Dr. Roslyn Layton submitted comments on a proposed federal rule; Executive Order 1391 empowers federal agencies to directly address long-neglected threats from adversarial foreign owners. A previous blog, posted on June 19th, included her background and first of her three points. This blog concludes with points 2 and 3.
Point #2: The FCC must continue to focus on security to address state-sponsored cyber threats
By denying licenses, limiting USF funds, and conducting investigations, the FCC and other federal agencies have taken action in the past year and a half to protect against Huawei Technologies, ZTE, China Mobile, and efforts are underway to review the licenses of China Telecom Americas, China Unicom Americas, Pacific Networks, and ComNet.
On the other hand, the FCC published no plan for preventing malicious vendors and vulnerable devices from being deployed in the 1200 MHz recently made available in the 6 GHz band for unlicensed use, quintupling the spectrum available for technologies like Wi-Fi. This order would seem to give Chinese government owned and affiliated firms free rein to a wide swath of spectrum critical to public safety, communications, rail, electric, gas, water, and wastewater. Consequently, the 6 GHz Order was celebrated by the Wi-Fi Alliance, whose members include many firms owned and affiliated with the Chinese government and listed in the US National Vulnerabilities Database – such as Huawei, ZTE Corporation, Hangzhou Hikvision Digital Technology Co., Ltd., Lenovo, Lexmark, TCL Corporation, Panda Electronics, Skyworth, SVA, TCL, Xiaomi, BOE, Changhong, Haier, Hisense, Konka, and DJI.
It is illogical and inconsistent that there is consequential federal policy to make 5G safe from Huawei and ZTE buts allows the same and similar dangerous Chinese government-owned and affiliated firms to roam free on America’s Wi-Fi networks and to proliferate across its industry associations which lobby federal officials. The FCC has tools to improve Wi-Fi security, and it should use them, which leads to point #3.
Point #3: The Role of FCC’s spectrum policy to security
The FCC’s decision to make 1200 MHz of spectrum available for unlicensed technology is misguided from a security perspective. As I describe in a forthcoming article in AGL Magazine with David Witkowski, 5G networks are inherently safer because of superior architecture. Wi-Fi is ideal for local area networks and enterprise deployments in office buildings. 4G LTE and 5G NR, on the other hand, are suited to wide area networks and infrastructure deployments which require connection management to ensure reliability and predictably for millions of users at once.
Where other users are known, security is less important, and devices can manage their own connections. Users accessing an open, no password required Wi-Fi access point take enormous risks. As Wi-Fi access points grow, it is prudent to adopt rigid security protocols where the network manages the device connection.
While forthcoming Wi-Fi 6 equipment offers better security, it will take time for every Wi-Fi router to be upgraded, leaving Wi-Fi users at risk in the meantime. With 5G, however, users have built-in advanced security, regardless of the device. As such network design has important security implications. Had the FCC focused on making 5G networks available, it could have avoided many of the security vulnerabilities it must now address with unlicensed technologies on 6 GHz.