FCC Proposes Ban on Devices Deemed a Threat to National Security
Today, June 17, 2021, the Federal Communications Commission voted to request comments on proposed rules that would protect against national security threats to the communications supply chain through the equipment authorization and competitive bidding programs. https://www.fcc.gov/document/fcc-proposes-ban-devices-deemed-threat-national... The NPRM seeks comment on a proposal to prohibit all future authorizations of communications equipment that has been determined to pose an unacceptable risk to U.S. national security, as identified on the Covered List published by the Public Safety and Homeland Security Bureau. The Commission also seeks comment on whether it should revoke prior authorizations for any equipment on the Covered List and, if so, the procedures it should use to do so. Finally, with regard to the FCC’s competitive bidding rules, the Commission seeks comment on whether to require applicants who wish to participate in FCC auctions to provide additional certifications relating to national security.
On 6/17/21 1:50 PM, Sean Donelan wrote:
The Commission also seeks comment on whether it should revoke prior authorizations for any equipment on the Covered List
This would make any of the "Covered List" equipment illegal to use in the USA. Almost everything needs to have a part 15 certification with the FCC, this would then open up network operators to being fined for every device they still have in operation. https://www.fcc.gov/supplychain/coveredlist -- Bryan Fields 727-409-1194 - Voice http://bryanfields.net
On Thu, Jun 17, 2021 at 10:51 AM Sean Donelan <sean@donelan.com> wrote:
Translation: how should we generalize the Huawei rule so that we don't specifically and illegally pick on the Chinese? The short answer is: you shouldn't. The FCC is poorly equipped to operate in the national security space and I think changing it's footing to adequately operate in that space would likely impair its core mission. Let security agencies decide when an import should be banned and let them ban it independent of the FCC's activity. Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/
On Fri, Jun 18, 2021 at 11:59 AM William Herrin <bill@herrin.us> wrote:
more-over, aren't there lots of other folk making gear (even inside the US!!!) which are made up of components/software/etc which MAY be influenced/etc by foreign actors? This proposal and the previous version of this conversation/regulation seem designed to just be flame-bait in the political space. They can't really have merit because who says John Chambers wasn't paid by the Elboniese Ministry of Magics to insert 'bad things' in all Cisco devices built during his tenure? (clearly I'm making up the 'john could have inserted code', but take that example for any employee at any of the potential vendors or their suppliers) Also, I wonder: "can not use VENDOR in your network..." does that mean: "only in the USA" or "Anywhere"... the pedantic (there just aren't these folk in networking, I am assured) out there could say: "Ok, not in the USA.. so the ring around entry points is all VENDOR.. done!" -chris
----- On Jun 18, 2021, at 10:56 AM, Christopher Morrow <morrowc.lists@gmail.com> wrote: Hi,
Obligatory 37 second explanation: https://www.youtube.com/watch?v=bifOI4MbHVU Thanks, Sabri
On Fri, Jun 18, 2021 at 10:56 AM Christopher Morrow <morrowc.lists@gmail.com> wrote:
Hi Chris, Here's what I'm thinking: I'm thinking it costs less than five cents per unit to add a radio receiver to any mass-produced VLSI or SoC chip whose sole purpose is to blow an internal fuse on receipt of the right cryptographic waveform. Pirate the mandatory voltage in line for a bad but usable antenna. The fuse could do anything. Disable the chip. Switch to the alternate firmware. Anything. I'm thinking the FCC would assign itself the mission of protecting us from such a threat and the authority to do so by speculatively banning electronics which can't prove they don't contain such a circuit. Which is practically impossible. And applies to all electronics. Everything. Or worse, I'm thinking the FCC would assign itself the mission but only enough authority to make itself a nuisance to legitimate vendors while leaving massive holes in the attack surface. This is a bad idea. This is one of the things we have intelligence agencies for: to catch companies and nations who sneak clandestine contaminants into their exports so that we can confront or if need be embargo those imports in a comprehensive way. Contaminated electronics is just the latest twist in a long shadow war where the FCC's amateur interference would not be helpful. I'm also thinking this would make a great plot for a science fiction / spy novel. Any writers out there? Regards, Bill Herrin -- William Herrin bill@herrin.us https://bill.herrin.us/
FCC will vote July 13 to put "finishing touches" on the proposed $1.9-billion program to subsidize removal of Huawei and ZTE gear from U.S. wireless networks. https://www.fcc.gov/news-events/notes/2021/06/21/july-open-meeting-agenda On Thu, 17 Jun 2021, Sean Donelan wrote:
I haven't listened yet, but this seems interesting and relevant: https://pca.st/episode/6c78d419-4414-4b95-8107-057effc20478 "In this edition of the Communicators, Andy Purdy, Chief Security Officer of Huawei Technologies USA, discussed how the Biden Administration's tech policies may present new opportunities for Huawei, including 5G, innovation and connectivity in the United States as U.S.-China relations evolve. He also discussed the bans, past controversies and concerns about Huawei products in the U.S." *Brandon* On Mon, Jun 21, 2021 at 2:41 PM Sean Donelan <sean@donelan.com> wrote:
participants (6)
-
Brandon Svec
-
Bryan Fields
-
Christopher Morrow
-
Sabri Berisha
-
Sean Donelan
-
William Herrin