Robert Mayer

USF Funds and Cybersecurity Supply Chain

Following years of simmering national security concerns regarding the presence of Chinese products and services in U.S telecommunications networks, the Federal Communications Commission (FCC) released a draft Notice of Proposed Rulemaking (NPRM) in advance of an April 17, 2018 Commission vote. The explanation for the swift FCC action came in a statement by FCC Chairman Pai who reportedly was recently briefed on the matter by the intelligence community. He noted that “[H]idden back doors to our networks in routers, switches—and virtually any other type of telecommunications equipment—can provide an avenue for hostile governments to inject viruses, launch denial-of-service attacks, steal data, and more.” For these reasons, the Chairman proposes to “prohibit the FCC’s $8.5 billion Universal Service Fund (USF) from being used to purchase equipment or services from any company that poses a national security threat to the integrity of communications networks or their supply chains.”

The NPRM seeks comments on a set of complex questions related to implementing the proposed rule including, among other things, 1) covered companies; 2) types of equipment and services covered; 3) the effective date; and 4) costs and benefits.

Key Implementation Considerations

Covered companies:  While the NPRM references previous reports and legislative initiatives that identify Chinese vendors Huawei and ZTE as threats, it does not limit the scope of companies to these two. The FCC presents a number of options for consideration including having the Commission establish criteria to identify a covered company. Other suggested approaches include reliance on existing or pending legislation that specifies vendor prohibitions established across the Federal Government. The FCC asks whether other federal agencies would inform the Commission when they prohibit a company, and once a specific company is barred, should sunset provisions apply or not.  With respect to identifying the “universe of companies” covered by the proposed rule, the FCC asks whether agencies other than the Commission should maintain such a list.

Types of equipment and services:  When it comes to naming specific equipment and services that would fall under the prohibition on USF funding, the FCC offers a range of potential approaches. A “bright-line” approach would prohibit use of USF funds for “any purchases whatsoever from companies that have been identified as raising national security risks.”  A potentially narrower scope would apply only to equipment or services that relate to the management of networks, data used to support such management, or any system that impacts the confidentiality, availability, or integrity of a network. The FCC inquires whether the Department of Homeland Security or another Federal entity tests equipment for such purposes. USTelecom is not aware of any such program in place today.

Effective date:  The FCC makes it clear that the proposed ban on USF support would be prospective in nature and asks a series of questions regarding the timing of a ban and other considerations including cases where multi-year contracts might be in effect. On timing, for example, the Commission asks the open ended question of when to begin compliance with a rule and whether a phased-in approach for certain USF programs or equipment and services would be appropriate. It also asks whether special considerations should apply to schools, libraries and rural health care facilities and whether smaller USF recipients should have the benefit of a longer transition period before the ban goes into effect.

Cost-benefit considerations:  The costs and benefits will depend greatly on the path forward the Commission elects to follow after evaluating the comments in this proceeding. Clearly, maintaining the health of the nation’s communications networks is a top priority for the Commission and all of us. The Commission asks whether the proposed rules improve the Commission’s ability to safeguard the country’s telecommunications networks from the potential security risks. It also asks whether the FCC would be able to quantify any such benefit or whether there are alternative approaches that would better protect the nation’s communications networks at a lower cost.

Far-Reaching Concerns

This type of action raises significant issues that go well beyond the use of USF funding and its impact on broadband service deployment. For example, such a rule is certain to produce significant uncertainty for many other stakeholders in the global Information, Communications, and Technology (ICT) supply chain, place further strain on trade relations with China, and create additional friction for U.S companies doing business in overseas markets.

USTelecom will be fully engaged in this proceeding to ensure the FCC’s USF program is as effective as possible at supporting rural broadband, and with the multiple governmental agencies that have long been engaged in network security, to ensure our broadband networks are safe and secure.

If you have any questions or concerns regarding this proceeding, please contact Robert Mayer, SVP Cybersecurity.