FCC adds China-linked telecom providers to list of national security threats

The Federal Communications Commission has effectively banned two entities associated with China from providing telecommunications services in the U.S., based on other federal agencies’ national security reviews from almost two years ago. 

“Today we take another critical step to protect our communications networks from foreign national security threats,” FCC Chairwoman Jessica Rosenworcel said in a press release Tuesday. “Earlier this year the FCC revoked China Unicom America’s and PacNet/ComNet’s authorities to provide service in the United States because of the national security risks they posed to communications in the United States. Now, working with our national security partners, we are taking additional action to close the door to these companies by adding them to the FCC’s Covered List.”

Being on the “covered list” means the telecom providers—like Huawei and ZTE before them—will be restricted from accessing the U.S. market going forward. But the FCC’s action is based on letters it received back in November, 2020 from executive branch agencies responsible for reviewing foreign investment in the United States for national security threats. That kind of lag is a problem for addressing threats foreign adversaries pose through vulnerabilities in the internet routing system, the departments of Defense and Justice recently told the FCC.

In a public notice on Tuesday’s action, the FCC cited Sept. 15 communications from the DOJ—in conjunction with DOD—that “confirms” the executive branch agencies’ 2020 determination that  the two providers “pose ‘an unacceptable risk to the national security of the United States or the security and safety of United States persons.’”

The departments of Justice and Defense flagged the current lengthy process, and what they described as an ad-hoc, case-by-case approach as being insufficient for mitigating adversaries’ exploitation of the Border Gateway Protocol, which is used to identify the most efficient routes for delivering network traffic, but can be misdirected to access and exfiltrate sensitive data.

“Although measures exist to remove foreign adversaries from our nation’s networks, those measures can take significant time to implement,” the departments wrote in response to an FCC notice of inquiry for securing internet routing. “The limits of removal as a solution, combined with a constantly evolving national security environment, gives bad actors opportunities to exploit BGP vulnerabilities to disrupt, capture, examine and alter U.S.-person data.”