Congress and FCC strengthen equipment safety and want to limit risky products

2021-11-13 01:34:34 By : Ms. Maggie Yiu

This handout photo provided by the U.S. Secret Service shows a drone that crashed into the White House... [] On Monday, January 26, 2015, at the House of Representatives grounds in Washington. A low-flying small drone crashed on the White House grounds before dawn on Monday, triggering a major emergency response and raising new questions about the safety of the president’s residence. A man later stood up and said that he was responsible and had no intention of flying over the complex. A US official said that the man contacted the Secret Service after reports of the crash spread widely in the media. The man told the agency that he had been flying the drone for entertainment. The man is a Washington resident and is cooperating with investigators. (AP Photo/US Secret Service)

The National Intelligence Agency and other national security agencies described the risks of intrusion by the People’s Republic of China (PRC) through technologies such as Huawei smartphones, Hikvision cameras, and Lenovo laptops. Substantive federal policies promulgated by the National Defense Authorization Act (NDAA) may restrict certain products and companies from purchasing from the federal government, but these products are still widely available to consumers and businesses, and are unknowingly purchased by the state government. The Federal Communications Commission (FCC) wants to close this loophole. Its Congressional authorization and authorization are described in other legislation in the Secure and Trusted Networks Act of 2019, which establishes the FCC's "covered list" and a roadmap for adding entities that pose unacceptable risks to national security.

Today, the US House of Representatives passed the "Safety Equipment Act" with a decisive vote of 420-4. This bipartisan legislation initiated by the Republican whip of the House of Representatives Steve Scalis and Congresswoman Anna Essu (D, CA-18) is now in the hands of Mackey (D-MA) and Rubio (R). -FL) entered the Senate with the support of. It requires the FCC to update its equipment authorization process to end the review and approval of equipment and equipment manufactured by companies deemed to pose an unacceptable risk to our national security.

Earlier this week, U.S. Federal Communications Commission member Brendan Carr called the drone manufacturer Shenzhen DJI Technology Co., Ltd. Huawei" and stated that it should be added to the coverage list. Carl highlighted the large number of reports from national security agencies that describe how DJI drones use surveillance technology to collect large amounts of sensitive and personal data that China can access.  

Unacceptable risks: Expanding the FCC’s coverage list to reflect real-life events. Featured reactions from technology and natsec experts, including New American Security Center Martijn Rasser, Natsec Attorney Jordan Brunner, Georgetown Security and Emerging Technology Center Emily Weinstein, and the Telecommunications Industry Association Colin Andrews. Rasser said that there is a "very persuasive reason" that China's top chip manufacturer YMTC should also join, and has connections with the military. Brunner observed that for consumers, the FCC and NDAA restrictions ensure that taxes do not flow to malicious entities.

The expert group discussed how the covered list entity tried to circumvent the restriction. "Fundamentally, we need to focus on what we can take advantage of-what is the choke point technology," he explained. Rasser pointed out that “the Chinese are very good at creating layoff companies and intermediaries (to circumvent US regulations)”, which creates a “mole game” that consumes American resources.

For example, according to Article 889 of the NDAA, contractors to the U.S. military must ensure that they do not provide products or services that contain restricted items. However, as Sepio described in the video, such rules can be circumvented by changing the labels on restricted products. Sepio provides hardware access control solutions with fingerprint recognition technology and machine learning, allowing organizations to understand their hardware assets, whether they are connected as computer peripherals or network devices. Then, if any of the company’s assets behave abnormally or if the device is identified as a fraudulent device, it will trigger an alert. Application administrators can implement specific hardware usage policies and create fine-grained access control based on roles or device characteristics. 

Given the reluctance of the authorities to discuss this matter, it is difficult to estimate the extent and scale of China's invasion of the United States. However, Congress has authorized some public reports, such as the recent publication of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security on China's infiltration of several pipelines in the United States from 2011 to 2013. Some reports may take 30 years or more to enter the public domain.

Taiwan’s Ministry of Foreign Affairs reported that China’s cyber attacks in 2020 have increased by 40 times compared to 2018. In 2020, 778,000 intrusions were recorded, or 2,100 per day. This shows that the relevant figures in the United States may be very large.