NordVPN Promotion

Home / Blogs

How Decades-Old Decisions Left U.S. Networks Vulnerable to Chinese Cyberintrusion

It seems like there is more disturbing news every day about Chinese infiltration of our telecommunications networks. A recent headline said that nine large ISPs have now been infiltrated.

Tom Wheeler, a previous Chairman of the FCC, recently wrote an article for the Brookings Institute that speculates that the ability of the Chinese to infiltrate our networks stems back to decisions made decades ago that have never been updated for the modern world of sophisticated hacking.

Wheeler points to the 30-year-old Communications Assistance for Law Enforcement Act (CALEA) that created a backdoor into telecommunications networks so that the FBI and others could wiretap suspected terrorist activity. This is not necessarily how Chinese hackers are gaining access to our networks, but having this backdoor is an example of the neglect that has been paid to our networks over the years.

Wheeler describes how he participated in the negotiations between law enforcement and the industry while he was the head of CTIA—the Cellular Telecommunications and Internet Association. At the time, law enforcement was concerned about the rapid evolution of the analog public switched telephone network (PSTN) to digital and wanted to make sure that it had a way to track bad actors regardless of the technology being used.

Over the ensuing decades, the FCC started the process several times of talking about dismantling the old PSTN, but there was never enough enthusiasm or interest among carriers to make it happen. The PSTN is still very much alive and provides an entry point into every telecom company network.

There was also not much emphasis over the years on demanding strong security measures for the newer digital technologies like VoIP. Nobody envisioned a world where foreign governments would devote significant efforts to infiltrate each other’s networks.

Wheeler also pointed to the new Open Radio Access Network (O-RAN) technology being put into place inside cellular networks. O-RAN is a new technical standard that seeks to make it possible for multiple vendors and technologies to provide equipment for the cellular industry instead of the small monopoly of vendors in this space worldwide. O-RAN is based on open-source code that will allow for cheap hardware. Wheeler points out that, while this is great for the worldwide cellular industry, it’s hard to enforce security with open-source software. A recent report from the European Union warns that O-RAN will increase the number of security risks for 5G networks.

Wheeler notes that U.S. carriers and law enforcement seem to have been blindsided by the ability of Chinese hackers to exploit our networks. He says that his FCC started the process of creating cybersecurity standards for telecom networks, but that carriers resisted the cost of tackling the issue. The Ajit Pai FCC went so far as to cancel the effort to create cybersecurity rules.

The Department of Homeland Security established the Cybersecurity and Infrastructure Security Agency (CISA) to tackle the issue, but that agency has no regulatory authority to force carriers to comply with its efforts.

The FCC and other parts of the government are now rushing to try to find a solution for the Chinese hacking, and we can expect new requirements soon from the FCC or elsewhere in the federal government. And maybe we will finally dismantle the TDM-based PSTN.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Doug Dawson, President at CCG Consulting

Dawson has worked in the telecom industry since 1978 and has both a consulting and operational background. He and CCG specialize in helping clients launch new broadband markets, develop new products, and finance new ventures.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

IPv4 Markets

Sponsored byIPv4.Global

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

DNS

Sponsored byDNIB.com

NordVPN Promotion