[Congressional Record Volume 166, Number 4 (Wednesday, January 8, 2020)]
[House]
[Pages H41-H43]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]
EXPRESSING SENSE OF THE HOUSE THAT STAKEHOLDERS IN 5G COMMUNICATIONS
INFRASTRUCTURE SHOULD CAREFULLY CONSIDER AND ADHERE TO ``THE PRAGUE
PROPOSALS''
Mr. MICHAEL F. DOYLE of Pennsylvania. Madam Speaker, I move to
suspend the rules and agree to the resolution (H. Res. 575) expressing
the sense of the House of Representatives that all stakeholders in the
deployment of 5G communications infrastructure should carefully
consider and adhere to the recommendations of ``The Prague Proposals'',
as amended.
The Clerk read the title of the resolution.
The text of the resolution is as follows:
H. Res. 575
Whereas 5G, the next generation (5th generation) in
wireless technology, promises the next evolution of
communications and information technology services,
applications, and capabilities across every sector of
business, government, entertainment, and communications;
Whereas the United States, Europe, China, and others are
racing toward 5G adoption and upgrading existing networks,
which will drive subsequent advances in artificial
intelligence, machine learning, smart homes, smart cities,
robotics, autonomous vehicles, and quantum computers;
Whereas 5G will make possible the automatization of
everyday activities and the use of the full potential of the
Internet of Things;
Whereas these developments, while evolutionary, could
include risks to important public interests, including
privacy, data security, public safety, and national security;
Whereas in a highly connected world, disruption of the
integrity, confidentiality, or availability of communications
or even the disruption of the communications service itself
can seriously hamper everyday life, societal functions, the
economy, and national security;
Whereas the security of 5G networks is crucial for national
security, economic security, and other United States national
interests and global stability;
Whereas operators of communications infrastructure depend
on a complex supply chain of technology from a global market
of suppliers and service providers;
Whereas government security officials and experts from 32
countries came together in Prague in May of 2019 to work out
guidelines for the deployment and security of 5G networks;
Whereas representatives agreed that ``[m]ajor security
risks emanate from the cross-border complexities of an
increasingly global supply chain which provides [information
and communications technology] equipment. These risks should
be considered as part of the risk assessment based on
relevant information and should seek to prevent proliferation
of compromised devices and the use of malicious code and
functions.''; and
Whereas the Prague 5G Security Conference adopted security
recommendations, which have come to be known as ``The Prague
Proposals'': Now, therefore, be it
Resolved,
SECTION 1. SENSE OF THE HOUSE OF REPRESENTATIVES.
The House of Representatives--
(1) urges all stakeholders in the deployment of 5G
communications infrastructure to carefully consider adherence
to the recommendations of ``The Prague Proposals'' (as
described in section 2) as they procure products and services
across their supply chain; and
(2) encourages the President and Federal agencies to
promote global trade and security policies that are
consistent with ``The Prague Proposals'' and urge our allies
to embrace the recommendations of ``The Prague Proposals''
for their 5G infrastructure.
SEC. 2. PRAGUE PROPOSALS.
The text of ``The Prague Proposals'' is as follows:
(1) ``Policy''.--
(A) ``Communication networks and services should be
designed with resilience and security in mind. They should be
built and maintained using international, open, consensus-
based standards and risk-informed cybersecurity best
practices. Clear globally interoperable cyber security
guidance that would support cyber security products and
services in increasing resilience of all stakeholders should
be promoted.''.
(B) ``Every country is free, in accordance with
international law, to set its own national security and law
enforcement requirements, which should respect privacy and
adhere to laws protecting information from improper
collection and misuse.''.
(C) ``Laws and policies governing networks and connectivity
services should be guided by the principles of transparency
and equitability, taking into account the global economy and
interoperable rules, with sufficient oversight and respect
for the rule of law.''.
[[Page H42]]
(D) ``The overall risk of influence on a supplier by a
third country should be taken into account, notably in
relation to its model of governance, the absence of
cooperation agreements on security, or similar arrangements,
such as adequacy decisions, as regards data protection, or
whether this country is a party to multilateral,
international or bilateral agreements on cybersecurity, the
fight against cybercrime, or data protection.''.
(2) ``Technology''.--
(A) ``Stakeholders should regularly conduct vulnerability
assessments and risk mitigation within all components and
network systems, prior to product release and during system
operation, and promote a culture of find/fix/patch to
mitigate identified vulnerabilities and rapidly deploy fixes
or patches.''.
(B) ``Risk assessments of supplier's products should take
into account all relevant factors, including applicable legal
environment and other aspects of supplier's ecosystem, as
these factors may be relevant to stakeholders' efforts to
maintain the highest possible level of cyber security.''.
(C) ``When building up resilience and security, it should
be taken into consideration that malicious cyber activities
do not always require the exploitation of a technical
vulnerability, e.g. in the event of insider attack.''.
(D) ``In order to increase the benefits of global
communication, States should adopt policies to enable
efficient and secure network data flows.''.
(E) ``Stakeholders should take into consideration
technological changes accompanying 5G networks roll out, e.g.
use of edge computing and software defined network/network
function virtualization, and its impact on overall security
of communication channels.''.
(F) ``Customer--whether the government, operator, or
manufacturer--must be able to be informed about the origin
and pedigree of components and software that affect the
security level of the product or service, according to state
of art and relevant commercial and technical practices,
including transparency of maintenance, updates, and
remediation of the products and services.''.
(3) ``Economy''.--
(A) ``A diverse and vibrant communications equipment market
and supply chain are essential for security and economic
resilience.''.
(B) ``Robust investment in research and development
benefits the global economy and technological advancement and
is a way to potentially increase diversity of technological
solutions with positive effects on security of communication
networks.''.
(C) ``Communication networks and network services should be
financed openly and transparently using standard best
practices in procurement, investment, and contracting.''.
(D) ``State-sponsored incentives, subsidies, or financing
of 5G communication networks and service providers should
respect principles of fairness, be commercially reasonable,
conducted openly and transparently, based on open market
competitive principles, while taking into account trade
obligations.''.
(E) ``Effective oversight on key financial and investment
instruments influencing telecommunication network development
is critical.''.
(F) ``Communication networks and network service providers
should have transparent ownership, partnerships, and
corporate governance structures.''.
(4) ``Security, privacy, and resilience''.--
(A) ``All stakeholders including industry should work
together to promote security and resilience of national
critical infrastructure networks, systems, and connected
devices.''.
(B) ``Sharing experience and best practices, including
assistance, as appropriate, with mitigation, investigation,
response, and recovery from network attacks, compromises, or
disruptions should be promoted.''.
(C) ``Security and risk assessments of vendors and network
technologies should take into account rule of law, security
environment, vendor malfeasance, and compliance with open,
interoperable, secure standards, and industry best practices
to promote a vibrant and robust cyber security supply of
products and services to deal with the rising challenges.''.
(D) ``Risk management framework in a manner that respects
data protection principles to ensure privacy of citizens
using network equipment and services should be
implemented.''.
The SPEAKER pro tempore. Pursuant to the rule, the gentleman from
Pennsylvania (Mr. Michael F. Doyle) and the gentleman from Ohio (Mr.
Latta) each will control 20 minutes.
The Chair recognizes the gentleman from Pennsylvania.
General Leave
Mr. MICHAEL F. DOYLE of Pennsylvania. Madam Speaker, I ask unanimous
consent that all Members may have 5 legislative days in which to revise
and extend their remarks and include extraneous material on H. Res.
575.
The SPEAKER pro tempore. Is there objection to the request of the
gentleman from Pennsylvania?
There was no objection.
Mr. MICHAEL F. DOYLE of Pennsylvania. Madam Speaker, I yield myself
such time as I may consume.
Madam Speaker, I rise in support of H. Res. 575. This bipartisan
legislation was introduced by Mr. Flores and Mr. Soto, both of whom are
members of the Communications and Technology Subcommittee, which I
chair.
The bill before us expresses the sense of the House of
Representatives that all stakeholders in the deployment of 5G
communications infrastructure should carefully consider and adhere to
the recommendations adopted at the Prague 5G Security Conference in May
2019 known as the Prague Proposals.
These proposals serve as a cybersecurity framework for the adoption
and deployment of 5G networks and were agreed upon last year in Prague
at a meeting of over 30 Western-allied nations, as well as technical
experts and equipment manufacturers. This framework acknowledges the
risks posed by untrusted 5G network equipment offered by Chinese
telecom providers such as Huawei.
The Prague Proposals form the basis for a coordinated approach to
shared security as we begin to transition to the next generation of
wireless network technologies.
The Communications and Technology Subcommittee has done extensive
work this Congress on security implications of 5G technologies. I thank
Mr. Flores and Mr. Soto for the good work they have done in bringing
this important legislation to the floor. I also thank the Committee on
Foreign Affairs and Chairman Engel for working with the Energy and
Commerce Committee to advance this legislation.
Madam Speaker, this is a good bill. I urge my colleagues to support
it, and I reserve the balance of my time.
House of Representatives,
Committee on Foreign Affairs,
Washington, DC, December 5, 2019.
Hon. Frank Pallone, Jr.,
Chairman, Committee on Energy and Commerce,
House of Representatives, Washington, DC.
Dear Chairman Pallone: In recognition of the desire to
expedite consideration of H. Res. 575, Expressing the sense
of the House of Representatives that all stakeholders in the
deployment of 5G communications infrastructure should
carefully consider and adhere to the recommendations of ``The
Prague Proposals,'' the Committee on Foreign Affairs agrees
to waive formal consideration of the bill as to provisions
that fall within the Rule X jurisdiction of the Committee on
Foreign Affairs.
The Committee on Foreign Affairs takes this action with the
mutual understanding that we do not waive any jurisdiction
over the subject matter contained in this or similar
legislation, and the Committee will be appropriately
consulted and involved as the bill or similar legislation
moves forward so that we may address any issues within our
jurisdiction. I ask you to support the appointment of
Committee on Foreign Affairs conferees during any House-
Senate conference convened on this legislation.
Finally, thank you for agreeing to include a copy of our
exchange of letters in the Congressional Record during floor
consideration of H. Res. 575.
Sincerely,
Eliot L. Engel,
Chairman.
____
House of Representatives,
Committee on Energy and Commerce,
Washington, DC, January 6, 2020.
Hon. Eliot Engel,
Chairman, Committee on Foreign Affairs,
Washington, DC.
Dear Chairman Engel: Thank you for consulting with the
Committee on Energy and Commerce and agreeing to be
discharged from further consideration of H. Res. 575,
Expressing the sense of the House of Representatives that all
stakeholders in the deployment of 5G communications
infrastructure should carefully consider and adhere to the
recommendations of ``The Prague Proposals,'' so that the bill
may proceed expeditiously to the House floor.
I agree that your forgoing further action on this measure
does not in any way diminish or alter the jurisdiction of
your committee or prejudice its jurisdictional prerogatives
on this measure or similar legislation in the future. I agree
that your Committee will be appropriately consulted and
involved as this bill or similar legislation moves forward so
that we may address any remaining issues within your
jurisdiction. I would support your effort to seek appointment
of an appropriate number of conferees from your Committee to
any House-Senate conference on this legislation.
I will place our letters on H. Res. 575 into the
Congressional Record during floor consideration of the bill.
I appreciate your cooperation regarding this legislation and
look forward to continuing to work together as this measure
moves through the legislative process.
Sincerely,
Frank Pallone, Jr.,
Chairman.
[[Page H43]]
Mr. LATTA. Madam Speaker, I yield myself such time as I may consume.
Madam Speaker, I rise today in support of H. Res. 575, a resolution
to encourage all stakeholders involved in the deployment of 5G
communications technology to adhere to the Prague Proposals.
The Prague Proposals resulted from the Prague 5G Security Conference
earlier last year, where representatives from 32 countries met to
discuss concerns about equipment supplied by certain vendors that pose
a threat to national security. With 5G poised to support an array of
critical functions and services over the next decade, it is imperative
that we ensure the equipment used to build these networks is secure.
By encouraging all stakeholders at home and abroad to abide by these
principles, we are sending a strong message that we are taking the
security of our networks seriously.
Madam Speaker, I urge my colleagues to support this resolution, and I
reserve the balance of my time.
Mr. MICHAEL F. DOYLE of Pennsylvania. Madam Speaker, I yield 2
minutes to the gentleman from Florida (Mr. Soto), who is a valuable
member of the Energy and Commerce Committee and who has done extensive
work on this legislation.
Mr. SOTO. Madam Speaker, I thank Chairman Doyle and Ranking Member
Latta, as well as Representative Flores, for all of their work and the
work of the Energy and Commerce Committee.
It is essential that the United States be at the forefront of the
deployment and development of 5G technologies. 5G is the infrastructure
that will allow our country to be the leader in the 21st century
economy.
There is fundamental importance of internet connectivity across the
country for both metropolitan and rural areas, highlighting both cities
and rural areas, and this is a need that telecom technology must be
developed in a practical but secure way. In a district like mine, we
have urban, suburban, and rural, so we look out for all of these
different areas.
The equipment and services in U.S. communications networks provide
critical infrastructure for 5G deployment, making them appealing
targets for foreign adversaries. For these companies in particular,
experts have noted that China has ``the means, opportunity, and motive
to use telecommunications companies for malicious purposes.''
We have seen this problem in Chinese telecom chips made by companies
like Huawei and other supply chain security issues that have been
making news as of late.
We started local efforts in Florida's Ninth Congressional District,
along with the University of Central Florida and others, to produce
components that are tamper-resistant sensors developed at national
foundries, like the BRIDG facility in central Florida. But we must do
more.
For these reasons, I am proud to be the Democratic colead on H. Res.
575. This resolution provides a sense of the House of Representatives
that developers of 5G technologies abide by wireless technology
recommendations made at the Prague 5G Security Conference.
Some of these Prague Proposals include communications networks and
services be designed with resilience and security in mind, and every
country is free, in accordance with international law, to have security
requirements.
The SPEAKER pro tempore. The time of the gentleman has expired.
Mr. MICHAEL F. DOYLE of Pennsylvania. Madam Speaker, I yield the
gentleman from Florida an additional 2 minutes.
Mr. SOTO. Policies governing 5G deployment should be guided by
principles of transparency and equitability. Stakeholders should
conduct regular vulnerability assessments and risk mitigation of
products. And customers must be able to be informed about the origin of
components in software that affect the security level of the products
they use.
Madam Speaker, I thank Chairman Doyle, Mr. Flores, Mr. Latta, and
others for their great work, and I urge everyone to support H. Res.
575.
Mr. LATTA. Madam Speaker, I yield 3 minutes to the gentleman from
Texas (Mr. Flores), and I applaud him on his hard work on this
legislation.
Mr. FLORES. Madam Speaker, I thank GOP leader Latta for yielding me
time to support our bill.
Madam Speaker, I rise in support of our resolution, H. Res. 575,
which I introduced with my colleague Darren Soto from Florida,
expressing strong support for the Prague Proposals, a set of 5G
security recommendations agreed to by officials from the U.S. and 31
other countries during a conference in May 2019.
5G communication networks have the potential to transform the way we
live. Collaboration with our international partners is paramount in the
development of secure network architecture for the interconnected world
of the future.
5G networks will have the capacity to support innovative technologies
such as telemedicine, remote surgery, interconnected devices on the
Internet of Things, and, importantly, bring high-speed broadband to the
far reaches of rural communities to close the digital divide.
But if the underlying network that these services operate on is not
properly secured, bad actors will be able to exploit vulnerabilities to
disrupt critical infrastructure, harming public safety and jeopardizing
national security. It is imperative that we secure our networks on the
front end of deployment to avoid potentially catastrophic consequences
down the road.
Recognizing these risks, the U.S. and those 31 other countries came
together with representatives from the EU and NATO to agree on a set of
commonsense principles necessary to maintain a secure, resilient
network for next-generation communication.
These proposals urge 5G stakeholders across the global supply
technology chain to institute practical, proven solutions to mitigate
risks and to protect against security threats. Among these proposals,
the conference of 32 countries recognized the need for information
sharing and encouraged regular risk assessment tests to mitigate
vulnerabilities, while taking into consideration technological changes
that will address the risks we may encounter in the future.
Our resolution expresses the House of Representatives' support for
these recommendations as an encouragement for stakeholders, government
entities, and our international partners to work together to secure our
5G networks.
Madam Speaker, I thank Mr. Soto for his work, and I urge my
colleagues to support this important resolution.
{time} 1600
Mr. LATTA. Madam Speaker, I am prepared to close.
Madam Speaker, from the comments that we have heard on the floor
today, it is so important that we pass this piece of legislation. It is
a good piece of bipartisan legislation, and I urge its support from
this House.
Madam Speaker, I yield back the balance of my time.
Mr. MICHAEL F. DOYLE of Pennsylvania. Madam Speaker, in closing, I
echo what my good friend, Mr. Latta, says. This is a good bill, and I
urge my colleagues to support it.
Madam Speaker, I yield back the balance of my time.
The SPEAKER pro tempore. The question is on the motion offered by the
gentleman from Pennsylvania (Mr. Michael F. Doyle) that the House
suspend the rules and agree to the resolution, H. Res. 575, as amended.
The question was taken; and (two-thirds being in the affirmative) the
rules were suspended and the resolution, as amended, was agreed to.
The title of the resolution was amended so as to read: ``Resolution
expressing the sense of the House of Representatives that all
stakeholders in the deployment of 5G communications infrastructure
should carefully consider adherence to the recommendations of `The
Prague Proposals'.''.
A motion to reconsider was laid on the table.
____________________