Good afternoon, everybody. And everybody who is looking at us virtually and everybody in the security line trying to get in and everybody who will be watching us sometime soon on a cable network. I am jane harman, president and ceo of the Wilson Center. Today we are probing a complicated issue that is bedeviling policymakers all over the world. At least three parts of the china, and the u. S. , the 5g supply chain. Produced, center has at me get my prop, this is spectacular policy brief by melissa. There is moreled, to worry about then while way. I think you get the gist of this. Walk to get this and read it. Meanwhile what captures the attention around 5g is the china has developed superfast networks which will power edge technology. Since Chinese Companies are required to comply with information request from Chinese Intelligence Services, officials are concerned companies who want to incorporate this Chinese Technology will and up compromising their data and data of their users. Beer ways it could compromised and we will talk about. While the mantra that defined the last decade of Technological Developments was moved fast and break things, just a suggestion maybe we should think about slowdown and assess. That is what you will hear today. What is the problem and what are some policy solutions to help solve the problem . Offersson center policymakers and staffers the tools to assess new technologies like 5g and the implications for National Security. Room, weuddites in the have given around 400 staffers in nearly 300 officers a foundation in Technical Skills through our bipartisan cyber and that takemps or labs place each friday. They are part of our science and innovation program, which is led by meg king, who is probably hiding somewhere. Is she here . Shes in the corner. She directs our socalled step program. Where these labs are housed. Come here onhave friday. The others have gone to our Foreign PolicyFellowship Program so they can learn Foreign Policy. Today we are talking about one talked aboutve here. We are delighted to welcome the man with the plan, fcc chairman ajit pai. The last time i saw him was in the hamptons in a warmer part of this year and possibly less hectic than the one we are in now. We participated in a panel and i learned a lot. He is the first fcc chairman to go viral. Thats cool. Often appearing in videos where he embraces internet memes while announcing new policy. That is cool. He joined the fcc in 2012, appointed by president obama and in 2017 he was designated as chairman by trump. Bipartisan. Love it. Doj, u. S. Ked at the senate, and office of general counsel and in the private sector. Today he joins me to discuss a commissionich the will vote on on tuesday. Following our conversation and audience questions, they will be a panel of really smart people who will introduce themselves. One of those has already told you is the author of this , what do we call this . Policy brief. Ok. Down and we are going to have short conversation. Get your questions ready. Thank you. [applause] the first question is a surprise question. The fcc is proposing to rules. What are they . Thank you for the question. I want to express my gratitude to the Wilson Center for hosting this conversation. The center has been the locus of some of the most important discussions in washington. I dont think there is much more important than this. Thank you for your leadership over the years. On thefound consistently assignments you had, you work with a sense of bipartisanship and a focus on the national interest. Very much appreciate that. Chasingike ive been you. We share the distinction of having served as a chief counsel on the constitution and the senate committee. You have gotten to Higher Ground than i have. Who was your chairman . You former house member might have served within the 1990s. This is an important conversation. Question, what is 5g . What does that matter . We have made it to lead in 5g technology. They are going to transform american industry, transportation, health care, agriculture and education, manufacturing and shipping. We have implemented the 5g fast plan for facilitating 5g technology. You can find out more information at fcc. Gov. It involves more spectrum, more Wireless Infrastructure deployed, and promoting more fiber deployment, which is critical. I could go into more detail on any of these components and what the metrics of success have been. With his future comes a challenge. The attack surface in terms of security is greater. 5g will be unlike 4g and 3g in that they will be software defied as opposed by hardware. It could be located anywhere in the world. Because we are talking about billions of connected devices, refrigerators and cars, we need to make sure protocols are thought of upfront. Is weited states position need to think about 5g security now at the early stages as opposed to afterward when retrofitting might be expensive. What is the fcc doing . We will be voting this week on a proposal that is forwardlooking and backward looking. The forward component involves our universal service fund. Overseas. Fund the fcc the money is distributed to Telecom Companies across the broadband inploy rural areas. One of the things we propose to do is prohibit the use of that funding from used by recipients on equipment or services that present a National Security threat. Based on legislation passed last include as a cte ontion huawei and the prohibited list. That is forwardlooking. The backward looking component is there may be problematic equipment in our networks. We are starting to understand where that might be, who is using it, etc. And also kickstarting a conversation about financing the replacement of that equipment to the extent we are talking about rural carriers who have incorporated this equipment and might not have the resources to do that. In consultation with them and others we want to have a sense of where we are right now. It is that set of proposals we will be voting on. What is the prognosis . Will it pass . I hope it will. Theres a time in which the political environment is tribal iced. When it comes to National Security, we speak with a unified voice. Is we will see a strong vote next week. That is what we have seen in terms of letters from congress. We said member saying we support your efforts. Fund asis using a u. S. A leverage to get companies to do something on a forward looking basis and to trade in technologies they may have purchased because there is Huawei Technology in the United States. The rest of the world is out there. How do you see this in a context isa world where huawei available just about everywhere . That is why ive been involved with some of my counterparts going to other countries and representing the views of the United States on these issues. Profilenize the risk applies to any company. We want to understand the framework of any company putting equipment into our network. When i have traveled through the middle east and europe, we want to make sure we have a common understanding of the risk, the strategy and how we can Work Together to share information about how it may be materializing. That is a conversation that is ongoing. Guess everybody agrees about the problem. I would doubt based on what i there are different strategies. And some countries will keep or by Huawei Technology. Some countries are exploring different strategies than the United States. To the extent to degree with the security assessment, we respect your right to make whatever decision you want. We do not believe this is an area where we can hope for the best. 5g is ato make sure forethought and we think carefully about the risk profile of any equipment internetwork. That is worthy. I can imagine another government saying, ok, we are worried about risk profile. Systems,ake sure our softwarebased systems unlike prior systems. Melissas paper helped me understand the difference. No easy point of interception. Did i get this right . Im learning. Even so, what about the answer that says we are worried about this and we are going to find in treason fight in choose in. But there could be intrusion from others. E will just fight that, i offer several responses. A riskbased framework applicable to any supplier. The question is a degree of risk. To the extentt china has a National Intelligence law that compels withompany to comply requests from the Chinese Intelligence Service and prohibits that company from disclosing the fact to a third party, that presents a serious risk. The question is one of the ability of the host government to detect some of these risks in realtime. Not just about a wireless tower that needs to be upgraded. Software that needs millions of lines of code to update it. Any one of those lines could be a vector for malware and viruses. Does any government have the ability to police all of those lines of code . Assume the answer is no. We believe the risk is beyond the scope of most governments ability. That equipment is cheaper. The argument i make on that point, sometimes the only problem with cheap is it cost too much. Not just in terms of our security risk. 50 on its own terms, even cheaper over time when you are in a vendor and that vendor has software that is buggy or there are backdoors, or other kinds of problems, over time you will pay the price for making a decision on the beginning. Country to beany penny wise and pound foolish. I get that. As i understand it, from reading this policy paper, the software is buggy, what a great word. Is that official . Technical term. Buggy. Software bebodys possibly buggy even if it is more expensive . If you look at sources like some of theort, independent researchers who have examined the software, there is a difference. Even if there were parity, what is the risk . Given the National Framework in that the have concerns general willingness of the chinese to exert his leverage that we have seen in this country over things like taiwanese and the flag emojis, we have concerns the Chinese Government would be in this area. What if you succeed. Good luck to you. Then ones adopted and of the Wilson Center genus is forgets to take his burner phone and takes his regular phone. No chinese based technology and it is compromised in china. This is a concern we have. I am given a briefing when i travel by our team about cyber hygiene. We would encourage any citizen traveling to take those precautions and we work with state department and Homeland Security and other agencies to make sure whenever we go abroad we are taking the steps necessary to protect ourselves. Mistakes are made. They always are. The purest of intentions, it could be compromised by the chinese. Or pick another country. We could end up with workarounds, whatever we did not intend. Absolutely. Cyber hygiene are not limited to the fcc. Its important for anybody traveling to be aware of what devices they are using. Surprised, i have seen it all. Just the basic things. As it has evolved, as. Ou know, it evolves we got use to this being an open, positive platform. We need to think about the risk factors. Point, just making the there is no such thing as 100 security. Exactly. This, i cervone the defense policy board. I have been to rethings at the pentagon. Briefings at the pentagon. A chinese have Technology Free situation and everybody observes good cyber hygiene. We are all happy and the rest of the world does not play. They operate on different technology. How does that make us more secure . To the extentblem we are interconnected. Nationaldo not respect boundaries. We need to make sure we protect ourselves. This year we denied the application of china mobile to enter the United States market based on the opinion of the Intelligence Community that the entry would present a risk. We have taken steps to make sure we keep the homeland secure. Talking to our counterparts about the needd to collaborate on these issues. The United States does not exist in a digital vacuum. We need to have trusted vendors and strong allies. As unsophisticated as i am about this, i think about developments in the intel world, such as insisting our analyst look at open Source Intelligence. Stuff that is published and available, not classified. If we are in our little world and homely only have access to some part of this and the rest of the world is out there, how do we maximize the use of open Source Intelligence . I engage in the classified thehings and also information that is out there. Look at the last week about senator schumers letter about ticktock. The other things bubbling up in the news. Many americans are aware of payments in china. We are accustomed to pulling plastic out of our wallets. In china that is the anomaly. We need to know where the chinese are in addition to the spending we have discussed on things like Artificial Intelligence and block chain and quantum computing. Even if it does not impact 5g therity, i dont care where information comes from as long as it is credible. Statet to learn what the of play is. China is a strategic competitor. I agree with that. That does not mean enemy. If we say go away, we dont want your stuff or to deal with you, does that help us . Is that the best approach to achieving our goals . Stay alternative to to say we should understand china better than we do . U. S. , nota and the the other way around. We think understanding china matters. If finding ways to work with china to the extent we can is a good idea, is a policy like the one youre going to vote on in a week in that direction or the other direction . I would defer to the state department on setting the overall policy with respect for china. We think it is a constructive way forward to say we want a. Iskbased framework to engageays looking on issues where we can collaborate and when there is an issue at play. Have a couple more questions. Adopted,our rules are the leverage you have is money. Is it possible for people to say i dont want your money . I will use private sector money to dorow somewhere else what i was intending to do . So your rule wont apply to me and you are using money as a lever. What if people say i dont want to change my equipment . I will find other financing. Concernse not heard along those lines from carriers or groups. To the extent any entity or association has concerns when it comes to financing, we are happy to engage in that conversation. That is part of why we are engaged with congress on finding a Financing Mechanism to see if some of the concerns they have might be addressed. Nuanced knowledge of china could be increased, just a thought. Im glad you are in the position you are because you are smart and have that background. The Wilson Center is also poised to teach the understanding. Instead of demonizing a country , we can urge people to understand better and provide nuanced options. I could not agree more. I have tried to learn as much as i can. Generally speaking its important to learn, not just about china, but generally speaking, the history of the place and what motivates them. I appreciate the diversity of i know there are different shins there. And the last thing was cost. Productsgets huawei are much less offensive. Isnt there something we can do to challenge this for the wto . They do subsidize huawei it seems clear that by doing that they made a determination they should have National Champions to compete on the theynational stage and should be able to block out foreign competition. Whether that is a violation, i would defer to the rules. It is not something we do in the United States. Domestichave a supplier. Its not the kind of thing the United States does. Know, we see it as our role to set the Building Blocks to innovate and we have a handsoff approach. We dont pick particular companies and tell them to go forth and conquer. That is not something we have seen in the marketplace of ideas. I would lament we dont have a domestic supplier. Qualcomm does a little bit of this. Why dont we . A song place strong place in software. For some of the components, the equipment used by huawei, we have an advantage. Its a larger conversation. The number of International Suppliers has dwindled. Boo on us. We should be way ahead on this. It makes me sad. Ok, smart people. Questions. Identify yourself and ask a question. Dont make a speech. Someone in the second row. Right here. No matter what we do, they will be software we cant trust. Using zero trust solutions to protect their data data,ke sure there is wouldnt that be a good solution to make sure we are not using losing our data . That is one thing i am working with our teams on, how to make sure our networks are as secure as possible . Those solutions are some things we have been exploring. There was a question on the left. Who had a question . In the technology, china is high than the United States. China will start development. Do you think you should bill up a similar counterpart . Good question. The u. S. Ect to what strategy is for 5g and how we earlyup with china, the metrics are good in the sense we have freed up a tremendous amount of spectrum. 5g, i do think we are stacking up well if you look at the amount of spectrum we have. The amount of fiber was the largest four homes and businesses. Our eyesward, we have on the future. We are looking at that as well. The primary focus at the moment is on making sure we free up some of the Building Blocks for 5g. One reason why china have the ability to do that is they dont layers ofultiple regulatory review we have. Local orederal, state, indian tribes. 1. I have been making, we need to have a consistent and level set any companyns that can invest around. The other issue is china can f iat what the National Priority is going to be. I think we need to have the same sense of mission about the technologies of the future. That is why our agency became one of the first ever in washington to host Machine Learning, understanding what ai Machine Learning is and how it will affect connected health or driverless cars, and there is more for us to do. Have a Strategic Vision across government and with the private sector to understand what the potential is. We teach ai here. Isnt it premature to talk about 6g . The eu is also talking about 6g. Years or centuries, it wont be centuries, but how many years is a completed 5g network . It will be several years. The lifecycle is going quicker. Im old enough to remember 2g p hones in the 1990s. We are in a much faster cycle. Nonetheless it is the early stages of 5g development. My attention is focused on 5g. Other questions . Thank you. I work at the embassy of finland. Discussion. R your i would like to mention finland was organizing the worlds first last march. N theres already white papers, if you want to read it. I would like to ask about the wrc. How is it going . I would like to hear your view about that. Thank you for the question. Every four years, the International Telecommunications conference ins a which spectrum policy is hashed out. There is one going on right now in egypt. I will say from the United States perspective, i felt like we were advancing the ball on some of the priorities. With respect, we are advocating for the government of 28 db watts as the appropriate level weatherection to pass sensors in the development of the other gigahertz band. We feel the u. S. Position is gaining support and is able to protect not just some of the satellite constellations but others that we him of the other items under i will flag the 6 gigahertz band. Wide 126 megahertz channels if made available to the commercial marketplace will allow american entrepreneurs and innovators to really make wifi pop. Pretty much everyone in this room is familiar with wifi, looking for a wifi channel now. Imagine if we had up to six of these 160 megahertz channels available, untold innovation and investment on ar and vr, industrial iot, applications. One of the things to highlight is the importance of the gigahertz band. We are in the early stages but hopefully, things will go well over the next several weeks. Not surprised to hear finland is leading the pack. Not enough they have a great Winter Olympics team compared to ours that answer was daunting and we will give a test on it. I will be the first person to flunk. Mention gigahertz at a party sometime. More questions in the middle of the room . The microphone is coming. Jordan will cox, rand corporation. Do you feel the threats posed by zte devices have a parallel partner or Companies Based in china and their Data Collection through devices of any time kind in the United States and are you thinking about what could be done to monitor that . It is a good question and i mentioned earlier the letter from senator schumer regarding tictoc. We see members of both houses expressing concern about applications from other countries, face app, a russian company. Concerns about how data generated by American Consumers can be used or misused and although the fcc does not directly exercise jurisdiction over companies, we are monitoring the situation because we understand that from a consumer perspective, one app may not be different than nonetheless the location of where the data is stored, the practices regarding how the information is used, those are things the government does need to take a look at, so we work consistently among others with. The department of homeland securities. Cyber security. , the head of that among others and his team have been working on those issues among others, so as i said, we have a very close consultative relationship with them and others in the space. I think we have time for a couple more questions and then we will move to our other panel. 15 minutes or zero minutes . Five minutes. Ok. Lets see. I am kent hughes. Mid2016, President Trump directed the government to look at the Defense Industrial base, including parts of the economy deck and treated. Much of that is still classified, and they look at several tiers of the supply chain. Are you using that information for the items we have that we ought to protect or to guide federal investment to try to plug the holes are they exist . Where they exist . What i can say publicly is we have taken account of that executive order, along with the may 2019 executive order and we, the fcc, are taking the appropriate steps based on the text of those orders. Is that bleak enough and answer . An answer . We are paying attention. That is not classified. A couple more questions . Where are you, smart people . Robert bailey, who heads what we call the Kissinger Institute on the china and the u. S. Thank you for your discussion. This follows up on things jane has touched on. You said we need a strategic mission. Part of this seems to be involving things like somebodys subsidies to poor communities that couldnt otherwise get. Senator rubio has called for an American Industrial policy. Why is there no american analog to huawei. That at least is not huaweis fault. This seems to be pointing toward an industrial policy or perhaps violations of what is sometimes orthodoxy. Et we have hit a wall at this point where the answer to all the issues you raise seems to go against market orthodoxy and the conversation stops the. Do we face stops there. Do we face such a problem . Certainly the concern about industrial policy is one that members of congress have been debating and there may be other Administration Agencies with equities from our perspective at the fcc. We dont have the resources to come up with some sort of industrial policy along those lines. Letssition is simply have a riskbased framework for understanding the risk posed by any particular supplier and ensure that domestic recipients go with trusted vendors. If that vendor happens to be in finland or sweden or korea, we historically have been in different. Theant to make sure institutions we are funding are trustworthy. Whether or not industrial policy is needed for Market Forces over time well before i got into these position this position, these trends started, that is Something Congress would have to engage with. Innovation has been at the core of our freemarket success in this country, especially california. Happened to American Innovation around 5g . Why are we behind . I think you would agree we are behind. With respect to 5g, i dont think we are behind. We are on track to have 92 commercial deployments in the United States by the end of this year. We are the whole list holding the largest spectral option auction. 3. 5, 3. 7. We are seeing new Companies Enter the space. Althoughce, space, technically not thought of in the context of 5g, america is leading with Companies Like spacex. These are American Companies that are not just launching small satellites that will provide connectivity, they are innovating on the launch site and reasonable rockets, developed in southern california. Industrial congressional district. My point is, you are talking about a lot of other stuff. You talk about the backbone of software, the software of our next generation Communication Systems to the entire world, and we are not the u. S. , i mean there are western countries that are helping lead, but we are not the leader. It surprises me. In terms of equipment and services, there are other suppliers from around the world. One of the things we have emphasized, in our conversations with other countries, we are not looking to advance the pecuniary interests of countries. This is a nonamerican supply chain we are talking about. Also, to close because i think we are out of time . Yes, we are. The innovation in america has come from a hugely diverse workforce. Not everybody in america looks the same, and the immigrant i would say, from my Vantage Point as someone who grew up in california and watches with sorrow the fires and all the other plagues of california at the moment, but the diversity in the workforce for example, the indian diaspora, has been asked ordinary. Without those extraordinary. Without those people, we might not have invented what we have. With this area, we see not has swift with the exception of our fcc chairman, as we should be. On that note, wouldnt you agree trying his hardest to bring top against a government and this is an area that needs attention and hes paying attention, and lets thank him for coming . Thank you very much. [applause] and the test will start in 45 minutes. [laughter] meanwhile, we are having another panel that will show you how much more we need to know about this topic. Please join us here. Our moderator will introduce himself and the panel. All right, great. Thanks. And thanks for sticking around for the second part of this conversation. I am the Senior Business editor at npr. We got a great panel here that knows a lot about this stuff. The director of the Kissinger Institute on china and the u. S. , served as a diplomat in beijing and an interpreter for chinese and american leaders. China been the head of programs at jon hopkins, syracuse, and the university of maryland. He was the producer of chinese plane which persons of sesame street. He is recognized as an expert on u. S. Sino relations. Melissa griffith, her work has been cited before. Deals with the intersection of research and technology and focus on Cyber Security and how small countries can defend themselves in a dangerous digital world. She is a phd candidate at uc berkeley and affiliate researcher at the center for longterm Cyber Security. And the Deputy Assistant director at the National Risk management center. The focus is on publicprivate partnerships to enhance Cyber Security and the resilience of Critical Infrastructure. Does work deals with efforts to manage risks in the Global Supply chain, something talked about earlier, and the security of 5g networks, which has been the primary topic today. Chief ofs formerly staff for congress in john ratcliffe, the chair of the Cyber Security and Infrastructure Protection subcommittee. Ok, good. With that, lets melissa, lets start with you. Can we talk about what the evidence is, what the record is of huaweis behavior . Are there examples of them spying or allowing chinese authorities to spy or their equipment being used to hack. What is the record . Melissa i think there is a bit of a mixed record, an area of hot debate on how malicious huawei has been in 5g. The area not up for debate is it is just really shoddy code. Regardless of whether you are concerned about them being a malicious actor, there are in theirg holes software and firmware, allowing a malicious actor great opportunity to leverage those holes, including the Chinese Government and huawei, but not limited to that. Can we think about security threats to the u. S. , other instances with compromises, those havent been through Chinese Technology that is notable. That has been countries like north korea, iran, china, russia. They have been able to leverage existing holes. It is a mixed record whether or not huawei is building in a vendor installed backdoor, whether they are operating a kill switch that could turn off critical in the structure, but the reality is there code allows for these things because it is pretty shoddy. One thing they came up in the conversation with the chairman and congresswoman was 5g has a broader attack surface, which is kind of a scary idea. It is much more vulnerable in different ways. And you talk about that a little bit and what that raises about, should we be rushing to adopt all this 5g technology with this broad attack surface . Daniel the promise of 5g, as other mentioned, is undeniable. Pick your sector, it will transform it and create opportunities we havent seen before. Trillions of dollars in economic opportunity. We recognize the promise there. Risk, security, and resilience side of the equation, there is a lot to understand and contextualize about the risk. The question early about Software Defined networking versus 4g, were a lot of functions virtualized in 5g havent been, that adds millions of lines of code where we did not have it before and when you look at the use cases of 5g and the way it will matter for telemedicine and Autonomous Vehicles and the like, we are no longer talking about a data integrity or privacy issue, we are talking about Publics Health and safety in how 5g could be manipulated and leveraged. Melissa touched on the reporting of huawei equipment and other telecommunications kit from china. A telling report came out of the u. K. In their huawei Cyber Security center where they have done over a decade of posted claimant testing. It was post deployment testing. For the most 4g part and they said they have only limited assurance of their ability to have Risk Management scheme that gives them confidence and almost no ability for binary equivalents. What they have spent an enormous amount of effort and time and Energy Testing in the center, they are not sure thats what is deployed in the field. Thats just for 4g, before you have a factor of 10 or 100x amount of code. When you go from the current generation, where we are not sure we have any assurance it is not only key product, and we dont know if we are testing what is deployed, then the attack surface of the next generation, orders of magnitude more code that will have monthly firmware updates. Whether or not is an intentional backdoor or unintentional bug door, you package that together and the attack surface from this becomes enormous. There is no one hundred percent perfectly safe, riskfree, vulnerability free product recognizing the reality i layed out, youve got to have trust on the frontend. If that is the reality we are dealing with with millions of lines of code, you really cant enter that new world from a position of copper might trust. Given that, maybe we should slow down and assess 5g if 5g is5g, with all the benefits, also a threat to Public Health potentially because of the vulnerability. It is going to be embedded in our hospitals, transportation system. It will be in our homes, but conductivity. The conductivity. Does it make sense to secure the Network First and then race to develop . Anybody jump in on that. It may make sense to wait, but china certainly isnt waiting. Not all these qualms are here. They are deploying fast. On october 30, just last week, they started full 5g programs in 50 cities. Beijing, shenton, shanghai, relatively cheap. There is a glitch in the system that many people have dont have 5g capable phones yet but they are getting them quickly. The whole cityscape of beijing has been transformed by these massive towers, multiple output antenna arrays are on rooftops all over beijing. November 5, china using these arrays, set a new 5g speed record for single telephone individualhese track phone users. They are ready for you to sign on and they can jump on it even faster rather than a traditional 4g passive network. This is already happening. Even if we have these bad code multiple vulnerabilities, china is going to be learning this as they go in a nation with very early adapters and they will adjust. They are going to be feeling those gaps as they move. There is a question with 5g, how much of this is for innovation . And if not innovation and public welfare, it might make sense to wait for the reason you and congresswoman harman mentioned. Is this about kermit commercial dominance and the balance of power . In which case, first movers get advantage because they are moved learning a lot. What is the right framework . Our own National Security and vulnerabilities . Balance of power . Concern about who is going to have the international champion, and we tend to confuse those different categories. Melissa i would push back a little bit because i think we put a lot of emphasis on a first mover advantage 5g, and this is the argument for speed. If you are the first mover, you get practice, get to market earlier comedy club faster. It makes it harder for other competitors to slot in after you and do the same kind of quality. I dont think that has borne out in telecommunications. A lot of dominators and 4g in 4g were not the first movers. There is a little fallacy. I think we put a lot of weight on first movers. It has not borne out in history. We have good experience that tells us it is a terrible plan to chase a horse once it has left the barn. Lets add security here, maybe i can patch on resiliency there, and the horses gone. We are at a moment to sit to emphasize security as much as speed. First mover does not necessarily lock anyone in in this space historically. Because you cant expect Critical Infrastructure critical not only to the economy but the way militaries fight, to the weight he communicate with each other in the future, you cannot deploy that in an insecure manner. This is the most Critical Infrastructure in the future. It is the definition of single point of failure. You cant put speed ahead of the security track. I hope that remains true, but within china, if the horse leaves the bar, it is a chinese horse and chinese bar. They have a closed system and strong levers of control. They know where the horse is. Theyve got the worlds biggest market with early adapters and the willingness to use these adapters as beginning pages, the test cases without regulations. You make an important point. I hope it holds, but if there is as much at stake if you say there is, we may want to be skeptical about the assumption, even if true up until now. If china is racing ahead, what are they using 5g for . What applications are coming online and what can we learn from the . That . Thehina is proud it has Won International league of legends, edition. Competition. Then we get into the types of innovation you were discussing. It is also important to not just look at 5g as this sequestered standalone issue. Basically at the high level, talking about in a connected world, the stuff that fits ofether, that enables a host activities for individuals, consumers, and the broader critical into structure community. When we look at the deployment of 5g, there is not a day 5g gets flipped on and there are Autonomous Cars everywhere. Between now and 2025, what we anticipate in terms of 5g deployment will go from the current 4g buildout, nonstandalone 5g buildout on top of the existing 4g infrastructure and move down the 2025, where25 you have the true standalone 5g. Whatyou are looking up provides the functionality of that, that is the existing Fiber Network and new fiber we are laying. Satellite plays a role. It is a holistic itc infrastructure we need to think about, as well. We need to think ahead in the coming decades and in a world where that infrastructure will power more than it has before, hold more valuable data than it has before. How will we have a risk informed lens that gives us trust and assurance in the organizations, components, and people that play vital roles in the . Getting back to huawei, im wondering is it practical to purge huawei from the unite equipment from the United States and at what cost . There are a lot of rural. Carriers that installed huawei years ago and this would require them to physically pull out all this gear. They get paid back, but it would be disruptive. Is it solving a problem . It a do this, or is preventive measure, is it solving a problem that currently exists . I think we look at the u. S. , we are largely in good shape. All the major carriers have committed to not putting huawei and other untrusted equipment and Generation Networks and it is a smattering of rural carriers across the country that have huawei in their existing lte. Andwhere between 7 billion , if you talk to the carriers it is more about sequencing. If you think about the u. S. Compared to the rest of the world, the total cost to get huawei out of our systems, we have spent more on other National Security imperatives before. We are in a pretty good spot here in the u. S. , it is not untenable. The question, even if we do this rip and replace, ericsson and nokia transfer most of the routers in the peoples republic of china. If we are concerned about vulnerabilities, they are just as open. My question is, given all those warmer abilities, given the hackability of anybody by anybody, it seems when we look at these costs, talk about the vulnerability from huawei, the question has to be and we have safeguards to put in place. Germany and the u. K. Have said they may let huawei into the lease vulnerable least honorable parts of the system because they are confident they can wall these off technologically. Typologically. It seems the unanswered question is, what is the marginal increase in the ease of hacking and access to the Chinese Government of huawei equipment as opposed to any other equipment . If that largely means hacking isnt that great, were not talking about in or miss vulnerability from huawei, but these systems generally. It seems a key question, or do i have a clue about the answer . Melissa this is one of the reasons why there is more to worry about than just huawei. I think the answer to your question between marginal benefit of trying to brick out huawei in the u. S. And globally, has to deal with what the network would look like without huawei. Part of what i think my push at this moment is to think about three different scenarios we could get in the u. S. And the globe. One is an ideal scenario where we are able to undermine chinese dominance through huawei and zte globally and in Critical Infrastructure like 5g, and we are able to gain leadership in that space. That is the best Case Scenario we are hearing articulated. The second scenario is we get some traction, but we have a mixed vendor model of which huawei will probably be one of them, either in the u. S. Or abroad to some extent. The worstCase Scenario is huawei wins the supposedly race, and is the primary or critical vendor in the u. S. And abroad. In any three of those worlds, there is still one really vital security interest, and that is how do you operate securely on inherently Insecure Networks . Independent of what huawei is doing in the space, what future we find ourselves in, we have to solve that resiliency question of 5g in general. Reliance on software, the ability to check, perimeter monitoring versus pushing outward of the network. This has to deal with concepts increasing the attack space, the vulnerabilities with that. These are what are going to be popping onto this. In any of those worlds, that is the fundamental National Security. That is more a human question raised by the technologies in a china question per se, or is there a china dimension of it . Melissa there is, and i dont want to underplay the ways china amplifies it, but it is not the soul problem. Even if china decided it did not and saidompete on 5g carreon, finland, sweden, the world. In thatwe ended up world, we have a major problem with one of the most Critical Infrastructures in the world for our economies. What worries you the most . Melissa huawei or the underlying . Because a lot of the Security Solutions im hearing articulated, at least in the public space, are very issue tailored to huawei. Im less concerned whether we can solve those and more concerned of whether we are looking at this broader area of Risk Management and thinking about, so maybe we can do encryption. How much bank for a buck does that get us . We can talk about segmentation of networks. How much does that give us . Doing risk analysis rather than the geopolitical concern over here lurking in this corner, there are Real Security implications. At the end of the day, we are left with a deeply insecure network. Id like to ask robert the steps that have been taken to blacklist huawei, isolate huawei the u. S. Undertaken the last couple of years at the same time we have a trade war with china. I wonder if you think there is a connection between the more progressive steps and the trailer and how do we convince the American People these are two separate issues . Robert there is a broad connection and a specific connection. The broad connection is we are engaged in a global competition overchina for influence security architectures, trade investment, very much over the development, marketization of tech that has moved to the foreground and related to that, also to norms of. Practice and underlying value systems. War,uawei, like the trade is a subset of a global rivalry characterized by deep distrust. Every aspect of that rivalry reflects on the other. You cant pull these two things apart. The more specific connection is that the president has twice implied that he might change some of his attitude store attitudes toward huawei if he gets the deal he wants. This is difficult because the claims against huawei are about security. They should have nothing to do with a trade deal. If we are willing to fold huawei in, it sounds cynical about our and also the rule a lot because the Eastern District of new york, when it asked the canadians to arrest the cfo of we were very careful to say this has been done not by the administration, but it has been done by due process of law. When the president subsequently implied he would be willing to let her go for a trade deal, this was even more strongly interpreted as hostagetaking. Geostrategicroad side and the way the president s statements has implied there is a link between how we treat huawei, include the placing of it on the entities list and other issues, and a trade deal more generally. Id like to bring it back to you, daniel. Forward, what other steps do you think the u. S. Government can make to secure the networks forcefully . Melissa the first daniel the first step has been stakeholder engagement. Since my agency is not a regulator and you heard from the chairman who has a regulatory mission, we have an opportunity opportunity to have a seat at the i. T. Sector and communication sector in the u. S. And bring them together. It has been the last 18 months where we have had forums like this every week. The hockey stick of 5g engagement, the surrogate, has increased exponentially in terms of the interest, but there was level setting activity that has not taken place. There is so much activity around admiring the problem, but not understanding from an architectural perspective what 5g actually means. Melissa was talking about the fundamental job of critical Infrastructure Protection and enabling underpinning Technology Like 5g. We have done intensive work with partners to do a lot of initial level setting activity of understanding at a Network Component elemental level, how architecture work because we are talking about a largely underplayed network at this point. That has been one of the things lost in the media. This is an issue where the ship has already sailed and what do we do now. Curve ahead of this enough that we can make smart, catalyzeinvestment, Risk Management activity together. Understanding what we are talking about when we say 5g networks, standalone versus nonstandalone, we are talking about what is the unit on which networking can enable and that and network slicing. Slicing truly understandin from dhs, that has been the perspective for us. Digging our teeth into that because there is still a lot of work that had not been done. Isther big activity for us on the understanding the marketplace dynamics around a risknd we want informed deployment of 5g technology around the country and the world, but we also want vibrant and fair marketplace 5g of 5g marketplace of 5g manufacturers and providers. We talk about operability, price transparency, discovery, there is a lot of work that is more nuanced than huawei, zte versus the trusted alternatives. We have engaged more heavily with organizations like the oran alliance, ensuring you have true interoperability between those. Is an extensive standardsetting process where you will have 790 pages of detailed standards the talk about frequency and other privacy issues, but is it practical for that rural provider to take one component from this company here, you got the cisco router here and the small sale pizza boxes on every street corner. Can you stitch together a diverse and disaggregated five g network that actually works . There is interoperability but real interoperability. You heard about the qualcomm stitch. There is great efforts in the oran alliance that we truly want to have a free, open, competitive disaggregated stack. That is a message that has resonated in our domestic and international engagements. Have a very defensible position in the u. S. About huawei, that we have intelligence and think it was the right decision. That agreement country has the not every company has that, but something every country has agreed with, we cant get into a position where in the 1980s, ibm controlled the whole stack. The servers, the software, to the people maintaining it, that was the communication stack you had. Thishen there was disaggregation since then. No one is saying, you know what i would really like in 5g, i would like to go back to that model. When we are talking about other countries, we say Risk Management so far selling that narrative. Meantl continue in gauge talking about trusted versus untrusted and making a risk informed decision and when you look at the reports but everyone agrees that for something as vitally important, this is what will power and underpin all Critical Infrastructure for decades ahead, we cant have a model where it is top to bottom locks in. Locked in. How do we understand the marketplace so there is true interoperability and a vibrant marketplace for them to compete on the quality of products they offer . Those have been the exciting activity dhs has engaged on, but it has been a whole of government effort so far. Were early in the process of our. There are still six or seven years before we have realized this. Of yourfound both comments reassuring to a degree, but there is a big question that occurs in u. S. China relations and internationally across a number of sectors. Im thinking about chinas infrastructure lending through belt and road, which is fairly massive, and coming up with smaller pots of money that we want to use to do better quality lending that is more sustainable. The question your comments were raising is this question of quality we are pushing versus quantity. It seems incontinence like africa, south america, to a degree in central asia, the model you have outlined and implied the same thing, we are and ideal setty of circumstances that is expensive and slow coming, whereas china is offering quantity and good enough technology to get started now. Including with a lot of lending. In many places, we just lose the quality versus quantity in desperately poor areas. This is one area they can get enormous benefit. People with the problems you describe, relatively cheaply now, and china continues to march ahead in much of the rest of the world, although not in western europe, will go further chinese deal. Theyll get the data, theyll set the standards. How can we make this argument for something that is ideal, expensive, and slow coming, and how can we prevail in the developing world when china is providing something good enough, inexpensive, now . Some of this comes down to the tactics. Forced thelly conversation with our agency of we need to think this through the operators viewpoint. The rural provider or in the foreign country, the person who runs operations for the third Biggest Telecom in a g20, g20 five French Country that serves six to seven million people. Those people are generally wellintentioned, they understand the argument, they understand the issues we are raising around serious concerns around the lack of judiciary and , and thereues, etc. Is the practicality where it hits the road. He have to deploy this stuff and pulled his down and bring other stuff in. There is work to be done in play booking and better understanding the mechanics around here is how we will work with you to understand how this is not maybe as scary as it seems, and you dont need to just say youve got to do it top to bottom. Not just a theoretical thing, we are doing it now and there is an Engagement Initiative in the u. S. Where we were in denver two weeks ago meeting with a rural provider out there who has huawei in their system and the owner is a veteran, and a selfdescribed patriot. He said listen, i like a pot of money to help do this and it sounds likely on the way in some capacity. If not, i want to do it to the extent i can, but you have to figure out how i can do it to eliminate rip and replaces the wrong order. I have to serve people. For security reasons or quality reasons . Daniel for security reasons. He believes the argument, but wants to understand the sequencing of how you get to a more confident place that he is not pulling stuff out of the ground and his customers have reliability issues. That is where we can help build up late booking on the tactical levels of how you do that. I have a degree of confidence there, and when you look at the conversation in europe and across the world, whether it is lte, a lot will just need to be replaced because it is old. We can think of this not only as sandscary moment in the and this is your moment of reckoning, are you going to go down the good half for the bad path, but this year for the 15 of your radio access network, that you need to replace, lets help make a risk informed decision and there are economic concerns which are still troubling but when you put it like that, when there is a huge cost of manual labor, the physical equipment is only a fraction of that, and 15 or through can get people the operators lens on board and comfortable with, this year, i have decisions to make and you phaseout 15 and that maybe is more expensive, but trusted and in the grand scheme of things, lets go for that. That is different than this is your moment of reckoning. We can do good work on the tactical level, i think. Lets get back to melissa and your policy paper on more to worry about than huawei. You said you were more worried about the underlying infrastructure being developed than huawei itself. What are you most concerned about . What is most vulnerable . What poses the most threats to individuals and institutions to the United States as this network gets developed, this very broad surface of area that is normal . Melissa to clarify that, i am most concerned about it because i think we have too much focus on huawei. They are focused in different ways, but we are missing the forest for the trees. In terms of concern when it comes to 5g, there are a couple. I dont think looking bigger picture, 60,000 feet, we have a good understanding of how 5g networks fit in with other critical networks. These are broader questions about resiliency for society at large. How do you maintain energy if your 5g network goes down. These are broader questions about whole of government, Cyber Security vulnerability. That is not unique to 5g. That is a concern for 4g, as well. The more on the 5g, upcoming technology, there are a couple of areas. One is the further shift toward software. There are Important Solutions out there that are being developed and i know we have talked to specific carriers. They are more optimistic about some of the tools they can leverage from 4g and apply them , but we need a more robust understanding of what security in a software sense means. The other one for me is the internet of things. This is the punch of 5g. It gets us better interconnectivity of a lot of devices. This has dogged us for 10 years in terms of being incredibly insecure. That is a problem for the security of 5g and those devices be used against other types of targets. There is a magnifying effect with 5g i find concerning. Lets bring this to a personal level of your own personal digital security. Are you wary of some of these things and how do you practice the best hygiene to protect your data and privacy, all of you . Let me talk about that because these are hugely important developments in the policy world, but i think we are all trying to make our own lives more secure. Melissa want to head down the line . The short answer is yes. There are two different buckets. We live in a world where for cyber Critical Infrastructure, we are thinking about the persistent threats and nationstate attacks and finding points of leverage and service providers, and a lot of consequence modeling and Systemic Risk stuff that is new and maybe an evolved threat landscaping gradient from seven years ago. On the other hand, there are all these basics the country isnt doing, and you have seen recently children not going to school because of ransomware attacks, people turned away from hospitals because of ransomware attacks, and not because we didnt do some crazy systemic modeling to do, but just because 10yearold technology and 15yearold Security Best practices that are not controversial works deployed. I think the answer is you just have to keep doing both those things. Melissa that is a good answer. I am similarly concerned with the fact that a lot of times when we see these bleeding instances in the news, what we are looking at is the solution is already therefore and had been there for a while. It is a question of how do you implement at scale across integrated and Diverse Technology . I ampersonal level currently wearing an Internet Things of device. For me, there is a variety of risk to be concerned with. It is a packet of basic cyber hygiene any individual can do when dealing with devices. Update your technology, things of this nature that are not overly complicated and yet are surprisingly underutilized. Sense aving a better and this was something i push with friends and family, a better sense of what your technology is doing. Often, people dont understand the security implications or how to secure something or think about security and personal hygiene, because it is a magic box in their hands. Wait, this app is on in the background sending information . Yes, it is on in the background sending information. Education and hygiene standards can be huge on the individual level and the other part for me is there is a Civic Responsibility here. I study small countries were historically there is strong Civic Responsibility to the state. To National Interests to an extent and i think people should be concerned if a device they own has been compromised and is attacksed to leverage a against your own government or other government. That is someone holding your technology hostage to carry out malicious activity, and you should be concerned as an individual and want to take proper hygiene tasks at hand to prevent that. You cant defend everything, but take basic steps to gain awareness and think about your technology as part of his broader ecosystem. Robert my brief thoughts will be less useful. I tried to spend as little time in cyber land as possible and teach my children you have the choice of not living on the internet. Pencils and legal pads, and i read paper novels. Im not on any social media. At the Wilson Center, when we travel to china or russia, we are told not to take our own computerd get a burner to take with us. We have to take and retake not one, but two Computer Security courses. It is redundant and keeps your antenna pretty alert. I think it becomes easy to spot phishing attacks. You can do a lot for institutional integrity, but the promises of 5g, they have yet to raise a problem i have. I dont need my car to talk to my refrigerator. Any final thoughts . We have a few more minutes. Robert i have a question, mostly for melissa. Given that you are mostly concerned about the problems this Technology Poses to everybody anyway, you are more worried about that than huawei, do you see any room for cooperation . Weve been speaking of chinese tech as if it is wholly demonized and competitive, but can we not work with china and other International Players to answer some of these questions that you have raised . If china is moving ahead with some of the hardware but cisco and other companies will remain software, i am not meaning to be pollyannaish, but tothere room to compromise tone down the demonizing link which. This is language, a way to cooperate internationally but are we too distrustful and far apart . Melissa daniel makes a good point, there are governments out there with 14 years of history trying to rectify, im thinking the u. K. Here, trying to deploy huawei at scale in a reliable, secure, resilient manner. Their fifth annual report this year came to the conclusion they didnt have a good degree of confidence. Thats 14 years. I think that is concerning. Robert thats because of the weakness of the software or maligned intention . Huawei it is unclear melissa it is unclear. I have not seen evidence in the public space that would claim the Chinese Government is masquerading in 5g Huawei Technology, building backdoors, a kill switch there, a backdoor here. That is an area of concern, but a lot of speculation at this point in the public space. I do think there are ample opportunities for that given how buggy that code is, and not just for china. If you have buggy code, that is opportunity for any malicious actor. I think that is worth pointing out. To keep saying it were china over and over, that is not the only malicious actor to be concerned about. For think there are areas opportunity when we start doing more of a Risk Management comprehensive thought process about what this threat space looks like because that allows us to say in what ways does risk securityce in ways that is not acceptable . S,en there are vpn resiliency, backups. As soon as we operationalizing that, we have a better sense of where we can work with huawei and mitigate the risk, and where we cant. I dont think we have done that nuance yet. There is a lot of that huawei or no one mentality, versus nuanced risk. Daniel if we are only having a binary conversation about china bad, were not going to achieve the resilience results we want. At the same time, the government has not been too apologetic of what our assessment of the strategic intention is. We did a public webinar on cloudhopper, a chinese backed campaign for an ultimate point of leverage to still tens of billions of dollars of intellectual property across every industry of dozens of countries. That is something we have put out publicly and with a boatload of intelligence behind, and were not going to shy away from that strategic intent that has been demonstrated. Hijacking and rerouting of internet traffic, we will not pretend that doesnt exist. At the same time, if we are only trying to sell the narrative, we will not do the operational stuff, as well. Do we have time for questions . Yes . Ok. Over there, you. We talked about it a little bit. Im a congressional defense fellow. Regarding the deployment of star link satellites, if it is outside the scope of this conversation, let me know that i am a question as to whether a more innovative better or more effective policy solution at this point would be to work rather than ripping out and replacing all this hardware infrastructure across the country, would it be better to build new infrastructure or prepare everyone to use wifi as provided from space the way we do with gps . Thank you. I think satellite and fiber need to be huge parts of the 5g conversation generally and we work with the satellite and Communications Sector reporting council, even when talking about 5g conductivity in rural areas or maybe you dont have the connectivity, satellite is a great option in terms of filler in between, depending, you may have no discernible difference in functionality of it connectivity at all, so is likely an area where enhanced partnership and engagement with satellite industry it is a few different segments, but it would be worthwhile because it is part of the equation that is not going away. In the back. Thank you. Georgetown university. Whys wondering as to developing standards for 5g technology is an appropriate response to an trusted network to climate and formalizing a way to make that deployment trusted. It seems enhance persistent threats dont care if it is hallway tech for nokia tech deployed. It seems they will be able to access those networks and im wondering why the conversation is the technologybased rather than the Great Power Competition conversation we are seeing here . I think a large amount of the conversation actually has been technologybased in terms of thinking about what the structure of 5g is, the technological realities of that. I think you are absolutely right in the sense that if you are a malicious actor of significant scale and have a strategic imperative to compromising network, whether that is espionage or sabotage, you are not necessarily going to care what is the operator of the network, except some are easier targets than others. If you are looking for a weak link, your opportunity in his bugs, these backdoors. If you are a malicious persistent actor, it is in your best interest to have adversaries operating on Insecure Networks because those are your entrances. We have seen time and again with very qualified actors, they go for the low hanging fruit. They will enter a casinos network through their phish tank thermometer. They find the poorest opportunity and go for it. That is another reason to be more concerned about operating securely across the stack, whatever that is. At the same time, we shouldnt wait our hands and seo well, i guess we lost the battle around the stack and we should go buggy. We are going a little overtime. One more question and then we will begun be done. The mobile carriers are already rolling out 5g and i know you can stop them in terms of 899 and say here is the equipment you are allowed to use but they are deploying in now. At t is putting the radio equipment on their tower anyway. What power do you have to stop it . When you say we should wait, i dont think you can really stop them. Commercial markets take over and will push it out. Plug power do you have to stop it from being deployed in the u. S. . I think at the baseline, we feel pretty good about deployment for the major carriers in the u. S. , it is not some lets rest on our laurels and dust off our hands, but from a Risk Management line, we feel on the front end of this deployment, we are in an advantageous as right now. Position now. What levers can be pulled to influence what ict is procured and deployed into the field . ,r for the federal government there are eight or nine different levers that all touch different parts of it. On the federal side comedy nda section 899, a new federal Acquisition Security Council that will bring together the civilian government to include removal orders in a coordinated fashion across those three domains for supply chain risk. That is a new development that we havent had before. There is the existing process that has to do with foreign investment, another lever, as well. There are export controls and needless authorities that the department of commerce has. The department the president signed an executive order may 15 on securing the ict supply chain that will have forthcoming rulemaking by congress and how they want to implement that to ban private sector icts transactions to include services, as well. That is another lever that fits into the quiver. He states all those together and there is a number of ways for what is allowed to go into the federal digital connected enterprise and what private deployis able to buy and in ways to influence that. Recognize the fact that i didnt thank you for coming. I appreciate it. [applause] Mark Randolph on the communicators. Cofounder of netflix and author of the book that will never work, shares his experience starting the online streaming service. 1998, it did not take long when we got that first being. We began cheering and opening bottles of champagne. Two or three minutes later, three more orders. We were so excited. We got two more orders. In all the excitement, we lost track of things until someone noticed that it has been a while since the bell has rung. Is there a problem . It turned out that in the first 15 minutes of being online, we had crashed all of our servers. Mark randolph, monday night at 8 00 p. M. Eastern on cspan two. Cspans washington journal, live every day with news and policy issues that impact you. Coming up this morning, Leah Greenberg discusses efforts supporting the impeachment of President Trump and campaign 2020. And conservative commentators and national so indicated nationally syndicated radio talk talksost Dennis Prager about his promotion of free speech. Join the discussion. Washington journal mugs are available at cspans new online store. Go to cspan store. Org. Check out the washington journal mugs and see all of the cspan products. On thursday, the acting head of customs and border