US has a ‘China problem,’ cyber commission says

To shore up security of information and communications technology, the nation must reduce its dependency on suppliers from rival powers, especially China, according to the Cyberspace Solarium Commission.

"[I]n the context of our supply chains for ICT, the United States has a China problem," commission co-chairs Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.) wrote in a commission white paper released Oct. 19.

"The pandemic showed us the dangers of relying on foreign adversaries for critical technologies and products. We need to learn the right lessons and ensure we don't make the same mistakes again," Gallagher said in an Oct. 19 statement on the white paper. "This paper provides the blueprint for a whole-of-nation approach to both shore up vulnerabilities within our information and communications technology supply chains and ensure these networks remain stable and secure."

The commission recommended creating public-private and international partnerships with technology providers to counter China's increasing influence.

"Without an ICT industrial base strategy, America risks falling behind competitively and leaving its citizens at serious risk," the report concluded.

Specifically, the white paper advocated a governmentwide effort to identify risks affecting key technologies including weapons systems, telecommunications gear and general-purpose computing equipment. The paper also urged the U.S to build capacity to support increased manufacturing of key technologies in times of crisis. The shift by several big manufacturers that stepped into making medical respirators in response to the COVID-19 pandemic serves as an example of the importance of reserve manufacturing capacity, it said.

Fortifying risk management efforts with existing suppliers is also critical. Increased intelligence, information sharing and product testing, said the commission, will all help the U.S. deal with a double-edged relationship with China in which that country continues to supply technologies to the U.S. while at the same time presenting a possible threat.

According to the paper, existing efforts could be harnessed to provide a single vision of those threats. Those existing efforts, it said, include the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency's Information and Communications Technology Supply Chain Risk Management Task Force and 5G strategy, the President's National Security Telecommunications Advisory Committee, the Defense Department’s Cybersecurity Maturity Model Certification and 5G strategy, the Department of State's Clean Network program and the National Institute of Standards and Technology's Cyber Supply Chain Risk Management program.

Government agencies, such as the Federal Communications Commission, have a role to play to help stimulate development of U.S. technology manufacturing. The FCC, the paper said, can help with emerging 5G wireless technologies by tying commercial investment in networks to open standards, as well as working with the DOD to open up more spectrum for commercial use.

The Solarium Commission also urged the U.S. to counter China's domination of some technology markets, particularly wireless 5G. It recommended the U.S. government collaborate with its international partners to ensure Chinese companies such as Huawei and ZTE don't get an unfair advantage.

The Chinese government, said the paper, can provide "anticompetive interventions in global markets" for those companies. The U.S. Agency for International Development should work with international partners to develop an assessment to show the risks involved with using Chinese products in infrastructure projects.

This article was first posted to FCW, a sibling site to GCN.