the Albert program for 
NetFlow and intrusion detection systems. How are these things 
also able to assist State and local capabilities as they also 
move to the cloud?
    Senator Portman. You just raised a whole other issue, which 
is State and local government, which is a huge problem as well. 
But we are glad you are there. You have experience working in 
the private sector on companies that are very active in the 
cloud, and we want to be helpful. So let us know.
    As the Chairman said earlier, if there are any impediments 
to that--because you are right. This is where so much of what 
we should be concerned about in terms of cyberattacks is 
moving, and yet EINSTEIN, for all of its good work 10 years 
ago, is not keeping up with the technological changes. So let 
us know if we can help you to accelerate that.
    On the State and local side, since you mentioned that, 
there is legislation that has been reported out of this 
Committee. We are patting ourselves on the back a lot on this 
Committee today because we have actually reported out some good 
stuff.
    Senator Peters, you were the coauthor of this legislation, 
and it basically says what you just said, which is we need to 
help State and local more. It is called the State and Local 
Cybersecurity Act. It would authorize you guys to work with 
some of these groups, including with the Multi-State 
Information Sharing and Analysis Center, and I know you are 
already doing this. This gives you the clear authorization to 
do it, to be able to help our State and local partners.
    I guess one question I would have for you is, what 
opportunities exist to partner with some of these nonprofits to 
protect against the Chinese threats in the 5G space?
    Mr. Krebs. So that is a conversation we are having. Again, 
I mentioned the Denver event, the Rural Engagement Initiative, 
where we met with a number of rural providers and some of their 
trade associations on how we pull together kind of a best 
practice guide and playbook for how these rural organizations 
might be able to shift into a non-Huawei, non-ZTE environment.
    What we have to do is distill down some of the investments 
that the larger carriers have made, the successes, the best 
practices they have developed, and then we have to push those 
down as far as possible, because you are just simply not going 
to find the ability to invest the way some of the larger 
carriers--so how do we, again, harness that investment, how do 
I distill down my own insights as a cybersecurity agency and 
then put into easy-to-apply playbooks and frameworks for these 
agencies or these carriers to do the things they need to do.
    Senator Portman. Well, again, we want to be helpful in 
that, and we think it is timely.
    One final question to Ms. Rinaldo because you have not 
gotten any questions in a while. [Laughter.]
    We were talking earlier about your work on the expansion of 
broadband into rural areas, and you mentioned working with the 
U.S. Department of Agriculture.
    In the Farm Bill last time, we also had legislation that 
came out of this Committee, at some point, maybe focused more 
on the rural communities, and the focus is to give them the 
ability through a new commission and so on to do more in terms 
of broadband.
    We also have legislation to help the co-ops do more, called 
the Rural Act, because right now under our new tax law, there 
is some confusion as to whether co-ops might lose their tax-
exempt status if they get involved in broadband.
    Can you tell us a little more about what you are doing, 
one, with Department of Agriculture, and has the Farm Bill 
legislation helped, to your knowledge? And, second, with regard 
to co-ops, are you working with rural co-ops at all in 
expansion of broadband?
    Ms. Rinaldo. Sure. So our current work with the American 
Broadband Initiative involves helping coalesce more than 20 
different departments and agencies on what we can do as a 
government to help break down barriers, and as I mentioned, 30 
percent of lands are federally held. So, as to their siting, 
can we build fiber? We are also looking at how money is spent.
    We recently created a tool on our website where you can go 
for a one-stop shop to see where Federal grants--I have not 
worked particularly with co-ops, but I am happy to take that 
back. And I will get you an answer, and I will be happy to sit 
down with your staff and go over more of the work that we are 
doing in that area.
    Senator Portman. Well, if you could, that would be great.
    Ms. Rinaldo. Absolutely.
    Senator Portman. They are a natural partner in this, and 
they have the interest and ability, just as they have had with 
electricity. Now it is broadband. So we would appreciate that.
    Thank you very much, Mr. Chairman.
    Ms. Rinaldo. Thank you.
    Chairman Johnson. Senator Portman, I was at an event 
earlier this morning on 5G, and there was a former mayor that 
was involved in one of these 5G test site cities. He was 
talking about the resistance from the population of putting up 
the antennas.
    Also mentioned, apparently, there are Russian bots that are 
out there putting out false information in terms of the health 
dangers of 5G.
    I just want to ask you. First of all, is that true? Second, 
do we have in any of your agencies, the research to refute 
that, and are you publicizing that?
    Mr. Krebs. So I am generally aware of open-source reporting 
that Russian disinformation campaigns are promulgating the 
concept that 5G is a dangerous technology.
    My agency is focused on raising public awareness of 
disinformation campaigns and misinformation campaigns, how they 
work, and the things that individually you can do as a consumer 
of media, social media, traditional media, or otherwise of 
spotting these sorts of campaigns and not contributing and 
doing their work for them.
    This is going to be the battlefield really of the future. 
It is easy to invest. It is low level of investment, broad 
coverage, and it is really hard to stop.
    So while the intelligence community and the Department of 
Defense are on the operational disruption side, we have to do a 
lot more, I think, in terms of engaging the public on helping 
them understand how these things are happening and kind of how 
the Russians and others, increasingly Iranians, Chinese, are 
trying to hack our brain to get----
    Chairman Johnson. It is really kind of a twofold counter. 
First of all, I just point out the fact that Russia is engaged 
in this type of disinformation, but then we need to provide the 
accurate information. We need to have the research to put the 
public's mind at ease on this. Do we have that research? Are we 
pushing that out, either through the Department of Commerce or 
through the FCC?
    Ms. Rinaldo. I am not familiar with a particular white 
paper on this.
    I know through our broadband work that we are in the 
communities doing seminars, webinars, with local communities to 
counteract any information that might be out there. So I am 
happy to dig a little deeper and see if there is a report 
available.
    Chairman Johnson. Commissioner, do you know of any effort?
    Ms. Rosenworcel. Well, I too have seen news reports like 
the ones you suggest, and the FCC does have an open proceeding 
on some of these issues.
    But I would also say this. In the bigger picture, if we 
want to get the facilities deployed on the ground everywhere in 
this country, we are all going to have to figure out how to 
work with States and localities to do so.
    We have a 10th Amendment in this country. We treasure our 
local control, and we are going to have to figure out how we 
are all rowing in the same direction. And that is going to take 
some work.
    Chairman Johnson. Well, that particular State passed a 
preemption law so that all the communities can do it.
    Ms. Rosenworcel. OK.
    Chairman Johnson. Again, we also have to provide accurate 
information. We need to understand that this disinformation is 
out there, and we need to have a program for that.
    Commissioner, you talked about the FCC's seal of approval 
or whatever. Again, with the Internet of Things, you are going 
to have an explosion of devices. Do you have the capacity and 
capability of providing that type of approval for all these 
devices? Is there something in place, or can you envision 
something in place to do that?
    Ms. Rosenworcel. That is a good question. It is so radical, 
the increase we are going to see in connected devices. By the 
end of the decade, we could have 20 billion things that are 
connected worldwide.
    For the FCC, this is a challenge because we are going to 
have so much more that is connected, but one thing I would 
point out is that we do have a process in place where the 
agency itself is not the only one certifying that these devices 
are safe and effective. We often do that through third-party 
certification bodies.
    So what we are going to have to do, though, is identify new 
ways to streamline this work, but I think we should also look 
at that process and see how we can build security into it from 
the get-go, so our authorization is not strictly about 
interference but also is about security.
    Chairman Johnson. So my suggestion would be the government 
help write standards through NIST or whatever and then using 
underwriter laboratories or those types of private sector----
    Ms. Rosenworcel. Yes. And that is historically how we have 
done a lot of these authorizations. If there is a totally new 
use of spectrum, the FCC will take a look at it, if there are 
new devices with new capabilities.
    But once devices become routine, it typically shifts to a 
certification model done through third parties, and I think 
that that process could serve us, though it will be bigger in 
this environment.
    Chairman Johnson. Director Krebs, you talked earlier about 
the airplane cobbled together with all of the stolen 
technology. One of the questions I have is just patents. Are we 
going to challenge or is there an effort to challenge some of 
these? You say that China holds, what, 34-some percentage, a 
pretty high percentage of the patents around 5G. Are those 
valid patents? To what extent are those patents based on 
previously stolen intellectual technology, and is that one of 
the ways we can potentially combat them in terms of just not 
recognizing some of those patents?
    Mr. Krebs. Extending out of my lane here for CISA, but I 
think this is a reasonable path to do patents that are issued 
in China, do they matter on a global scale.
    Chairman Johnson. Anybody else want to weigh in? Mr. 
Strayer.
    Mr. Strayer. Yes, Senator. All patents are going to have 
the same impact over the long term of the ecosystem, and I 
think it is a little overstated about the success of China in 
this area. We have a report out today that says that Intel, 
Qualcomm are leading with the patents that will be the most 
valuable for the 5G ecosystem.
    China has definitely played in a lot more teams that are 
fielding. So there will be a consortium of companies that come 
together, and Huawei and others will put their people on that 
team just so they can take credit for that and tick that up in 
their count.
    So I just would recommend a little caution in some of the 
public debate about how you arbitrate where success lies in 
this.
    Our companies seem to be doing just fine overall, but as I 
said before, we need to be vigilant about how we participate 
and how we exercise control over the multilateral institutions 
that set up other frameworks that set the rules for 
participation and the later specifications that are developed 
under those.
    Chairman Johnson. I am all about recognizing reality as it 
actually exists.
    One of the things, we were talking about the buildout, the 
150,000 in antennas already deployed in China. In the end, that 
is really not that big a deal. These are pretty small little 
antennas. They do not cost that much.
    We are trying to build out these individual cities, really 
get the technology down right, know how to do it. The Chinese 
just may have wasted a lot of money putting up 150,000 antennas 
that are not going to really be all that useful. Is that a 
relatively accurate statement?
    That in itself does not scare me. It is a scary number, but 
in actuality----
    Ms. Rosenworcel. Sure. I think it is a useful data point. 
It tells us that they are ahead.
    Chairman Johnson. Oh, yes. They are aggressive.
    Ms. Rosenworcel. It tells us that South Korea is ahead too 
when it comes to deployment, and one thing about technology is 
that deploying early and at scale gives you leadership 
opportunities. So I think we need to be mindful of it.
    Mr. Strayer. Senator, if I could just weigh in on the point 
about us, we are leading on 5G. Using the standard of how many 
towers deploy in the field is not accurate.
    Just 2 months ago, China put in licenses for its operators 
to do 5G. So there is no way they could already be deploying 
5G. They built towers for it, but they just gave out the 
licenses to the companies.
    We have it in more than three dozen cities in the United 
States. We are leading in 5G. South Korea is right there with 
us.
    I am not saying we should not pay attention to competitors 
in the space, but a lot of this falls from the Chinese 
Communist Party and Huawei working so closely together to push 
out millions of dollars of propaganda through all kinds of 
means around the world, and I just want to let out----
    Chairman Johnson. China also leads in terms of producing 
these massive ghost cities.
    Mr. Strayer. Yes. And they----
    Chairman Johnson. Again, their system misallocates capital, 
but, again, they can also be very strategic. And they can 
subsidize and really hurt a free-market competitive system as 
well. Ms. Rinaldo.
    Ms. Rinaldo. I would just echo that it is population 
density. When it comes to patents, it is quality over quantity. 
It is my understanding that we are going to have more than 100 
cities built out by the end of the year. So we are firing on 
all the points that we need to be.
    Chairman Johnson. OK. Magically, my time never even 
started, so I still got 7 minutes.
    Let me close this out, though, by kind of getting back to 
where I started, the problem-solving process, gathering 
information, defining the problem, the opportunity of the 
problem, but then establishing achievable goals.
    So, again, what I wanted to come out of this hearing, the 
goals, what can this Committee do? What can Congress do in 
terms of priorities that we need to set, the goals we have to 
establish as you are continuing down your paths? What can we do 
to help you? Can we kind of get some answers on that?
    Let us start with spectrum. I will go back to the homework 
assignment. If there is any roadblocks that we can help knock 
down, either legislatively or just with oversight letters or 
shine a big old bright light on it, ``OK, guys. Let us get this 
resolved, and let us move forward.'' That is kind of what I 
want out of the close-out statement.
    So why do not I start with Director Krebs. What are those 
top three things, let us say? If you really got five, go ahead, 
but what are the top three things you would like this 
Committee, you would like Congress to do in terms of achieving 
your priorities and your goals?
    Mr. Krebs. At the top of the list right now is make it 
easier for companies to share information on risky vendors that 
they come across and make it similarly easy for me to share 
that information. I do not want to ever have to go through 
another Kaspersky Labs antivirus product situation. We need to 
be able to rapidly get information out.
    Second is make it easier for me to be able to convene 
groups to develop frameworks, to share more broadly.
    Chairman Johnson. Why do you have a difficult time now? 
Just because of antitrust?
    Mr. Krebs. There are some antitrust issues involved here. I 
am restricted to some of the Sector Coordinating Councils (SCC) 
at this point in terms of those trusted convening mechanisms. 
So I think we can take a harder look at the way we pull groups 
together.
    And third and finally, we are working on an administrative 
subpoena proposal right now with your Committee. That is a big 
priority for me. Once we identify vulnerable systems out there, 
whether it is industrial control systems or telecommunication 
systems, we need to be able to get to the people that are 
managing those systems so that we can close down those 
vulnerabilities before a bad guy gets to them.
    Chairman Johnson. I am quite sure that piece of legislation 
is on our markup next week.
    Mr. Krebs. Good to hear.
    Chairman Johnson. Hopeful to get that passed with strong 
bipartisan support----
    Mr. Krebs. Excellent.
    Chairman Johnson [continuing]. And then figure out some way 
to wind it through the congressional process to get that signed 
into law.
    Mr. Krebs. Thanks for your support.
    Chairman Johnson. Ms. Rinaldo.
    Ms. Rinaldo. I would say, first, as you talk to business 
leaders around the country, encourage them to participate in 
standards-setting bodies.
    Second, as you talk to your constituents, tell them about--
alleviate any concerns they might have--about 5G. Talk to them 
about the benefits of it.
    Third, keep doing things like this. Keep having hearings. 
The underlying element of my three points is education. I 
believe education is the unsung hero in this debate.
    Chairman Johnson. OK. Mr. Strayer.
    Mr. Strayer. Thank you for that question.
    One thing that we have been working on at the State 
Department is creating the architecture internally so that we 
can be full competitors with China and Russia and others in 
emerging technologies. So we propose that there be a 
cybersecurity and emerging technologies bureau. That proposal 
has been sitting up here in Congress for the last 5 months 
under review in the Senate Foreign Relations Committee. If you 
could help facilitate----
    Chairman Johnson. Which I do not chair.
    Mr. Strayer. Yes. But you might know some of the other 
Senators there.
    Chairman Johnson. OK.
    Mr. Strayer. We would want to engage in a real dialogue 
about how we can set up an emerging technologies bureau that 
will make us able to fully work with our partners, our key 
like-minded partners on emerging technology issues and 
developing the strategies of the future because we are not 
going to have all the solutions in the United States. So we 
really need to be equipped at the State Department to be able 
to engage in future discussions with our key partners, and part 
of that is resources in that, and part of that is the 
imprimatur that we are a major part of the Department's effort 
in the future of digital technologies.
    The other thing I just want to mention was we really 
appreciate the financing we get through foreign assistance 
money that can help us work with other governments on their 
deployment of trusted technologies in both 5G and future 
connected technologies.
    And, last, I would just say the way that I think you all 
have a united view about the threat and the risk from these 
types of vendors and if you are enabled or in a position to 
share that in CODELs and other places with interlocutors and 
other governments and with legislators around the world, that 
it would be very helpful to us as we do our own messaging 
efforts in that regard.
    Chairman Johnson. Just a quick comment. A year ago, as we 
are visiting all of these delegations, nobody really understood 
Huawei. At least now they have the knowledge of it, and it 
sounds like they are starting to take action on it as well. 
Maybe not fully as much as we want, but we have come quite a 
long ways from complete ignorance of the issue and the problem 
to not only not acknowledgment of it and taking steps to 
alleviate it.
    Mr. Strayer. Completely agree. Thank you.
    Chairman Johnson. Commissioner.
    Ms. Rosenworcel. Thank you.
    First, we need a national spectrum strategy, not just for 
this year or next, for the long haul, and it is going to have 
to have incentives for Federal actors to relinquish airwaves 
for commercial purposes over time. The absence of those 
incentives slows us down.
    Second, we need broadband mapping, and Senator Peters knows 
this. We cannot manage a problem if we do not measure it, and 
we are not measuring broadband in rural America right now. I 
think it is going to have chilling effects for both national 
and economic security.
    Third, anything we can do to help with network 
virtualization and the Open RAN is something we should invest 
in. It is a way to help us manage the supply chain challenges 
going forward.
    Then, fourth, and this is just adjacent, but I think it is 
important--we do not have a national artificial intelligence 
strategy. Other nations do. We need one.
    Chairman Johnson. And what about quantum computing?
    Again, this hearing is so within this Committee's mission 
statement. Our top priority is border security but then 
cybersecurity, protecting critical infrastructure, countering 
violent extremism, which is more and more often done online. 
This is something we will continue to be fully engaged with. We 
want to be engaged.
    So, again, I am just asking all of you to work very 
cooperatively with not only Members, but our staffs, and we 
will keep pushing the ball forward. Any time you need any help 
from this Committee or Congress, please do not hesitate to ask, 
and we will do whatever we can do.
    I got to get the magic words here. Thank you again for your 
time, your testimony. I thought this was an excellent hearing, 
and again, it is just a start.
    The hearing record will remain open for 15 days until 
November 15th at 5 p.m. for the submission of statements and 
questions for the record.
    This hearing is adjourned.
    [Whereupon, at 11:32 a.m., the Committee was adjourned.]

                            A P P E N D I X

                              ----------    
                              
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]