For decades, the U.S. government’s process for reviewing the cybersecurity risks of Chinese telecommunications companies operating in the U.S. has been so haphazard that it has “endangered our national security,” a bipartisan Senate review released Tuesday found.
The Senate Permanent Subcommittee on Investigations said that the group responsible for these kinds of reviews, made up of national security officials from the Departments of Defense, Homeland Security, and Justice, largely failed to rein in Chinese telecommunications companies because of an “informal” process, insufficient resourcing, and a lack of statutory authority.
Federal Communications Commission commissioners have likened the group’s review to an “inextricable black hole,” the report said.
As a result of minimal oversight from the group, known as “Team Telecom,” Chinese state-owned telecommunications companies have been able to operate with relative impunity, even as concerns have mounted that Chinese state-owned companies could be enabling espionage backed by the Chinese government within the U.S.
“[T]he U.S. federal government — particularly the FCC, Department of Justice, and Department of Homeland Security — historically exercised minimal oversight to safeguard U.S. telecommunications networks against risks posed by Chinese state-owned carriers,” said the committee, chaired by Sens. Rob Portman, R-Ohio, and Tom Carper, D-Del. “This lack of oversight undermined the safety of American communications and endangered our national security.”
In one case, for instance, Team Telecom’s security review of just one state-owned firm, China Mobile USA, took seven years to conduct, the panel said. In another case, after allegations that state-owned China Telecom and its affiliates had hijacked and rerouted data through China, Team Telecom did not investigate for approximately nine years, the panel said.
In other cases, Team Telecom has resorted to inaction; the group never engaged in oversight of Chinese state-owned China Unicom Americas, the panel said, even though it had the chance to do so in 2017.
Even when Team Telecom has had security agreements with Chinese state-affiliated entities, its oversight has been lackluster, the panel found. After entering security agreements with China Telecom Americas and ComNet in 2007 and 2009 respectively, the team only conducted two site visits with each company, the bulk of which have taken place in the last three years.
And only once has Team Telecom recommended the FCC block a foreign telecommunications firm over national security issues, a recommendation which was issued regarding China Mobile USA just last year.
Revamping Team Telecom
The panel’s public criticism comes two months after Team Telecom publicly recommended U.S. regulators revoke a Chinese state-owned telecommunications company’s license to provide service in the U.S. over concerns it would enable Chinese state-backed espionage, or disruption and rerouting of U.S. communications.
The Trump administration has also been working to revamp Team Telecom’s activities in recent months. The White House, for instance, issued an executive order in April formalizing Team Telecom into the “Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector,” composed of the Secretaries of Defense and Homeland Security and chaired by the Attorney General.
The committee, which has a stricter review process than Team Telecom, is responsible for helping the FCC review national security issues of foreign telecommunications companies’ licenses and applications to operate in the U.S.
The FCC, for its part, recently ordered four Chinese telecommunications companies — China Telecom Americas, China Unicom Americas, Pacific Networks, and ComNet — to provide reasons why they should not be banned.
China Telecom has since urged the FCC to not revoke its license, claiming it is “not subject to the exploitation, influence, or control of the Chinese Government,” according to China Telecom’s filing, which CyberScoop obtained. China Unicom responded similarly, and Pacific Networks and ComNet said that “neither Company has been asked by the Chinese government or the Chinese Communist Party to take any action that would ‘jeopardize the national security and law enforcement interests of the United States,'” according to documents obtained by CyberScoop.
An FCC spokesperson declined to comment on the responses.
Even with recent actions taken by the Trump administration, the Senate panel assessed that more needs to be done.
“The new committee’s authorities remain limited, and as a result, our country, our privacy, and our information remain at risk,” the report notes.
Congress should adequately resource the committee to review foreign companies, and should also provide formal legislative authority to the Telecom Committee, the Senate panel says.
The panel also recommends the committee establish written procedures detailing how it will monitor foreign telecommunications companies’ adherence to security agreements. The panel also wants the committee to be able to require periodic review and renewal of security agreements.
An FCC spokesperson told CyberScoop, “we look forward to reviewing the contribution of these Senators and Committee staff to this important national security work.”