Critical Infrastructure Security , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime
FCC Votes to Ban China Unicom From Operating in USChairwoman Says Move 'Protects Communications Networks From Foreign Threats'
The U.S. Federal Communications Commission on Thursday voted to ban Chinese telecommunications carrier China Unicom from providing services within the U.S. The FCC's Order on Revocation directs the firm to discontinue its services within 60 days. The move comes amid a wave of FCC actions against Chinese carriers in recent years, citing concerns around state-sponsored cyberespionage.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
The FCC, in a statement, says the action is based on input from executive branch partners, a company review and public record. The agency - whose jurisdiction includes broadband, fair competition, radio frequency, media responsibility, public safety and homeland security - says the move "safeguards the nation's telecommunications infrastructure from potential security threats."
"Today we take another critical step to protect our communications networks from foreign national security threats," FCC Chairwoman Jessica Rosenworcel says in a statement. "There has been mounting evidence - and with it, a growing concern - that Chinese state-owned carriers pose a real threat to the security of our telecommunications networks."
Brendan Carr, the senior Republican commissioner at the FCC, says in a statement: "Our decision today is informed by views submitted by the executive branch with responsibility for national security reviews. As our record here shows, those agencies have advised the FCC that there are serious national security and law enforcement risks associated with China Unicom Americas' continued access to U.S. telecommunications infrastructure.
"They also stated that China Unicom Americas' operations provide opportunities for Chinese state-sponsored actors to engage in economic espionage and other forms of theft of high-value U.S. targets, including businesses and government agencies."
Carr also contends that in the FCC's review, China Unicom Americas' "conduct toward the commission and Congress lacked candor and trustworthiness." Together, the commissioner says, the factors "present an unacceptable risk to our national security and therefore I support today's decision."
"Our decision to revoke the company’s authority to provide such service makes us more secure," adds FCC Commissioner Geoffrey Starks.
China Unicom Reacts
A spokesperson for China Unicom tells ISMG: "China Unicom (Americas) has a good record of complying with relevant U.S. laws and regulations and providing telecommunication services and solutions as a reliable partner of its customers in the past two decades.
"As for the FCC's revocation of CUA's 214 authorizations without any justifiable grounds and without affording required due process, CUA would act proactively to protect the rights and interests of the company and its customers. China Unicom (Hong Kong) Limited will closely follow the development of the situation."
According to a filing with the U.S. Securities and Exchange Commission, China Unicom's total subscribers reached 351 million in 2020.
Chinese officials also denounced the FCC's action on Friday, calling it a "violation" of international economic and trade rules, according to CNN. A spokesperson for the country's Foreign Ministry reportedly said the Chinese government will "continue to take necessary measures to resolutely safeguard the legitimate rights and interest of Chinese enterprises."
Timeline of Events
China Unicom Americas sprang up in the U.S. two decades ago, but FCC officials now contend that the carrier poses a clear "threat" to U.S. national security.
In 2019, the commission also denied the state-run China Mobile USA from entering the U.S. market, citing similar concerns. Then, in 2020, the Senate Permanent Subcommittee on Investigations issued a report on the threats associated with Chinese state-owned carriers operating in the U.S.
FCC officials say around the same time, the commission began considering "the threat posed" by China Unicom Americas. It then initiated proceedings directing the company to demonstrate why the FCC should not revoke its ability to serve the U.S. market.
According to the timeline laid out by Rosenworcel, after fielding replies from China Unicom, the FCC consulted its national security partners, including the Department of Justice and the executive branch, represented by the National Telecommunications and Information Administration, which advises the president on telecommunications policies. The chairwoman says officials claimed China Unicom was "subject to the control of the Chinese government."
Rosenworcel says "at each stage … [the company] had an opportunity to respond. And at each stage, [its] responses were incomplete, misleading or incorrect."
In 2021, the FCC says, it found that China Unicom Americas had "failed to dispel those concerns," and provided it with "another opportunity to make its case."
"Ultimately, this is about concerns related to national security," says Perry Carpenter, a board member for the National Cyber Security Alliance. "We see that the FCC is justifiably concerned that an entity controlled by the Chinese government may be monitoring the communications of its users."
Carpenter, chief evangelist and strategy officer for the security firm KnowBe4, adds, "We have to remember that the untrustworthy actions (e.g., monitoring) of telecom/communication services do not just put their customers at risk. Anyone communicating with their customers is also subject to monitoring."
The commission has taken comparable steps to ban Chinese telecom carriers. In 2021, it revoked China Telecom Americas' prior authorization to operate within the U.S., and it has started similar revocation proceedings against Pacific Networks Corp. and ComNet (USA) LLC, it says.
Over the past few years, Congress has also instructed the FCC to "rip and replace" Chinese networking equipment - citing concerns that China's companies, or government officials, could monitor sensitive communications. The commission has also sanctioned Chinese telecom giants Huawei and ZTE under similar grounds.
Addressing Cyber Risks
Rosenworcel says the FCC is actively working to reduce broader cyber risks.
"In light of recent data breaches, we have proposed stricter data breach reporting rules. We have launched a Notice of Inquiry on security of the internet of things. And we are rechartering the Cybersecurity Regulators Forum that has been dormant for the past few years - and assuming its leadership," she says.
In an FCC proposal this month, initiated through its formal rule-making process, the commission moved to eliminate its current seven-business-day mandatory waiting period for notifying customers of a security breach. It would also require carriers to notify the commission of all reportable breaches, in addition to notifying the FBI and U.S. Secret Service (see: FCC Proposes Stricter Telecom Breach Notification Measures).
Update [Jan. 31, 11 a.m. ET]: This story has been updated with a statement provided to ISMG by China Unicom.