FCC adds Pacific Network, China Unicom equipment and services to national security threat list

The Public Safety and Homeland Security Bureau at the Federal Communications Commission (FCC) added on Tuesday equipment and services from two Chinese telecom firms to its list of communications equipment and services that have been deemed a threat to national security.

The two Chinese vendors are China Unicom (Americas) Operations Limited, and Pacific Network and its wholly-owned subsidiary ComNet (USA) LLC. Earlier, in March, the telecom agency had banned Pacific Networks and ComNet (USA) from providing domestic interstate and international telecommunications services within the U.S. Before that, in January, the FCC issued an order directing China Unicom Americas to discontinue any domestic or international services that it provides pursuant to its section 214 authority within sixty days following the release of the Order.

“Today we take another critical step to protect our communications networks from foreign national security threats,” Jessica Rosenworcel, FCC chairwoman, said in a media statement. “Earlier this year, the FCC revoked China Unicom America’s and PacNet/ComNet’s authorities to provide service in the United States because of the national security risks they posed to communications in the United States. Now, working with our national security partners, we are taking additional action to close the door to these companies by adding them to the FCC’s Covered List. This action demonstrates our whole-of-government effort to protect network security and privacy.”

The FCC move implements recommendations in letters filed by the NTIA (National Telecommunications and Information Administration) on behalf of executive branch interagency bodies. These letters explain how PacNet/ComNet and China Unicom are subject to the exploitation, influence and control of the Chinese government, and the national security risks associated with such exploitation, influence, and control. 

The NTIA, located within the Department of Commerce, is an executive branch agency that is principally responsible by law for advising the U.S. President on telecommunications and information policy issues.

In recent filings, the Department of Justice (DOJ), in coordination with the Department of Defense (DOD), confirms that the executive branch’s views these companies as posing ‘an unacceptable risk to the national security of the United States or the security and safety of United States persons’ under section 2 of the Secure and Trusted Communications Networks Act of 2019—thus requiring the addition of these services to the Covered List. 

The FCC said that the “actions are part of our ongoing effort to protect and strengthen the integrity of our nation’s critical communications network.” 

Last year, U.S. President Joe Biden signed into law a bipartisan, bicameral legislative bill that requires the FCC to adopt rules clarifying that it prevents any authorization application for equipment that poses an unacceptable risk to national security. The Secure Equipment Act also ensures that the federal agency prohibits the authorization of radio-frequency devices that pose a national security risk.

The Secure and Trusted Communications Networks Act requires the Commission to publish and maintain a list of communications equipment and services that pose an unacceptable risk to national security or the security and safety of U.S. persons. The FCC published the initial list, commonly referred to as the covered list, in March 2021, and will continue to update the list as other communications equipment and services meet the criteria under the law. 

In June, the U.S. cybersecurity agencies published a joint Cybersecurity Advisory outlining the ways in which People’s Republic of China (PRC) state-sponsored hackers continue to exploit publicly known vulnerabilities in order to establish a broad network of compromised infrastructure. 

The advisory identified that these PRC state-sponsored hackers frequently utilize open-source tools for reconnaissance and vulnerability scanning, and use the network to exploit various targets worldwide, including public and private sector organizations. The notice details the targeting and compromise of major telecommunications companies and network service providers.

Improving national security and safeguarding telecommunications networks against cyber attacks has been a focus for governments around the world. Last month, the U.K. government announced tough new security rules that broadband and mobile companies will have to follow to better protect U.K. networks from potential cyber attacks that are due to be brought into force by the government.

Earlier in June, the Canadian government introduced a legislative bill that seeks to strengthen Canada’s cybersecurity stance across the financial, telecommunications, energy, and transportation sectors. The move would also introduce a regulatory regime requiring designated operators in the finance, telecommunications, energy, and transportation sectors to protect their critical cyber systems.

Anna Ribeiro

Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.