By Diana Goovaerts, Senior Editor of FIERCE Telecom
A coalition of nine well-known telecom groups urged U.S. President Joe Biden’s administration to defer to industry on the development of new information and communications technology (ICT) security standards, seeking to deter unilateral action by the government on the matter.
In a letter to the Secretaries of Commerce and Homeland Security, the groups acknowledged recent attacks such as the SolarWinds hack, which exposed sensitive data from U.S. government agencies and companies including Microsoft and Intel. They said SolarWinds ramped pressure on officials to address cybersecurity threats. However, they insisted “the federal government should not attempt to create its own technical demands, nor should it try to supplant private sector leadership in standards bodies.”
The groups argued it was “critical” for the U.S. to maintain focus on “industry-led technical standards and best practices to address cybersecurity, supply chain and other global challenges,” adding “such standards are a bedrock of federal trade, technology and security policy.”
Signatories included the Competitive Carriers Association (CCA), the Consumer Technology Association (CTA), CTIA, the Information Technology Industry Council (ITI), National Association of Broadcasters (NAB), NTCA – The Rural Broadband Association, Telecommunications Industry Association (TIA), USTelecom and the Wireless Infrastructure Association.*
TIA CEO Dave Stehlin told Fierce ICT security is “an industry-wide problem, it’s a global issue” and an area that traditionally hasn’t received “enough attention especially since there is currently no single supply chain security standard.” But with a new administration in the White House and a renewed focus on security, “we don’t want government overreach,” he said.
Melissa Newman, TIA VP of Government Affairs, added the goal of the letter was to “make a statement that industry is the right group to actually start leading this and to do this” given its long history with standards setting. While government “understandably wants to jump in…industry understands its networks the best and has as much of a vested interest as anyone to make sure their networks are secure,” she explained.
Though the signatories of the letter did not endorse a specific standard, Stehlin noted TIA is well into work developing its own supply chain standard, called SCS 9001, which is set to be released in the second half of 2021.
A recent TIA whitepaper noted its standard will define clear criteria and measurements that will allow “ICT manufacturers, suppliers and service providers to benchmark themselves against the requirements and demonstrate supply chain security compliance through an accredited certification process.”
Reconsider former executive order
In the letter, the industry groups also called for Biden’s administration to reconsider an executive order signed by former President Trump in 2019, which blocked U.S. companies from purchasing telecom gear from companies or countries deemed a threat to national security, on the grounds that the rule was overly broad.
In accordance with the executive order, the Federal Communications Commission last year classified Huawei and ZTE as threats, while the Department of Commerce in January listed China, Russia, Iran, North Korea, Cuba and Venezuela as “adversaries” subject to the blockade.
By revisiting the rule, the coalition said “the Department of Commerce has an opportunity to undertake a more effective approach to supply chain security by tailoring intervention actions to where they are most necessary and placing greater focus on industry led standards and best practices.”
*Updated to reflect ITI’s status as a member of the coalition.