{"id":13200,"date":"2019-06-28T21:16:01","date_gmt":"2019-06-28T21:16:01","guid":{"rendered":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/?p=13200"},"modified":"2022-10-14T18:28:40","modified_gmt":"2022-10-14T22:28:40","slug":"fcc-thoughts-on-network-security","status":"publish","type":"post","link":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/security\/fcc-thoughts-on-network-security.html","title":{"rendered":"FCC Thoughts on Network Security"},"content":{"rendered":"\n<p>One of our <a href=\"http:\/\/www.tmcnet.com\">TMC <\/a>sister sites <a href=\"http:\/\/next-generation-communications.tmcnet.com\/topics\/nextgen-voice\/articles\/433197-diameter-signaling-calls-added-security.htm\">covered <\/a>the issue of SS7 security back in 2017.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\u201cThe security issues will not fade away with the closure of the legacy networks,\u201d said  Peter Blackie, co-founder and commercial director for Evolved Intelligence. \u201cThe Diameter signaling used in 4G and 5G networks will need improved security to keep the fraudsters at bay \u2013 especially as the technology underpinning Diameter will be more familiar to IT and computer hackers than the telecoms technology used in SS7 signaling.\u201d <\/p><\/blockquote>\n\n\n\n<p>If there is any good news it is that SS7 skills are far less broad than typical hacking tools. There are far fewer people who have had hands-on experience. But nation-states do have this experience which of course is an issue these days.<\/p>\n\n\n\n<p>Just in the last week, we <a href=\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/security\/massive-new-iranian-cyber-threat-to-u-s-companies.html\">warned <\/a>of new cybersecurity threats from Iran and then broke the news of <a href=\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/security\/massive-new-iranian-cyber-threat-to-u-s-companies.html\">IoT attacks bricking devices<\/a>.<\/p>\n\n\n\n<p>FCC Commissioner Geoffrey Starks Recently Spoke at a Network Security Workshop. These are his thoughts:<\/p>\n\n\n\n<p>I\u2019m particularly concerned about the threat posed by\ninsecure equipment.&nbsp; These threats don\u2019t\njust affect individuals or businesses\u2014they go to the fundamental notion of\nprotecting our nation.&nbsp; Network Security\nis National Security, and our interconnected networks are only as secure as\ntheir most vulnerable pieces.<\/p>\n\n\n\n<p>Current efforts by the FCC, with its supply chain\nproceeding, by Congress, with the NDAA prohibiting government procurement of\ntelecommunications equipment from certain Chinese companies, including Huawei\nand ZTE, and by the Administration, with the May Executive Order barring U.S.\ncompanies from buying foreign-made telecommunications equipment considered to\nbe a national security risk, have taken steps toward prohibiting or restricting\ninsecure equipment going forward.&nbsp; And I\napplaud those steps.&nbsp; But those actions\ndo not address a critical problem\u2014this equipment is already in our networks.\nThe threat is real, and it\u2019s already here. <\/p>\n\n\n\n<p>And we need solutions.&nbsp;\nWe cannot treat this issue asymmetrically \u2013focusing strictly on how to\nkeep insecure equipment with a national security risk out of our network going\nforward but failing to address the equipment already in our\ninfrastructure.&nbsp;&nbsp; <\/p>\n\n\n\n<p>This issue is of great importance to me, and it is important\nto bring as much expertise as possible in thinking through these complex\nissues.&nbsp; So, I am excited for today\u2019s\ngathering of stakeholders\u2014including carriers, manufacturers, academics, and\nindustry experts&#8211;all in an effort to start crafting and developing a practical\npath forward.<\/p>\n\n\n\n<p>I\u2019m not the only one thinking hard about these issues.&nbsp; I\u2019d like to recognize and welcome staff\nmembers from both the U.S. House and Senate who are with us this morning. &nbsp;I am glad that members of Congress are engaged\non this issue and look forward to working together with them.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"3030\" height=\"3787\" src=\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-content\/uploads\/2019\/06\/Geoffrey-Starks-1.jpg\" alt=\"\" class=\"wp-image-13202\" srcset=\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-content\/uploads\/2019\/06\/Geoffrey-Starks-1.jpg 3030w, https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-content\/uploads\/2019\/06\/Geoffrey-Starks-1-768x960.jpg 768w\" sizes=\"(max-width: 3030px) 100vw, 3030px\" \/><figcaption>  FCC Commissioner Geoffrey Starks <\/figcaption><\/figure>\n\n\n\n<p>&nbsp; This forum is\nfitting because solving this issue is going to require public-private\npartnership.&nbsp; For example, we are going\nto need private carriers with insecure equipment in their network to come\nforward and raise their hand so that we can work with them to help fix the\nissue.&nbsp; For the carriers present here\ntoday, thank you for your leadership.&nbsp;\nLikewise, this issue is going to require a whole of government approach\nthat deploys our technical and national security expertise, and quite likely a\nfunding package that drives the result we all want \u2013 secure communications\nnetworks.&nbsp; During this workshop, I want us\nto really break down and dig in to what it will take to Find the insecure\nequipment, Fix the problem, and help Fund the process.&nbsp; <\/p>\n\n\n\n<p>We will begin today with a description of the threats of\nhaving insecure equipment, including Huawei equipment, in our networks\npresented by Mr. Jim Lewis and Professor Jonathan Mayer.<\/p>\n\n\n\n<p>These presentations will set the stage for our discussions\nfor the remainder of the morning.&nbsp; Our\nfirst panel will explore the scope of the threats and risks posed by insecure\nequipment currently in our communications networks. We need to know where in\nthe U.S. this equipment is located.&nbsp; We\nalso need to consider what equipment poses a threat.&nbsp; There is an active debate over whether all\nHuawei equipment poses a threat, or whether some of it is safe or could be made\nsafe and these are some of the issues I hope we will explore.<\/p>\n\n\n\n<p>The second panel will focus on how to fix the problem.&nbsp; We need to transition carriers away from\ninsecure equipment as rapidly as possible.&nbsp;\nWhile mitigation of risks may be possible, a \u201crip and replace\u201d approach might\nbe necessary.&nbsp; No matter what, we must\nminimize disruption to consumers. We must consider the options and what will be\nbest for Americans who rely on these networks.&nbsp;&nbsp;&nbsp; <\/p>\n\n\n\n<p>Finally, our third panel will discuss how to fund a\nsolution.&nbsp; We can\u2019t expect carriers to\nreplace insecure equipment alone.&nbsp; This\nis a national problem and it needs a national solution.&nbsp; Many of the carriers who purchased this\nequipment are small and operate in rural areas and may not be able to cover the\ncosts of replacement without financial support. <\/p>\n\n\n\n<p>Recent legislation proposes to allocate $700 million to fund the problem, and another estimate claims the cost could be over a billion dollars, depending on what equipment needs to be replaced, the timing of the replacement and other variables.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.fcc.gov\/document\/commissioner-starks-remarks-network-security-workshop\">Read\nMore.<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>One of our TMC sister sites covered the issue of SS7 security back in 2017. \u201cThe security issues will not fade away with the closure of the legacy networks,\u201d said Peter Blackie, co-founder and commercial director for Evolved Intelligence. \u201cThe Diameter signaling used in 4G and 5G networks will need improved security to keep the<\/p>\n","protected":false},"author":44,"featured_media":12214,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[156],"tags":[2164,1796,249,1534],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/13200"}],"collection":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/comments?post=13200"}],"version-history":[{"count":4,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/13200\/revisions"}],"predecessor-version":[{"id":13207,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/13200\/revisions\/13207"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/media\/12214"}],"wp:attachment":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/media?parent=13200"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/categories?post=13200"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/tags?post=13200"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}