comparemela.com

Good afternoon everybody. And everybody who is looking at us virtually and everybody in line in the security line trying to get in. And everybody who will be watching sometime soon on a cable network. So i am jane harman, president and ceo of the Wilson Center and today we are probing a very complicated issue that is in my view policymakers in washington and all over the world. At least three parts of the problem are the u. S. China, and the 5g supply chain. The Wilson Center has just produced this is a prop, a spectacular policy brief by Melissa Griffith who is in the front row, and we will see in a little bit which is entitled there is more to worry about the huawei. I think you get the just of this. And she will explain in detail but run, do not walk to read this. Meanwhile, what captures the attention around 5g is that Chinabased Huawei has led the way in developing the superfast networks which will power self driving cars, virtualreality and other cuttingedge technology. Since Chinese Companies are required by law to comply with information requests from Chinese Intelligence Services, u. S. Officials are properly concerned that companies who want to incorporate this Chinese Technology will end up compromising their data in the data of their users, otherwise it could be compromised to and we will talk about that. A few more thoughts, one of the mantra that defined the last decade of Technological Developments was moved fast and break things. Just a suggestion from here, maybe we should think about slow down and assess things. I think that is what you will hear today, what is the problem and what are some policy solutions that will help solve the problem. Fortunately, in the Wilson Center offers policymakers and their staffers the tools to assess new Technology Like 5g and the implications for National Security. I doubt it, our audience is always smart, we have given around 400 staffers from capitol hill, from nearly 300 offices on capitol hill a foundation in Technical Skills through our bipartisan, cyber nai boot camps or labs that take place each friday. Those boot camps are a part of our Science Technology and Innovation Program which is brilliantly led by king who is probably hiding in the hall. Is he here . Shes hiding in the corner. She directs our socalled step program, science, technology and Innovation Program where these labs are house. Overall 800 staffers have come here on friday and the others have gone to a Foreign Policy Fellowship Program so they can learn Foreign Policy as well as we can teach it. Today, we are talking about one problem that we have talked about much but we are delighted to welcome the man with the plan plan, fcc chairman ajit pai. The last time i saw him was in the hamptons in a warmer period of this year end possibly less hectic than the one were in now. But we participated in a panel and i learned a lot and we discussed this coming here. Guess what happened, he is the first fcc chairman to go viral. Often appearing in videos where he embraces internet while announcing new policies. That is really cool pray he joined the federal Communications Commission in 2012 afford by president obama in a fiveyear term in 2017 and was designated as chairman by President Trump. Good, bipartisan. He also works at the d. O. J. U. S. Senate and the fcc office of general counsel and in the private sector at verizon. Today he joins me too discuss a proposal which the commission will vote on tuesday. I will not summarize what they are because he will tell us. That is my first question. Following our conversation and audience questions, there will be a panel of really smart people who will introduce themselves joining us and one i have told you is the author of this amazing Science Technology Innovation Program, what do we call this policy brief. So i am going to sit down now that ive introduced ajit pai and were going to have a short conversation to get your brilliant questions ready. Thank you very much. applause okay, the first question is a surprise question. The fcc is proposing to rules, what are they . laughs thank you congresswoman for the question, before i answer i do want to express my gratitude to the Wilson Center for hosting this inperson conversation and obviously the center has been some of the most impulsive discussions here in washington and in my view of course, i dont think there is much more important than this. I want to thank you personally for your leadership in congress over the years having viewed you from afar i found consistently on how House Intelligence Committee and the other legislative assignments you had you always share your responsible these with the bipartisanship in the national interest. Back at you. I appreciate that. I want to say on a personal note i feel like ive been chasing you, we share the extinction of having a chief counsel of the subcommittee on the constitution and the Senate Judiciary committee, obviously youve gotten to much Higher Ground but i feel like i have a little bit of chasing to do. Who was your chairman when you do that . Sam brown the former house member who you may have served with in 1990. I did. This is an important conversation, i guess the question is often what is 5g and why does it matter. At the United States we have made National Priority to lead in the development and deployment of 5g technology because these technologies increasingly are going to transform American Industries who transportation through healthcare throughout a culture, education, manufacturing to shipping. So we have done that at the fcc by implementing the 5g fast plan, for facilitating american superiority in 5g Technology Preview can find out more details about the plan fcc. Gov 5g. In a nutshell it involves getting more to the marketplace and the small cells and other infrastructure of the future. Id be happy to go into more detail in these components and what the metrics of success have been so far but in a nutshell we want to advance American Leadership in 5g. With this feature however, comes a major challenge which the attack surface so to speak in terms of security is much greater. Check 5g will be like unlike 4g and 3g in these networks will be increasingly Software Defined as opposed by hardware. That software can be located anywhere in the world and in addition to that because were talking about billions more conducted devices online, not just bones but refrigerators to cars, we need to ensure the security protocol are bought upfront as opposed after the fact. The United States that software can be located anywhere in the world and in addition to that because were talking about billions more conducted devices online, not just bones but refrigerators to cars, we need to ensure the security protocol are bought upfront as opposed after the fact. The United States government position overall in the fcc in particular we need to think about 5g security now at the early stages of deployment as opposed afterward when retrofitting might be expensive if not impossible. So what is fcc doing to accommodate this interest. Two things will be voting this coming week on a proposal that is forwardlooking and backward looking. The forwardlooking component involves the universal service fund, this is about a 9 billiondollar Expenditure Fund that the overseas and the money from that is just rooted to cut under Telecom Countries primarily infrastructure in rural areas and underserved areas. One of the things we propose Going Forward is to prohibit the use of the funding from being used by recipients on equipment or services that have been determined to be a National Security threat to the United States. Based in part on legislation passed by congress on a bipartisan basis last year, the authorization act, we include as an initial designation both huawei and cge on the socalled prohibited list in terms the way the company could use the money. The backward looking component, we understand there may be problematic equipment already internet works in particular. Were starting a conversation of understanding where the equipment might be, who is using it, what its being used for et cetera. And also to kickstart the conversation of how to finance the removal and the replacement of the equipment. Especially to the extent rural carriers with the problematic equipment and might not have had the resources on their own to be able to do that so in consultation with them, members of congress and others we want to make sure we have an accurate sense of where we are right now. The forwardlooking and backward looking set of proposals we will be voting on next week. What is the prognosis for that, will it pass . I hope it will on a bipartisan basis, i know this is a time in which the environment is becoming trouble ice but it went and it comes to our National Security we do speak with a unified voice, my expectation based on the conversations ive had with my colleagues, we will see a strong bipartisan vote next week. Certainly what we seen with letters in congress, letters from both sides saying we support your effort in this regard. Basically this is using a u. S. Fund as a leverage to get companies to do something on a forwardlooking basis and on a backward looking basis to trade and technology that they already purchased because there is Huawei Technology in the United States already. That is correct. For nonhuawei and nonChinese Technology. The rest of the world is out there. How do you see this in the context of a world where Huawei Technology is available just about everywhere, certainly not just here. Thats a great question. Part of the reason over the next several months ive been very involved with my counterparts across the United States government and going to other countries in the views of the United States government on these issues. Not just with respect to the company, we recognize the risk profile applies to any company. We want to understand what the risk is for putting services internetwork. So when i traveled to the middle east, europe elsewhere, we want to make sure we all have a common understanding of what the risk is, the best strategy for the risk and how we can Work Together to share information about how the risk may be materializing. Thats been a conversation ongoing but weve had very positive feedback so far. I would guess everybody agrees about the problem and everybody wants to manage risk. I would doubt based on what i read, i know much less then you do that there are different strategies in some countries will go ahead and keep or by Huawei Technology is that fair. I think there are some countries that are exploring different strategies from the United States and our messages pretty consistent, to the extent that you agree with security assessment, we respect your right to make whatever decision you want speaking to the United States, we do not believe this is an area where we can take a risk and hope for the best given how transformative 5g technology is likely to become of the United States wants to make sure that 5g security is aforethought opposed to an afterthought. We think very carefully about the risk profile of any court becoming tour networks. I certainly think that is a worthy objective but i can imagine another government saying to you okay, yes were worried about the risk profile but her answer to that, we will make sure our systems and you mentioned that these are softwarebased systems 5g unlike prior systems in melissas paper help me understand what the differences, no point of intersection where you can block bad guys from coming in, did i get this right. Im learning. Even so, what about the answer, were worried about this and we will fight intrusion but we think even if we dont buy chinese based made technology there can be intrusion from others, our theory of the case will fight intrusion whether using Huawei Technology or not. I offer several responses to that, first of course we embrace the framework to any supplier of equipment for 5g network or services. The question is 1 degree of risk, you pointed out in your remarks quite accurately that the extent china has a National Intelligence law, came compel any company to jurisdiction to comply with requests from the Chinese Intelligence Services and prohibits the company from disclosing the fact that the request of a third party which is customers a huawei in china or abroad, that presents a serious risk. Additionally, the question is the ability of the government to take these risks in real time. As they point out very well, were talking not just about a wireless tower that needs to be upgraded, were talking about software over time needs millions of lines of codes updated and anyone that is malicious could be a vector for including malware and viruses. Does any government have the ability to police in real time all the lines of code. I assume the answer is no. We certainly believe that the risk is too great and beyond the scope of most governments ability to please. And something we often hear, that equipment is significantly cheaper. In the argument i make on that point, sometimes the only problem with cheap, ends up costing too much and thats in terms of Security Risk which is difficult to put the value want. But even on the own terms if something is 50 cheaper or 80 cheaper, over time when youre locked into a vendor and the vendor has software that is buggy or back doors he after police or other kinds of problems over time, you will end up paying the price for making a decision at the beginning. We dont want any country certainly our own to be foolish when it comes to this particular question. I get that. And i think other countries will have to think about that. As i understand again from reading this policy paper, the Huawei Software is buggy, what a great word. [laughter] is that a realworld ente word. The difference in kind if you look at sources not based on the u. S. Government, the uk cybersecurity report, the independent researchers who have examined the software and equipment, we think there is a difference in kind and again, even if there were parity, the question is what is the risk, given the framework that is in place and china in particular, we do have concerns that both the laws, it judiciary and the general willingness of the Chinese Government is leverage that we see in this country over the past month there were things like basketball and flag emojis and the like. For hong kong and macau. We do have concerns that the Chinese Government would behave strategically in this particular area. What if you succeed, if this is adopted and you succeed and one of the Wilson Center geniuses goes over to china and forgets to take his burner phone and takes his regular phone. , no chinese based technology in the phone and is compromised in china, then what . These are concerns that we have when we travel abroad and given the briefing by her great team about cyber hygiene and the like and we would encourage any United States in the color of the u. S. Government or not to take the precautions for we work with the state department, department of Homeland Security, National Security of Intelligence Committee and others to make sure whenever we go abroad were taking the steps necessary to protect ourselves and fellow citizens. If mistakes are made, they always are made, even with the purest of intentions in the pearson technology, it can still be compromised by the chinese or pick another country and we still could end up with defects, workarounds, what ever that we did not intend right . Absolutely. Issues like cyber hygiene are not just looted to the fcc, its acrosacross governmental effortd anybody traveling abroad to be aware what devices you are using and basic things like dont accept a zip drive employed it into your premier. Youd be surprised. Of heard and seen at all. Its basically, technology as it evolved the last 20 years as you know better than anybody coming from the state, it involves california. I think we got used to this being an open positive platform and we need to think about the potential risk factors when were all interconnected. I making the point in this is true in the whole security landscape, theres no such thing as 100 security. Its mitigating risk. Speaking of this i serve on the defense policy board i been to a number of briefings of the pentagon and very worried about this, with to get Chinese Technology out of the supply chain et cetera. What if we achieve this and we have a nonChinese Technology free situation and everybody observes good cyber hygiene. Im looking at everybody. And were all happy campers and then the rest of the world does not play so they basically operate the rest of the world on different technology. How does that make us more secure . It is a problem to the extent there were interconnected, networks do not know or respect National Boundaries as nationstates would. We have to accept and ensure we do protect yourselves from the fcc perspective, earlier this year we denied the application of china to into the United States with the opinion of the Intelligence Community and others. But that would present a risk so weve taken steps like that to make sure we keep the Homeland Security buses recanted Going Forward i been talking to our counterparts around the world from brazil to india to israel as germany for the need to collaborate. We recognize the United States does not exist in a digital vacuum. We need to have not just trusted vendors but strong allies as well Going Forward. Is on sophisticated xenium, i think about developments in the intel world that i had rolls in such as insisting that her analyst look at open Source Intelligence, meaning stuff that is published and available, not classified. If we are in our little world and only have access through our equipment to some part of this and the rest of the world is out there, how do we maximize the open Source Intelligence . Is a critical question. I engage vigorously not just in the briefings that are forward but as you pointed out the information is simply out there, look at last week alone, we were talking of beforehand of the letter about tiktok, some of the other things that are bubbling up in the news. I think Many Americans are not fully aware of how little payments in china, i think were so accustomed to pouring plastic out of her walls and purses and chided us anomaly. Where the china market places generally in addition to direct spending we spen discussed befon Artificial Intelligence and Machine Learning and block train and quantitive computing even though it does not directly impact, its important to have a holistic view. My perspective on a where the information comes from as long as its credible and we want to win the uncaused fighter classified basis what the play is. China is a strategic competitor thats what the strategy says and i agree with that. But that does not mean an enemy. If we say go away china, we dont want your stuff and we do not want to deal with you, does that help us, is that the best approach to achieving our National Security goals . Or an alternative saying understanding china better than we do and thats something robert daly who heads the institute in the name of the institute is china and the u. S. , not the other way around. We think understanding china matters. If understanding china and try to find ways to work with china to the extent that we can is a good idea. As a policy like the one you will vote on in a week in that direction or in the other direction . I would defer to the state department on the Broader Diplomatic Community on sending the policy with respect to china for the fcc perspective, we think its a constructive way and sibley to say we want a riskbased framework from any country or company that comes into our network. We are always looking to engage constructively on issues where we can collaborate in a strategic issue at play we want to address it thoughtfully. It occurs to me, a couple more questions and will go to the audience. Even if your rules are adopted, the leverage that you have is money. Is it possible for people to say, i do not want your money, i will use private sector money or borrow from somewhere else, some other country even to do what i was intending to do. So your rule will not apply to me and retroactively youre using money as a lever to get equipment to be change preloaded people say i dont want to change my equipment, i will not comply or ill find other financing and take out your money. This far we have not can heard concerns from particular carriers or groups but to the extent that any entity or trade association has concern especially when it comes to financing were happy to engage in the conversation and part of the reason why is a backward looking proposal and were engaged with congress on Financing Mechanism to see whether or not the concerns that they have might be addressed in that regard. I comment on her former employer. The nuance knowledge of china im glad youre in a position that you are because youre smart and you have that background. The Wilson Center is trying to teach the technology and the understanding and instead of just demonizing a country or a person, a lot of personalizing goes on in congress and we can urge people to understand better by nuance policy options and i think that is what we are all trying to get. I cannot agree more, i have tried to learn as much as i can having traveled to china before, is very limited but generally speaking, its important for us to learn, not just about china in this particular factor but generally speaking the history of the place and what motivates them and makes them tick. I appreciate the diversity in beijing and all these other places. I know that obviously the differentiation. Last thing, was cost. Everybody gets it that huawei products in particular are much less expensive and you beget us. Isnt there something we can do to challenge this for the wto and are we thinking about that . I have expressed concerns that they do and it seems very clear that by doing that number one, they made a strategic determination vision of a National Champion and is a National Champion compete on the stage. And number three to the extent possible they should be able to block out foreign competition and whether that is a violation or rule that would defer to the trade world. Its not anything that we do in the United States will have a domestic. Were not looking to advance to treat interest in that regard. Second not the thing that the United States says. You know well the fcc and other federal agencies we see a traditionally to stuff the Building Blocks to invest around and more of a hands off. So that is not something we have traditionally seen in the marketplace of ideas. As you said we do not have a domestic supplier, i gathered qualcomm does a little bit of this but why dont we . Some of the subcomponents we have historically had a software force as the key driver for some of these networks and some of the components to going to 5g networks where the equipment is used by wall weight and others we have an advantage but a much larger conversation for variety of reasons for the International Supplier has dwindled. Boo on s. We are the integrators and we should be way ahead and it makes me sad. Okay smart people, questions. Identify yourself, and ask a question, do not make a speech there is someone in the second row right here. Named jim, a question about no matter what we do there will be software that we cannot trust in the routing of the network that has agencies using 0 trust solutions to particular data and make sure user base access and not based on how the network rots it. When that be a good solution to make sure were not losing data or intellectual property . One thing we are consistently and personally working with the teams on, how do we make sure our own networks are secure as possible. So the solutions are something we can explore as well. A question on the left along the aisle. Identify yourself please. In the technology, china has put a high in the United States. Dont you think you should give up a similar plan in which are implication to National Security. Good question. With respect to what the u. S. Strategy for 5g and how we match up with china. I mentioned we have the 5g plan, and we have freed up a tremendous amount of spectrum so its simply to say the predicate for your question, i do think were stacking it very well if you look at the spectrum weve built up in the number what we expect to have deployed with the largest on record in the United States. We always have her eyes on the future and were looking at that as well but obviously the primary focus of the moment is making sure we free up the buildings for 5g. I will say one of the reasons why china has ability to do that is because they dont have number one, the multiple layers in the United States. In some cases, there was 573 Indian Tribes in the United States with the regulatory app. One point ive been making consistently to the consent they once leading 5g, we need a consistent and level set of regulations in a company larger small but especially small can innovate. The other issue is of course that china of the National Priority will be and publicly reported, they want 60 to be in the future. We need to have a sense of mission in the United States of thinking about the technology in the future. That is why last december our agency became the first ever in washington to host the Artificial Intelligence and wet and i Machine Learning is and how its likely to affect driverless cars. And more for us to do with adjacent technologies and many others bubbling up. We need to have a Strategic Vision across government and with the private sector. To understand the potential. As i mentioned we teach a. I. Here. Isnt it premature to talk about 60 when we barely started on 5g. I understand eu is talking about 60, how many years or centuries, i guess the way data moves, how many years off is a completed 5g network . It will be several years to be sure the lifecycle is going quicker, im old enough to remember to g phones and 4g developed starting in 2007 with the smart phone and develop much quicker than people dissipated. In a much faster cycle but nonetheless very early stages of 5g development. For certainly the bulk of my tension is a mention is focused on 5g. Other questions. Thank you so much. Thank you congresswoman, i would like to mention the worlds first 60, and delegation in town next week. There is early papers if you want to read it. Please you can find the paper. But id like to ask about the wrc, how is it going and i like to hear your views about that. They stand for your question. Those that are unaware the National Communication union which is a branch of the United Nations organizes a conference in which spectrum policy for the world are hashed out and there is one ongoing right now as he said in egypt. I spent the first week in egypt and also from the United States perspective while it was there i felt like we are advancing the ball in the United States government for example with respect to the policy, were advocating very strongly for the u. S. Government consensus position as the appropriate level for protection of not just the passive Weather Centers but nearby can expand and 5g development of the. We feel like the u. S. Position gaining support and able to protect not just some of the satellite orbit for some of that we think will provide activity. Some of the other items under consideration. One thing all flag, i propose to buy two years ago which is made available to the commercial marketplace will protect jean could allow american entrepreneurs to really make wifi talk. Pretty much everyone in this room is familiar with wifi, looking for a wifi channel right now, just imagine if we had up to these channels available. I am told innovation and investment like air in dr low bandwidth highbandwidth. One of the things we want to do as we highlight the important in many priorities are wrc and were in the many stages but hopefully they will go well over the next several weeks. Im not surprised to hear that they are leading the fact. Now they have to go and focus on 5g as well. The answer was daunting. I will be the first person to flunk the test. I will try it. More questions . In the middle of the room. The microphone is coming. My question is, do you feel that the threat by huawei devices have a parallel partner in Companies Based in china and the devices of any kind in the United States and if so, are you thinking about what can be done to monitor that . Thats a good question in earlier the letter from senator schumer and regarding tiktok. And not theirs through china but other countries as well which is owned by russian company. There are other concerns expressed how data generated by American Consumers using these apps could be used or misused in the sec does not have jurisdiction over Companies Like that and nonetheless we are monitoring the situation because we understand from a consumer perspective it might not be any different from another issue is the functionality. Nonetheless the location of where the data is stored in practices regarding how the information is used, those are things the United States government needs to look at and the Homeland Security and among others in his team have been working on those issues among others and we have a very close relationship with them and others. I think we have time for a couple more questions and will move to our panel. 15 minutes or 0 minutes. Five minutes okay lets see i am here at the Wilson Center. In 2017 President Trump directed the whole government to take a look at the civilian parts of the economy that contributed. Much of that still classified. It looked at several tears of the supply chain. Are you using the information to alert for the items that we have that we auto protect or to guide federal investment to plug the holes where they exist . What i can say we have taken account of the executive order along with the may 2017 executive order in the we at fcc are taking the appropriate steps based on those orders. Is that oblique enough answer customer. We are paying attention. So a couple more questions, where are you smart people. Robert daly with the kinzinger institute. This follows up on some of the things jane has touched on. We need a sense of mission, a Strategic Vision. Part of this seems to be involving subsidies to poor communities to buy other equipment that it cannot otherwise get in hookup. People like senator rubio have called for an industrial policy, why is there no american huawei, that is not while wasteful. Where im going with this, it seems to point towards industrial policy or violations of what is called market orthodoxy. Ive been in discussion with congress were weve hit a wall at this point where the answer to the concerns that you have raised seem to go against market orthodoxy and the conversation strips there. We think thats a problem and how do we resolve it . Certainly the concern about industrial policy is one that members of congress have been debating and there may be other Administration Agencies with equities from our perspective at the fcc we dont have the resources to come up with a industrial policy along those lines, our position is lets have a framework and understanding the risk with any particular supplier and recipients to trusted vendors. If it happens to be in finland or sweden or korea we are generally and historically have been indifferent to. What we want is to make sure the equipment we are funding is trusted. Whether or not industrial policy needed to rectify the larger market over time well before this position trans started. Its something that i think members of congress would have to engage. There is a variation on that question. Its been at the core of the freemarket success in this country especially in california. What happened to American Innovation around 5g, why are we behind, i think you would agree we are behind. I dont think we are behind. If you look at the early markers were on track to have 92 commercial deployments by the end of this year end holding the largest spectrum on july 10. And has initiatives, two. Five, three to five in two. Seven. Were seeing new Companies Enter the space that we mentioned earlier in response to her question about space and is not thought of in the contents of 5g, america is leading when it comes to satellite orbit companies, these are American Companies were not launching the small satellite at a speeding price point to a provider. Were intervening on the launch site. Those are developed in the United States. In my district, spacex started there. I think its do to a particular congresswoman my point youre talking about other stuff, you talk about the backbone of software of our next generation Communication System for the entire world and we are not the u. S. , there are western countries but we are not the leader, it surprises me. In terms of equipment and services there are other suppliers and one thing we have emphasized in our conversation around the country were not looking to advance the interests, or of American Companies, the nonamerican supply chain that we talk about. Also just to close because i think were out of time, the innovation in america has come from hugely diverse workforce, not everybody in america looks the same in the immigrant i would say from my Vantage Point with someone who grew up in california and watch the fires and everything in california at the moment. But the diversity in the workforce, the it has been extraordinary. Without those people we might not have been to a lot of the stuff that we have. But in this area we seem not to be as swift with the exception of the fcc chairman as we should be. Complement back to you. On that note, when it you agree that he is trying his hardest across the ministration to bring clarity and confidence to government and this is an area that needs attention and hes paying attention and lets thank them for coming. [applause] bakery much. , [inaudible conversations] hello and thanks for sticking around for the second part of the conversation. Im the Senior Business editor and we know a lot about this stuff so we will get started. Robert bailey is the director of the Kissinger Institute and served as a diplomat in beijing and interpreter for chinese and american leaders and president carter and henry kissinger. My favorite part hes a producer of chinese language versions of sesame street and is recognized as an expert in the relations and lecturer for in. Youve heard the works cited before the Research Deals with intersection of Security Technology and focuses on National Defense and cyberspace and shes worked in cybersecurity, Transatlantic Relations and how small countries and states can defend themselves in an increasingly Digital World and a phd candidate in Political Science uc berkeley and affiliated researcher at the same or for longterm cybersecurity. The Deputy Assistant director of the National Risk Management Center and focuses on publicprivate partnerships to enhance cybersecurity and recently and of Critical Infrastructure and deals with efforts to manage risk in the Global Supply chain something that was talked about earlier. Cybersecurity and infrastructu infrastructure. Why dont we start with you. Can we talk about what the record is that the behavior and have they been a bad actor and are there examples of them allowing chinese authorities to spy or equipment being used to hack. There is an area. The area that is not up for debate i think regardless whether you are concerned about the factor there are in the software and that allows the malicious actor great opportunity to leverage but also not limited to that i think when we think about security threats to the u. S. And other instances where weve had compromises. Theyve been able to leverage the vulnerabilities. So i think it is a mixed record about why they are not building an intentional vendor and youve seeseen all day, and whether thy are operating a kill switch to turn off to restructure. But the code allowput the code s because it is pretty shoddy. Its a pretty scary idea that its more vulnerable in different ways. Can you talk about that a little bit and with that raises about should we be rushing to adopt Office Technology with this broad surface . The promise as the chairman and is mentioned as undeniable. It affords all sorts of opportunities weve never seen before. We recognize the promise on the resilience side of the equation. The discussion we had earlier where a lot of those functions will be marginalized and have not been in the previous generations such as the millions of lines of code where we did not have it before and when we look at these cases and the way that its going to matter for the telemedicine and the like we are no longer just talking about the data integrity we are talking to th the public healthd safety issue as well how it could be leveraged or manipulated. It comes from china and they had over a decade of what is the postdeployment testing and it was a fascinating report where it played out and they said they had limited assurance of their ability to have the Risk Management scheme to get their confidence and the binary equivalents that means the expense enormous amount o amoune and Energy Testing in the center they are not actually sure thats what is deployed in the field but that is before you have a factor of ten or 100 so when you go from the current generation we are not sure we have any assurance we dont even know what they are testing then you go to the tax service of the next generation which is going to be orders of magnitude more code whether or not it is an intentional backdoor or unintentional bug door we packaged altogether. Recognizing that reality that i laid out, what that means is you have to have trust on the front end. If that is the reality we are dealing with with millions of lines of code, it cant enter that new world for the tax service from the position of compromise to s. Because of the vulnerability it is going to be embedded in our hospitals and transportation system, its going to be in our homes and connectivity. Does it make sense to secure the Network First and then raised to develop . Anybody jump in on that. They are deploying very fast. Just last week they started in 50 different cities. About 18 a month u. S. Now there is good and the system many people have these phones but they are getting them fairly quickly. I was in a chain last week and the whole city has been transformed by these massive powers from the multiple input on rooftops all over beijing. These actually tracking individual phone users so they are ready for you to sign on and then they can jump out and be faster than the passive networks, so this is already happening. Even if we have these, china is going to be learning this as they go in a nation of fairly early adopters and they will adjust. Its about innovation an in the Public Welfare it might make sense for the reason that you mentioned or is this about commercial dominance at the balance of power in which case they get a tremendous advantage because they are learning a lot. What is the right framework is that our own National Security vulnerabilities or is it concerned about who is going to have the interNational Champion and we tend to confuse those different categories. I think w i think we put a lot of emphasis on a person and this is the argument. And to do the same kind of quality i dont think that has been borne out in the telecommunications. A lot of the players were not the first movers so there is a false narrative if we are looking at these into separate social economic goods of the country. We put a lot of weight on the first movers isnt borne out in history. We also have a lot of good experience in cybersecurity more general. You try to trace it down. Maybe i can patch on some resiliency and its just gone and i think we are at the moment now we do need to emphasize it because it doesnt necessarily lock anyone in in this space. We know that historically. If you canand you cant expecte Critical Infrastructure that is critical not only to the economy but the way the military fight and the way we will communicate with each other in the future you cannot deploy that an the future. This is the most Critical Infrastructure in the future. We cant put a speed ahead of ie this. I hope that that remains true. Of course leaves the barn, theyve got a closed system with a lot of users and strong leverage of control so in fact they know where the horse is because theyve got the surveillance cameras. I hope that it hold. What are the applications and what can we learn from that . The earned competition so most of it is a faster delivery of lunches and gaming in the short term but then we get into the kind of innovation that you were discussing. Its important here to not look at five g. Is a totally sequestered standalone issue. These Autonomous Cars everywhere you look between now and 2023, 24, 25 and what we anticipate the true standalone when you are looking at what provides the backup functionality what we need to think about as well, we need to look ahead over the coming decades and in a world where the infrastructure is going to power more than it ever has before and hold more valuable data than it ever has before, how do we have a framework that gives us trust and assurance in the organization and components into people that played a role in that. Getting back to huawei, is it practical to purge equipment from the United States and what costs as we heard earlier there are a lot of carriers this proposal would require them to go out and physically pull out all of this gear to get paid out but it would be disruptive. Theyve committed to not putting them in other trusted Communications Equipment in the Generation Networks and it is a carrier across the country in the existing. The estimates are somewhere between 700 million to 2 million of what is the cost it can replace that if you talk to the carriers its more in terms of sequencing. But when you think about the u. S. Compared to the rest of the world we spend more in. Its than before so were in a pretty good spot here in the u. S. Its not unattainable. Even if we do this, most if we are concerned about the surreptitious installation. Given the systems made by anybody in the question about vulnerabilities when we talk about the vulnerability from huawei, the question has to be certain safeguards we can put in place. Its the increase of access to the Chinese Government of huawei equipment as opposed to any other equipment. Then we are not talking about the enormous vulnerability that comes from huawei but from the systems generally. I dont hear that question asked and it seems like a key question. I dont have an answer. It is actually one of the reasons why it says theres more to worry about them just huawei. I think the answer to that questiothequestion between the l benefit of trying to break out within the u. Sof both in the u. T also in the networks globally has to do with what the network would look like without huawei. Part of what i think might push at this moment is three different scenarios we could get in the u. S. And the globe. One is where we are able to somehow undermine chinese dominance in the u. S. And globally in the Critical Infrastructure. And we are able to gain leadership and not. That is the best Case Scenario that we are hearing articulated in the first conversation. Second is to get some traction that we have a mixed vendor model that it will be one of. In any three of those worlds is still one vital security and that is how to operate securely on the networks. Independent but it is doing in this space and what the future we find ourselves in we have to solve the question in general and that has to do with the software, ability to check come up a perimete, theperimeter mong outward in the network. It has to do with concepts and increasing the tax base and the vulnerability that brings with it. In any of those worlds that is the fundamental security. That is the question raised by the technologies. I dont want to underplay the way they amplify the security preference in the networks. For whatever reason they said kerry on. Even if we end up in the world magically we can snap our fingers and have a major security problem with one of the most Critical Infrastructures in the world. Im more concerned whether we are looking at this broad area of Risk Management and thinking about what we can do to end encryption. We can Start Talking about the networks and how much bang for the buck that gives us and start doing a confidence of risk analysis rather than the geopolitical concern over here and there is Real Security implication. I still think at the end of the day we are left with a deeply insecure network. The steps that have been taken have been taken over the last couple of years and at the same time we had a trade war with china and im just wondering what you think whether there is a connection between these steps in the trade war and if not, how do we go back to convincing the American People that these are two separate issues . Spinnakers a broad connection with specific connection and we are now engaged in a global competition with china for influence over Security Architectures is a subset of a global rivalry characterized by deep distrust so every aspect reflects on the other. You cant pull these two things apart. The more specific connection is that the president has twice implied she might change some of his attitudes to huawei if he gets a deal he wants. This is difficult because the claims are based on security. They should have nothing to do with the trade deal so if we are willing to pull them in its about security and it also sounds like we are about the rule of law. When they asked canadians to arrest the cfo we were very careful to say this has been done not by the administration but by due process of law so when the president implied she might be a willing to let her go free trade deal this was strongly interpreted. And then the president s statements have divided that there may be a link between how we treat them including the trade deal more generally. As tai chi moves forward what other steps to you think the government can take to secure the networks forcefully . You heard from the chairman earlier who has a strict Regulatory Mission so the first step for us for the entirety of the communication sector the last 18 months theres the hockey stick engagement circuit if you will have increased exponentially in terms of the interest. Theres so much activity going around to admire the problem but not fundamentally waiting it out from the architectural perspective of what it means and understanding just the fundamental job of the Critical Infrastructure protection and enabling the underpinning technologies. We talk about the network at this point and that is one of the things that has been lost in the media like this is an issue where the ship has already sailed into what do we do now so we are ahead of the curved curvh where we can still make some smart tailored investment and Risk Management activities together so when we see standalone versus not stand alone we talk about things like the Virtualized Network slicing truly understanding that. So that has been from the dhs perspective much of the last year for us so theres still a lot of foundational work but have not been done and another activity for us is sort of on the understanding the marketplace dynamics around this and. We have the Risk Technology in the world and then we also want vibrant and fair marketplace providers and manufacturers. Its so much more nuanced than the trusted alternatives. Weve started engaging more heavily with organization which their goals within the network portion ensure that you have true interoperability between those and thats been one thing in the standards setting process where you have 790 pages of detailed standards that talk about frequency and some of the privacy issues but is it actually practical for the provider to take one component from this company here and at te pizza boxes at every Street Corner can you stitch together a diverse disaggregated network in a way that actually works. This interoperability and stories about the whole system being two times lower. In the alliance to say we truly want to have a free open competitive disaggregated stack. We have a very defensible position in the u. S. About huawei we have intelligence that was the right decision and not every country will continue to make the risk case but something almost every country has agreed with and we cant get into the position where in the 1980s ibm controlled the whole stack and from the servers to the mainstream to contain it. It is a great period of disaggregation since then. No one is saying you know what i really would like i would like to go back to that model that makes a lot of sense. So when we talk to other countries we have great Risk Management success so far selling that narrative. Maybe we are still going to be engaged in talking about why they need to make a better report. But everyone agrees that for something as vitally important, this is going to underpin the Critical Infrastructure in the decades ahead. You cant have a model where it is just walked in so where do we understand the marketplace of who the players are so theres interoperability and a fair vibrant marketplace for them to compete on the quality and security and resilience of the products they offer, so those are what they insist on having but theres a whole of government efforts so far and we are early on in the process until we realize all of this. Talking about the infrastructure lending we come up with smaller pots of money that we want to use to do better quality lending that is more sustainable. The question was quality but we are versus quantity and it seems to me in confidence like africa, south america to the degree in central asia the model that youve outlined and you implied the same thing. We are offering quality and an ideal set of circumstances but is slow coming offering quantity and good enough technology to get started now included with a lot of lending. So i am concerned that in many places we just lose the quality versus quantity in the desperately poor areas this is the one place they can get enormous benefits relatively cheaply now to march ahead and much of the rest of the world for example western europe will go for the deal. They will get the data and set the standards. How can we get something that is ideal, expensive and slow coming when china is offering something that is inexpensive now . We forced the conversation with our agency. What is the operators viewpoint . The person who runs operations for the thirdbiggest country that collectively serve six to 7 Million People that is a person they are generally wellintentioned and understand the argument and understand the serious concern to but then there is a practicality where the rubber hits the road we have to send people into deploy this stuff and put other stuff in. So theres work to be done in terms of the playbook and better understanding the mechanics around hate. Heres how we will work with you to help you understand how this actually isnt a bs scary as it seems and you dont just need to say youve got to debate top to bottom option its not just theoretical we are actually doing it now and theres an engagement issue going on where we are now in denver two weeks ago meeting with the provider out there that has huawei in their system. He said listen i like the pot of money to help do this and it sounds like its likely on the way. I had to serve people. And then figure it out. For security reasons or quality reasons . They believe the argument and wants to work with us but to understand the sequencing of how to face things in. Then all of a sudden the customers have the reliability issues. Thats where we can come together at a tactical level how you actually do that so i do have some degree of calm since and when you look at the conversations going on in europe and across the world. This is the moment of reckoning. But this year for the 15 of the network lets make a risk informed decision here. The physical equivalent of diffraction effects of 15 or 40 you can get them on board and comfortable this year i have some decisions to make and to phase out 15 and that maybe is more expensive and trusted in tt in the grand scheme of things lets go for that is different than that this is your moment of reckoning so we can do good work on the tactical level you said you were more concerned about the underlying infrastructure is being developed. What are you most concerned about, what poses the greatest threat to individuals to the institutions as the network is developed in these broad areas . To clarify that, i am concerned about it because we have too much focus on huawei. Its important in different ways but we are missing this in terms of concern i think there are a couple. It goes down for example into these are broad questions about the whole of Government Solutions and vulnerabilities. That isnt unique that is a concern as well about how these interface between the Critical Infrastructures. We are on the kind of fight she Upcoming Technology and theres a couple areas i find concerning. One is the shift towards software and i think there are Important Solutions out there that are being developed and if you talk to specific carriers for example they are more optimistic about some of the tools they can leverage but there is theres a more robust understanding of what it means. The other one for me is the internet of things. This is the punch of what gets us with a lot of devices. The internet of things have stalled us now for a good ten years kind of in terms of being incredibly insecure that is a problem not only for the security of the five g. But they can be leveraged for the service attacks and other types of targets i think that there is an amount i find particularly concerning. I think we are all trying to make our own lives more secure so lets talk about that a little bit. The short answer is yes. We are in this world where for the Critical Infrastructure and how it connects to the threat in the nationstate attacks and finding points of leverage and a lot of consequence modeling and Systemic Risk that an evil landscape from seven or eight years ago on the other hand theres all these basics the country isnt doing it youve seen recently children are not going to school because of ransom ware attacks and people are turned away from hospitals because of these ransom ware attacks and not because we didnt do some crazy systemic modeling, but because the 10yearold technology and 15yearold practices that are noncontroversial redeployed. The answer is you just have to keep doing those. I am concerned with the fact a lot of the time we see these its something the solution was already there for and has been for a while. How do you implement a scale for the antiquated and Dangerous Technology . Im wearing an internet of things device. I think that for me there is a variety of risks you would be concerned with and there is a a package of basic cyber hygiene in the individual can do. Update your technology, things of this nature that are not overly complicated that are surprisingly underutilized. Having a better sense of what your technology is doing. I think often people dont understand the security implications or how secure something is or how to think about hygiene because it is a magic box in their hands. You mean this is on in the background sending information . Yes it is sending in remission for basic education can be huge on the individual level and then the other part for me there is a little bit of a civic responsibility. I study a lot of countries where there are strong civic responsibilities to kind of the state and national interests. People should be concerned if a device they owned is being used to leverage an attack against your own government or another government is basically someone holding the technology hostage to carry out malicious activity and we should be concerned with that and want to take the tasks at hand to prevent that so you can take some basic steps and think about your technology as a part of the broad ecosystem. I try to spend as little time in cyber land as possible and teach my children do do have the choice of not living on the internet. Im not on any social media. At the institution of the Wilson Center when we travel to china or russia we are told not to take our own phones and we get a burger computer to take with us and every year we have to take not one but two different security sources and its highly redundant and keeps your antennae pretty alert and it becomes pretty easy to spot phishing attacks. You can do a lot for the institutional integrity, but when i read about all of the promises they have yet to raise a problem im trying to solve. I dont need my car to talk to my refrigerator. [laughter] i think we have a few more minutes is that right . You are mostly concerned about the promise the Technology Poses to everybody anyway. You are more worried about that in huawei. Do you see google for cooperation can we not work with other International Players to try to answer some of these questions you have raised if they are moving ahead with some of the hardware to be named a hit with the software im just wondering if we are forgetting to ask the question if there is room to cooperate and understand this regulations to turn down some of the demonizing language its not just a battle between good and evil and try to cooperate under the prospect for that or are we too distrustful and far apart . I think theres a couple of areas he makes a good point when he points out there are government out there that have over 14 years of history trying to rectify thinking okay here for example trying to deploy the technologies at scale in a reliable and secure and resilient manner. They came to the conclusion they didnt have a good degree of confidence. They are out there masquerading shutting things down, heres the kill switch. I do think there are ample opportunities given how buggy the technical term that code is. It isnt the only malicious actor a country in the united ud states are likeminded states should be concerned about. There are areas for opportunity where we start doing a morbidly riskmanagement comprehensive process about this threat looks like. Theres the segmentation and questions about building resiliency as backups and things of that nature and as soon as we start operationalizing bad we had a better sense of where we can do that and mitigate the risk and where we absolutely cant but i dont think we have enough nuance yet. The own assessment of the strategic intent there is engraved on a webinar this past february. You have a hijacking and rewriting on the traffic and we are not going to pretend it doesnt exist. For the wifi coverage of conversation please put a question for the solution at this point it would be to work on, you know, rather than ripping out and replacing the hardware infrastructure all across the country would it be better than to build new infrastructure or to prepare everyone to use wifi from space just as we do with gps. We worked with the satellite segments in the coordination even when we are talking about the connectivity. Its a great option in terms of in between where we talk about the throughput you need with no discernible difference to the question earlier i was wondering as to why developing the standards for the technology is inappropriate response it seems that they dont care if it is huawei tech. It seems they will still be able to deploy the networks. I think you are absolutely right in the sense that if you are a malicious actor of significant scale and have a strategic imperative to compromising networks for other that his espionage or sabotage between the two, you are not necessarily going to care what is the operator with the vendor of the network for the targets. The it is in your best interest to have your adversaries operating on very Insecure Networks because those are and we have seen time and time again with particularly very qualified actors they go for the low hanging fruit they find that more porous opportunity to go forward. Its a reason for upgrading securely across the step whatever it is. But at the same time its been pointed out we shouldnt waste our hands and say oh well i guess we lost the battle around the fact. A day are already rolling outside she and i know you can stop in terms of if 99 heres the equipment you are allowed to use. The agreement on the tower anyway ruling that also you should wait. I dont think you can stop them. From a riskmanagement one we feel like on the front end of the deployment we are pretty advantageous now in terms of the specific question of those that can be fooled to influence what is procured and deploy it into the field and right now the federal government with a host of functions theres eight or nine for different parts of it. Theres federal Acquisition Security Council for the government to issue potential Exclusion Orders in a coordinated fashion against those domains for the supply chain risks ansupplychain riskt is a new development that we havent had before. Theres the existing process that has to do with the Foreign Investment but another one there as well there are sort of export controls and u. S. Authorities the department of commerce has and they also issued with the president signed an executive order securing the supplychain that would have the rulemaking by the department of commerce and how we want to implement a two band ict transactions to include services as well. So that is another that fits into that. I think you sort of put all this together and there are a number of ways they are allowed to go to the federal digitally connected enterprise and then the private sector and what they are able to buy and deploy for the way to influence that on the regulatory base as well. There are schools that are out there. Asssist Law Enforcement at the border. This is just under two hours. I want to thank the witnesses for taking the time for your thoughtful testimony. I want to thank the audience members

© 2024 Vimarsana

comparemela.com © 2020. All Rights Reserved.