The Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the United Kingdom’s (UK) National Cyber Security Centre (NCSC) released a joint Technical Alert (TA) about malicious cyber activity carried out by the Russian Government. The U.S. Government refers to malicious cyber activity by the Russian government as GRIZZLY STEPPE.
NCCIC encourages users and administrators to review the GRIZZLY STEPPE – Russian Malicious Cyber Activity page, which links to TA18-106A – Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices, for more information.
Senator Tom Cotton: Our nation’s communications networks benefit us in ways unimaginable at the start of the digital age. But a potential danger lurks: hidden “backdoors” in network equipment. A hostile foreign power could use these backdoors to spy on Americans or attack our critical infrastructure by injecting viruses or launching denial-of-service attacks. These backdoors can be designed into routers, switches, and virtually any other type of telecommunications equipment that, together, make up our networks.
This highlights the importance of our networks’ supply chain—that is, the process by which telecommunications equipment is manufactured, sold, distributed, and installed. Whether the threat involves hacking into our nation’s communications networks or conducting industrial or political espionage at the behest of a foreign government, the integrity of the supply chain has worried U.S. government officials for years.
In 2012, the House Permanent Select Committee on Intelligence released a bipartisan report on the national security threats posed by certain foreign manufacturers. This past year, Congress barred the Department of Defense from buying certain equipment and services from Chinese companies Huawei and ZTE on account of concerns about those companies’ connections to that country’s government. And Congress recently banned all federal agencies from using products or services made by Kaspersky Lab, a company with alleged ties to the Russian government.
We’re committed to protecting our national security, and this proposal is a prudent step to accomplish that goal.
But the supply-chain threat persists. Just this February, FBI Director Christopher Wray testified about “the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks.” These risks include the ability to “maliciously modify or steal information” and “conduct undetected espionage.” As the supply chain for our networks increasingly stretches beyond U.S. borders, this danger has become all too real.
Given the national security risks, we believe it’s time for more concerted federal action. Among other things, that means making sure that our government doesn’t make the problem worse by spending the American people’s money on products and services from any company that poses a national security threat to our communications networks.
The Federal Communications Commission is a good place to start. It regulates America’s communications networks. And it administers the Universal Service Fund, an almost $9 billion-per-year program designed to ensure that all Americans have access to phone and broadband services. The money in the Fund comes from fees paid by the American people on their phone bills. About $4.7 billion annually is spent expanding high-speed Internet access in rural communities; $2.7 billion helps connect schools and libraries to the Internet; $1.3 billion assists in making phone and broadband services more affordable to low-income Americans; and about $300 million supports communications services for rural health-care facilities. These are important programs. But there’s no reason one dime of this funding should go to suppliers that raise national security concerns. There are plenty of other providers we can use to help bridge the digital divide.
That’s why the FCC will vote on April 17 on Chairman Pai’s recent proposal to bar the use of universal service funding to buy equipment or services from any company that poses a national security threat to the integrity of our communications networks or the communications supply chain. If approved, the proposal would also seek public input on how we should identify suspect firms and which types of telecommunications equipment or services should fall within the prohibition. Everyone concerned about this issue will have a chance to weigh in.
Bottom line: We’re committed to protecting our national security, and this proposal is a prudent step to accomplish that goal. The FCC, Congress, and all government agencies must work together to safeguard the integrity of our communications supply chain. We strongly urge the full Commission to approve this proposal and for other agencies to follow the lead.