Good afternoon everybody. Everybody who was looking at us fruitfully and in line in the security line to going to get in, and everybody who will be watching us sometime soon on a cable network. I am jane harman, president and ceo of the boston center. Today we are prepping a very complicated issue that is, you might be doubling of policymakers, in washington and all over the world. At least three parts of that problem are, the u. S. , china, and the five g supply chain. The Wilson Center has just produced, leaving my prop. This is the prop. A spectacular policy brief by Melissa Griffith who is in the front right here. You will see her ill obit. Which is entitled, there is more to worry about than what way. I say you get the gist of this. She will explain in detail but run, dont walk. During this to get this and read it. Meanwhile, what captures the attention around 5g is the china based weight has led the way in developing the superfast networks which will power some carving car Virtual Reality and other cuttingedge Technology Since Chinese Companies are required by law to comply with information requests from Chinese Intelligence Services u. S. Officials are properly concerned that companies who want to incorporate this Chinese Technology will end up compromising the data in the data of the users. Otherwise it could be complicated for your mice to and we will talk about that. But a few more thoughts. While the mantra and he finds the last decade of Technological Developments was moved fast and pray things. Thats a suggestion from here and maybe we should say about slow down and assess things. I say thats what you will hear today. What is the problem, and what are some policy solutions that will help solve at least part of the problem. Fortunately, the Wilson Center offers policymakers and their staffers the tools to assess new technologies like five g. And the implications for your interNational Security. And for the luddites in the room if there are any. I doubt it. Our audiences are always smart. We have given around 400 samplers from capitol hill, from nearly 300 offices on capitol hill, the foundation and Technical Skills through our bipartisan and bicameral, cyber and ai, who camps. They take place each friday. Those boot camps are part of our Science Technology and innovation programs which is greatly led by that king who hiding in the hall probably. She is outside. She is hiding the quarter. Thats where she is. She directs our socalled subprogram. Science Technology Innovation program. When these labs are housed. Overall, 800 hill staffers have come here on friday. The others have gone to our Foreign Policy poster program. Who that they can learn Foreign Policy as well as we can teach it. Today, we are talking about one problem that we have talked about much here but we are delighted to welcome the man with the plan. The chairman, and the last time i saw him was in the hamptons. In a warmer period of this year and possibly less hectic than the one we are in now. But we participated in a panel and i learned a lot and we discussed them coming here. And guess what happened, he is the first fcc chairman to go viral. Thats cool. Often appearing in videos where he embraces internet means by announcing new policies. It is really cool. He joined the fellow communications greenish patient in 2012 by a present obama provider term in 2017, he was designated as chairman i President Trump good. Bipartisan love it. He is also worked at the doj and the u. S. Senate in the fccs office of general counsel and in the private sector and verizon. Today he joins me to discuss a proposal. Actually two. Which the commission will vote on on tuesday. And i wont summarize what they are because he will tell us what they are. That is my first question. And following our conversation, and audience questions, there will be a panel of really smart people will introduce themselves joining us. And one of those ive already told you is the author of this amazing site Technology Innovation program. And i guess when we call this, policy brief. Who im going to sit down of the introduce energy will have a short conversation who get your brilliant questions ready. Thank you so much. [applause] the first question is the surprise question. One of the rules for your fcc. Thank you congresswoman for the question. Before you answered though, i do want to express my gratitude to the Lesson Center for your hosting this important conversation and obviously the center some of the most important policy discussions in washington. It might be of course, there has brought much more things were important than news. I thank you personally for your your personal leadership. I found consistently on house intelligence committees as well as the other legislative assignments you have, always have a a sense of bipartisanship and the focus on the national interest. Back at you thank you. His tunic and saunas and a personal note, we actually shares might be aware the extension of having both services of cancel the subcommittee in the constitution and the Senate Judiciary committee. Obviously you cant do much Higher Grounds that i have a feeling they have a little bit of chasing to do. In order to keep up with you. Stigma chairman. Romac. Former house member who you mightve served with. But this is in a really important conversation. The critical question is often, what is five g and why does it matter. In the United States weve made in a National Priority to lead in the development and deployment of five g technologies because the two pointed out, these technologies increasingly are going to transform American Industries and transportation to help go from agriculture to education many manufacturing to shipping. Who we have done that at the fcc by incrementing what i call the five g pastime. Plan for your facilitating american superiority in five g technologies. You can find out more details about the planet fcc. Com five g but in a nutshell, that plan involves getting more spectrums into the commercial marketplace, getting the Wireless Infrastructure deployed from small cells and the other infrastructure in the future and also promoting which is critical for your curing this wireless traffic into the core of the network. Hope you had a good more detail. The metrics of success who far, but in that shell we want to advance American Leadership in five g. Knowing this connected future however comes a major challenge as you know well, which is that the attack who to speak, in terms of security is much greater. Five g will be unlike predecessor technologies like four g and three g, in that these networks will be increasingly Software Defined. As opposed to defined by hardware. That software can be located anywhere in the world. In addition to that because we are talking about gubelli is more connected devices coming online, it wont just be thought, it will be everything from refrigerators to cars. We need to ensure that security protocols are upfront as opposed to afterthefact. As of the United States government position overall, the fcc in particular, is that many say about five g security now. The early stages of this and as opposed to afterwards. When retrofitting might be prohibitively expensive if not impossible who what are the fcc doing to accommodate this interest. Two things. Voting this coming week, on a proposal that is forwardlooking and backward looking. The forwardlooking component involved what is known as a universal service fund. This is about a 9 billiondollar annual Capital Expenditure fund and the fcc overseas. The her name from the fund is distributed to telecom communities across the country primarily to support infrastructure in rural areas and underserved areas. One of the things weve proposed to do Going Forward, is to prohibit the use of the funding from being used by recipients on equipment or services that have been determined to be a National Security threat to the United States. And based in part on legislation passed by congress in a bipartisan last year, the National Authorization act, we include as an initial designation, both huawei and cte companies would be on the circle prohibited list in terms of their ways that the comedies could use his her name. Thats a forwardlooking component. The backward component is to see we understand the may be problematic equipment already in our network. Four g part networks in particular. Sore starting a conversation about understanding where that equipment might be, who is using it, but it is being used for your etc. Then also to kickstart a conversation about how the refinance the removal and the replacement of that equipment. Especially to the extent that we are talking about rural carriers that have been incorporated some of this problematic equipment. They might not have the resources on their own to be able to do that. Who in consultation with them members of hundred station and we want to make sure we have an accurate sense of where we are now. Who forwardlooking and backward looking, set of proposals that we will be voting on next week. What is the prognosis. Well pass. I totally hope it will print on a bipartisan basis, and time in which the political environment is becoming an increasingly capitalized. But what i do say in our National Security we do speak with a unified voice and my expectation based on some of the conversations ive had with my colleague, as well see some very strong bipartisan votes next week. That certainly is what we are seeing in terms of letters coming from Congress Paid members from both sides, staying what we support your efforts in this regard. Who basically this is using the u. S. Fund as a leverage to get companies to do something on a forwardlooking basis and then on the backward looking basis to trade in technology they may already purchase because there is Huawei Technology in the United States already . Thats correct. Part non Huawei Technology but the rest of world is out there enemy how do you see this in the context of a world where one Way Technology is available just about everywhere and certainly not just here. Thats right question. This part of the reason why the last several months i have been very involved with my counterparts across the United States government and going to other countries. And represent United States government on these issues and not just work that company we recognize the risk profile is or applies to any company. One understand what it is for your any company that is putting incredibly important equipment and services into our network. Who when i travel through the middle east, youre up elsewhere, has been we want to make sure we all have a common understanding of what the risk is in the best strategy to mitigate the risk and how we can Work Together to share information about how that risk is materializing. This been a conversation that is ongoing but we have had very positive feedback who far. Its an i would guess everybody agrees about the problem. Everybody wants to manage risk. But i would guess a somewhat irate. I know much less about this and you do that there are different strategies and that some countries are going to go ahead and ate a keep or buy huawei technologies. Is that fair. There are some countries that they are exploring different strategies from the United States. And her message is pretty consistent that to the extent with a security assessment, we have horse respect right to make whatever decision you want. Speaking of the United States, we do not believe this is an area where we can take those risk and hope for your less. Given the transformative five g type technologies are likely to become of the United States at least wants to make sure the five g security is aforethought opposed to an afterthought who we say very carefully about the risk profile of any equipment coming into our network. Connect certainly say that is the worthy objective but i can imagine another government staying to you, okay yes, were worried about risk profile. But our answered to that is we will make sure that our systems and you mentioned that these are software specific systems. Unlike the prior ones. On paper to understand what the differences are. No. Of the point of intersection where you can block bad guys from coming in. No smoke in the mail. Did i get this right. I am learning. But even who, what about the answered we are worried about this and we are going to fight intrusion but we say that even if we dont buy chinese based are made technology there could be intrusion from others our theory is we will just fight intrusion weather is using white technology or not. Soy offers several response to that first of course we erase the framework. Affordable to any supplier of equipment for your five G Network Equipment or services. The question is one to the degree of risk. And he pointed out in your opening remarks quite accurately to the extent that china has National Intelligence law that compels any Company Subject to its jurisdiction, to comply with the question of Chinese Intelligence Services and also prohibit as a comedy from disclosing effective the question is thirdparty such as customers of all away for your example in china or abroad that rape represents a serious risk in additionally, the ability of the host government to be able to do detect the risk in realtime. Out very well that we are not talking about just a wireless tower the need to be upgraded. Were talking about software that time, millions of lines of codes that need updated in any one of those lines are malicious could be a sector for your including malware and viruses. Does any government have the ability to police in realtime to all of those lines of code in the threepoint, i assume the answered to that is no. We certainly believe that risk is is it too great that is beyond the scope of the Government News ability to police. In the third and final. Which is related to what we often hear as well. That equipment is substantially steeper. Sometimes only problem is cheap as it ends up costing is it too much. Less in terms of our Security Risk which is something that is very difficult to for the value on. Even on its own term, even if something is 50 percent cheaper or 80 percent cheaper, after time, and you are locked into inventor, there are backdoors you have to police or other kinds of problems, over time you will end up paying the price for your making a decision at the beginning. Who we dont want any countries, certainly not her own to be bullish about this question. I get that. Other countries will have to say about that. As i understand it again from the policy paper, the wall white software is buggy did what a great word. Megan said technical term. [laughter] when anybody software me possibly buggy even if it is more expensive. Forces not based on the u. S. Government, and the uk cybersecurity report for your example, the independent researchers have examined some of the equivocal we do say that there is a difference in kind. Again, even if there were others one is the risk. Given the national raymore especially in china, both National Intelligence on the lack of the judiciary and general willingness and Chinese Government to use as leverage we see in this country this past month over basketball and a flag in the live for your users in hong kong and macau, we do have concerns that the Chinese Government would behave strategically. What if you succeed, lucky you. And then one of the, Wilson Center geniuses goes over to china and forgets to take his marathon. And take his regular phone. No chinese based technology and has found that is compromised in china, then what. Whenever i traveled by myself, given everything mayday great team about cyber hygiene and the like who we are certainly encourage any United States person traveling on government or not, to take those precautions. We take we work with the Homeland Security, National Intelligence communities agencies and others to make sure that whenever we go abroad, were taking steps necessary to protect ourselves and our fellow citizens. But mistakes are made for your their just always made. Who even with the purest of intentions and purest of technology, it still could be compromised by the chinese. Then pick another country. And we still could end up with bugs and effects workarounds, whatever. That we didnt intend to write. Absolutely and who thats why i say the issues like cyber hygiene are not just one with the fcc, is across governmental efforts is important for your anybody traveling aboard. Not to just china, anywhere. To be alert, basic things license computer the phone. You piece of price, ive seen it all and ive heard it all. The basic things, technology as it evolves in the last 20 years, you know better than anybody, innovative states, it involves based on,. California. Select open positive platforms. We need to say about some of the potential risk factors when we are all internet gifts are connected like this pitchmac im just making the point, two in the whole security lesson, there is no such thing is hundred percent security. Mitigating risk as best we can. I serve on a defense policy board to a number of briefings at the pentagon. Very worried about this. Weve got to get chinese made technology out. Totally out of the supply chain etc. What if we achieve this. And we have a non, untried chinese or a chinese free technology. Everybody observes good hygiene was cyber. Moral happy campers. The rest of the world doesnt play. And who they basically operate, the rest of the world, a different technology. How does that make us more secure. It is a problem to the extent that we are interconnected. Networks dont know or respect national boundaries. As nationstates would of course, some in a tent take steps to do protect ourselves. Earlier this year, we denied the application of china mobile to enter the United States. Based on the National Community and the entry of the company would present a risk who we have taken steps like that to make sure that we keep the Homeland Security best we can. And Going Forward, is the set weve been talking to some of our counterparts around the world, from brazil to india to israel to germany, about the need for your us to collaborate on some of these issues because we recognize that United States does not exist in a digital vacuum we need to be able to not just trusted vendors but strong allies as well. But is unsophisticated about this. I say about developments in the intel world that i had some brawl in such as, and sustain that our analysts look at opensource intelligence. Opensource means stuff that is published and available not classified. If we are in our little, vulcanized world and we only have access to our equipment to some part of all of this, and the rest the world out there. How do we maximize the opensource intelligence intelligence. Is the critical question. I engaged because they are four dead to agencies and officials like me but also as you pointed out, the information we were talking before hand about goleta to the army and some of the other things bubbling up the news, i say Many Americans are fully aware of help little payment from china which is another industry involved very quickly plastic out of our wallets and purses in china in the 17 normally. With the chinese marketplace is generally, in addition to the direct spending that we discussed before that the Chinese Government with Artificial Intelligence and Machine Learning and even if it doesnt directly in back to the five g security, support and have a holistic view. I dont care where that information comes from as long as it is credible. We want to learn both from classified and unclassified bases where with the state is pretty spak china is a strategic competitor. Thats what our National Security says. And i agree with that. That doesnt mean an enemy. And if we see, huawei china, we dont want your stuff, we dont want to do with you, does that help us. Is that the best approach to achieving our National Security goals or is it alternatives and staying that i understanding and china, the better than we do. And that is something that Robert Bailey who heads our institutional china and u. S. , and the name of the institute is china and the u. S. , and its not the other way around. We do say the understanding china matters. Who if understanding china and trying to find ways to work with him. To the extent that we can continue, is the good idea. Is there a policy like the one you are going to vote on in a week, in that direction or in the other direction. His stomach certainly have a different course to the state department on the Broader Diplomatic Community and setting the overall policy with respect to china for the fccs perspective at least we say it is a constructive way forcibly to see we want to have a framework for your understanding. From any country or company that come into our networks. We always are looking to engage constructively on issues where we can collaborate where there is a strategic issue plane we want to address it very softly not in a kneejerk action. Select couple more questions than will go to the audience. Even if your rules are adopted, the leverage you have is her name. And is it possible for your people to see i dont want your her name, i will use private sector her name or i will borrow from where else, some of the venture even, to do what i was intending to do. Who your brawl will apply to me who wrecked directive leader in using her name to use equipment to get change. Again i dont want to change my equipment, i am not going to comply or find other financing intake and her name. Its been concerns so long those lines, for your particular carries or groups but to the extent that any entity or trade association alike has concerns, especially when it comes to financing. Or always happy to engage in the conversation as part of the reason why that backward looki looking, proposal that i talked about, and the edge of congress, and finding financing mechanisms. To see whether or not some of the concerns that they have might be addressed in that regard. A comment on our mutual former employer, the nuance knowledge of china to be increased there. Just a thought. And i am glad you are in a position that you are because you are smart and you have the background. In the Wilson Center is also poised to try to teach the technology and teach the understanding. Who instead of just demonizing a country or a person and a lot of personal demonizing goes on in congress is it too, we can urge people to understand better and to provide nuance policy options. I say thats where were all trying to get. Or we assume i couldnt agree more. I personally try to learn as much like anna having traveled to china before. Very limited but eager to learn. Generally speaking i say it is important for your us to learn, not just about china in this particular factor but just generally speaking, the history of the place. What motivates them and makes them tick. I appreciated obviously the diversity of the still doing beijing and chongqing, and these are the places who. I know thats obviously different rations there that we can take into account greatest mac costs. Everybody gets it, while way products, in particular are much less expensive. And in big way us, there something we can do to challenge this the wto and are we thinking about that. The Chinese Government doesnt specifically fund while way. It seems clear that they made strategic determination they should have National Champion and number two, the National Champion should be able to compete and three to the extent possible that they should be able to block out foreign competition. Whether that is a violation or a roll that would defer to the trade horse, of course i will see, it is clearly not something that we give the United States. We dont have a domestic fire five g equipment. We are not looking to advance a trade interest in that regard. As of the kind of say that unisys traditionally does. The fcc and other federal agencies like it, we see it as a brawl traditionally to set the Building Blocks for your companies that invest around me and more of a hands off direction. Dont take particular companies and marketplaces in subsidizing and tell them to go forth and conquer. That is just not something that we have traditionally seen in the marketplace of ideas. I would just see we do not have a domestic plot fire. Why dont we. Assuming i say the sub convergence, we do Semiconductor Example historically we had a strong of course net. For your some of these networks who far some of these components and go into the five g networks, the equipment is used by walkway and others and we do that an advantage for your a larger and much larger conversation of course would be a variety of reasons, International Suppliers have dwindled in the past years. We are the innovators. We should be a way ahead on this. It makes me sad. I see people nodding. Okay people smart people, questions. Identify yourself, and ask a question. Dont make a speech. And there is someone in the second row. Question about no matter what we do, therell always always be software that we cant trust. But as agencies are using serotype solutions to protect the data and also make sure theres a user based access and not just based upon outofnetwork, wouldnt that be a good solution. To make sure were not losing our data or intellectual property. Its been at this good question. One of the questions we are consistently and im personally working on Information Technology teams on. How do we make sure our own networks are secure as possible. The solutions, are some things we have been exploring. Question on the left along this aisle. Technology, first assistant, and dc. In the subject technologies, china is pretty high and then United States. [inaudible conversation] they will start a development distinction. Should they also give up the counterparts. What is your indication on the National Security. With respect to what the u. S. Tragedy for your five g and we match up, with china. We do have the five g connected early metrics are good in the sense of me afraid of a tremendous amount of spectrum. Simply, five g is the predicate to your question, i do say that we are setting very well if you look at the amount of spectrum we have freed up. We have deployed the amount of fire 2018, on record that Going Forward course, with respect to 60, lloyds have our i. C. E. On the future. We are looking at that as well. The obviously our primary focus at the moment is on making sure that we free up some of those Building Blocks. But i will see that one of the reasons why china has the ability to do that is of course, dont have number one, the multiple layers of regulatory review that we have the United States but we have federal review stays in local and in some cases anyone of the 573 federally recognized Indian Tribes in the United States can have a regulatory apple. One point the extent the United States was to lead in five g, we need to have a consistent and loophole set of regulations that any company or small, but especially small can investigate or invest in. The other issues is that china can see us from beijing, with the National Priority is going to be. If it was publicly reported, we want 6g to a driver in the future. Who we need to see i have the same sense of mission in the United States but thinking about technologies in the future. One of the reasons last december our agency became one of the first and not be the first ever in washington to host a Artificial Intelligence Machine Learning. Understanding what Machine Learning is and how it is likely to affect adjacent technologies. Obviously theres more for your us to do quantum and block chain and many others are going up. We need to have a Strategic Vision across government and with the private sector to understand what the potential is. We teach ai here. Isnt it premature to talk about g when we barely started five g. How many years are centuries i guess, the way data moves, will be centuries but havent years off the completed five g network. It will be several years to be sure lifecycles quicker, i remember 2g phones back in the 90s. And in 2007 the smart phone. And they develop much quicker now in a much faster cycle now. We are in the very early stages of the five g technology and employment. Other questions. Say as much. Thank you. I would like to mention the organized 60 last march. And until next week. There is already white papers if you want to read it please take those university and there you can find the white paper. But i like to ask about the wrc. How do you see how it is going and also there. I would like to hear about that. Say you very much for the question. For your those of you harpist plan and. Every four years intelligence communication organizes a conference in which spectrum policies for the world are hashed out. Theres one ongoing right now as you said, and who the first week there, in egypt, i will see from the United States perspective, i felt like we were hitting the critical priorities. With respect for the policies, we are getting very strongly for the u. S. Government, is the appropriate loophole for your protection not just for your passive weather sensors, near by span but also five g development. Similarly with respect and the notion are a sin, we feel that the u. S. Position is gaining support a days and is able to protect not just the satellites but also the emptiness that we say are going to be productivity in some of the other items on consideration is one thing that i will say is what i propose about two years ago 5925 megahertz. I say those are and 60 megahertz wide channels is made available to the commercial counties. They could allow american entrepreneurs and innovators to really make wifi, pretty much everyone in this room is familiar with wifi. We are looking for your a wifi channel right now. But just imagine if we had up to six of these channels available, im told innovation and investment on things on ar and dr, high fan applications and you name it. We want to make sure that we highlight the importance of the 6g hers. We are in the early stages but hopefully things will go well over the next several weeks. Ischemic not surprised to hear that someone is leading the pack. Instrument they have a great winter olympic team. But that answered was daunting and were going to give a test on it. [laughter] but our hour is over. And i will be the first first person who will flunk the test. We will all try. More questions. In the middle of the room. My question is, do you feel that the threat posed by what way in these devices, have a parallel partner in chinese or Companies Like china and Data Collection devices of any kind in the United States, and if who, are you thinking about what can be done to monitor that. See my very good question. I mentioned earlier regarding tiktok in bc now, members of both parties and both parties in congress, concerned about applications not just from china but from other countries as well. Faceup as well, on by a russian company. There are other concerns have been expressed about have dated generated by American Consumers on those platforms using these apps could be used or misused. Off of the fcc does not give it directly exercise overt Companies Like that nonetheless we are monitoring the situation because we understand that while from a consumer perspective, one that may not be any different than the other but nonetheless, the location where that data is stored, the practices about regarding how that information is used, those are things that United States government does need to take those look at. We were consistently as i mentioned on endeavors of the Homeland Security. Cyber security infrastructure and security agencies are the head of that. His team has been working on those initiatives among others. As i said, we have a very close complicated relationship with them. I say we have time for your a couple more questions then were going to move to our other pan panel. Much of that is still classified and looked at several tears in the supply chain. Are you using that information to alert cynthias or the items we have we ought to protect or to guide federal investment to try to plug the holes where they exist. What i can say publicly is that we have taken account of that executive order along with the may 2019 executive order and we the fcc are taking the appropriate steps based on the text of the orders. Thats the bleak answer. But we are paying attention. Yes. Thats not classified. We are paying attention. Exactly. Couple more questions. Where are you smart people . Robert daly who heads what we call Kissinger Institute on china and the u. S. Thank you very much for your remarks and discussion this follows up on some of the things jane has already touched on. He said we need a census mission a Strategic Vision. Part of it seems to be involving things like subsidies to poor communities to buy other equipment i couldnt otherwise get and be hooked up. People like senator rubio have called for American Industrial policy. Why is there no american analog to huawei. That at least is not what ways fault. Where im going with this, it seems to be pointing toward industrial policy or perhaps violations of what is sometimes called market orthodoxy. Ive been in discussions with congressman where we hit a wall at this point where the answer to all the concerns you rightly raised seems to go against market orthodoxy and the conversation stops there. We face such a problem how do we resolve it . Thats a very good question. Certainly couldve the concern about industrial policy is one that members of congress have been debating and there might be other Administration Agencies with equities there from our perspective at the fcc. We dont have the resources to come up with some sort of industrial policy along those lines. Our position is simply what type of risk basic framework and the risk posed by any particular supplier and ensure mastic recipients go with trusted vendors affect trusted vendor happens to be finland or sweden or korea we are generally historically weve been in different, what we want is to make sure the equipment and resources we are funding are ultimately trusted whether or not industrial policies needed to rectify some larger Market Forces that evolved over time well before i got into this position the trend started. There is a variation on that question. Innovation has been at the core of our freemarket success in this country. Especially in california. What happened to American Innovation around 5g . Why are we behind . I think you would agree we are behind. Actually dont think we are behind. If you look at early markers we are on track to have Something Like 92 commercial deployments it by in the United States by the end of the year. Many mid band initiatives, we are seeing American Companies innovate, new Companies Enter the space we mentioned earlier in response to abquestion about space, space all those although not thought of in the context of 5g, america is leading when it comes to satellite orbit companies these are American Companies not just watching the small satellites to provide connectivity as a speed and price point comparable to aprovided we are also innovating on the launch site. In my Congressional District spacex started there. I think its solely to the efforts of a particular congresswoman in that area. But my point is you are talking about a lot of other stuff. You talk about the backbone of software as a backbone of our Nextgeneration Communications system for the entire world and we are not the u. S. , there are western countries helping lead but we are not the leader it surprises me. In terms of the equipment and services there are other suppliers from around the world and one of the things we emphasized as we said in our conversations and other countries were not looking to advance the pecuniary interest this is a nonamerican supply chain we are talking about. Also just to close because i think we are out of time, the innovation in america has come from a hugely diverse workforce. Not everybody in america looks the same. And the immigrants, i would say from my Vantage Point of someone who grew up in california and watches with sorrow the fires and all the other planes of california at the moment but the diversity in the workforce, for example, the abto pick one has been extraordinary. Without those people we might not have invented a lot of the stuff we have but in this area we have seem not to be as swift with the exception of our sec a afcc chairman. On that note, wouldnt you agree that this guy is trying his hardest to cross administrations to bring clarity and competence to government and that this is an area that needs attention and he is paying attention and lets thank him for coming. Thank you very much. The test will start in 45 minutes. [laughter] meanwhile, we are having another panel that we will show you how much more we know about this topic. Please join us here. Our moderator will introduce himself and the panel. abdaniel cruz is the Deputy Assistant director at the National Risk management center. He focuses on publicprivate partnerships to enhance cybersecurity his work also deals with efforts to manage risk and the Global Supply chain. Daniel was formally chief of staff for congressman John Radcliffe the chair of the cybersecurity and Infrastructure Protection subcommittee. With that, lets go. When we start with you melissa. Can we talk a little about what the evidence is. What the record is of waterways behavior. Have they been a better actor. Are there examples of them spying or allowing chinese authorities to spy or their equipment being used to hack . Whats the record . I think there is a bit of a mixed record an area of hot debate on how malicious huawei has been. The area not up for debate was really shoddy code. I think regardless of whether youre concerned about them being malicious actor whether intentional or not. There really big abthat allows a malicious actor great opportunity to leverage those holes. Including Chinese Government including one away but not limited to that. I think when we think a lot about Security Threats to the u. S. With other instances where weve had compromises those have largely been from Chinese Technology. Its been by countries of north korea, iran, china, russia and they been able to leverage existing holes. Its a mixed record about whether or not huawei is building and attention are vendor backdoors. You probably seen a lot of bids on that. Whether or not operating kilter at any moment to turn off infrastructure but the reality is there code allows for those things because its pretty shoddy. One thing that came up in the conversation with the chairman is that 5g has broader attack surface. Its much more vulnerable in many different ways. Can you talk about that a little bit and what that raises about should we be rushing to adopt all this 5g technology with this very broad tax service . The promise of 5g is the chairman and others mentioned is undeniable. You pick your sector of the economy will fundamentally transform it and afford all sorts of opportunities weve ever seen before. Trillions of dollars ergonomic extra opportunity. We recognize the promise there on the Risk Security and resilience side of the equation there is a lot we still have to understand and contextualize about the risk. I think the discussion we had earlier Software Defined networking where a lot of the functions will be virtualized in 5g have not been in previous generations that as millions of lines of code where we did not have it before. When you look at the use cases of 5g and the weight will matter for telemedicine and Autonomous Vehicles and like we are no longer just talking about a data integrity and privacy issue we are talking about Public Health and safety issue as well. In terms of the use cases of how 5g can be leveraged or manipulated as well. Melissa touched on some of the reporting of huawei equipment and other, Telecommunications Agreement that comes from china. A telling report came from the uk in their Huawei Cybersecurity Center where they had over a decade of whats postemployment testing. It was a fascinating report where it laid out, this is because its testing was already in the field testing 4g for the most part. They said that they had limited assurance of their ability to have Risk Management scheme that gives confidence and also said they had almost no ability to ensure binary equivalents. Which means what they spent an enormous amount of effort and time and Energy Testing in the center theyre not actually sure thats whats deployed in the field. Thats just for 4g before you have a factor of 10 or 100 x at the amount of code when you go from the current generation where we are not sure we have any assurance that its not a leaky product and we dont even know what we are testing is what deployed then you go to the tax service of the next generation which is going to be orders of magnitude more code that can have monthly firmware updates itself that whether or not its an intentional back door or just an unintentional bug door you package that altogether in the attack service from this becomes enormous. As came up in previous conversation there was no 100 perfectly safe and riskfree vulnerability free product but recognizing that reality i just laid out what all that means is youve got to have trust on the front end. If thats the reality we are dealing with with millions of lines of code you really cant enter that new world with that attack surface from a position of compromise trust. Given that maybe we should slow down and assess if 5g is with all the benefits also challenge a threat to Public Health potentially because of the vulnerability. Its going to be embedded in our hospitals and our Transportation System its good to be in our homes the connectivity. Does it make sense to secure the Network First and then race to develop . Just anybody jumping on that. Might make sense to wait but china certainly isnt waiting. Not that all these columns are here. They are deploying very fast on october 30 just last week they started full 5g programs and 50 different cities. Beijing, shenyang, shanghai, relatively cheap about 80 a month u. S. As a glitch in the system that many people have 5g capable phones yet but they are getting them fairly quickly. I was just in beijing last week and the whole cityscape has been transformed by these massive towers multiple input multiple output antenna arrays on rooftops oliver beijing. On november 5 china using these to set a new 5g speed record for single cell phone users. These arrays actually track individual phone users. The ready for you to sign on and can jump on and be faster rather than traditional 4g passive networks. This is already happening so even if we have these bad cold many vulnerabilities china is going to be learning this as they go. In a nation with very early adopters and they will adjust. He will be filling some of the gaps as they move. There is a question here with 5g how much of this is for innovation and if its about innovation and Public Welfare and it might be a reason that you and congresswoman harmon mentioned. Or is it about commercial dominance and the balance of power . In which case the first movers get a tremendous advantage because they are learning a lot. I think this question is what is the right framework . Our own National Security and vulnerabilities . Balance of power or concern about whos going to have the interNational Champions and we tend to confuse those different categories. I would push back a little bit because i think we put a lot of emphasis on the first mover advantage. This is the argument for speed. It is if you are the first mover you get a lot of practice to get into markets earlier you deploy much faster makes it harder for other companies or competitors to walk in after you. I dont think thats been worn out until making indications. A lot of the dominant players in 4g were not the first movers. Theres a little bit of a false narrative even if were looking at these two separate. The geopolitical versus social economic good of the country. I think we put a lot of weight on first movers. Its not necessarily worn out in history i would also push to say we have a lot of good experience around cybersecurity in general and Critical Infrastructure that tells us really terrible plan to chase a horse once its left the farm. Youre trying to chase it down as security here maybe i can patch on resiliency there and the horse is gone. I think were at a moment where we do need to emphasize security just as much speed. Because first mover does not necessarily lock anyone in the space. We know that historically and because you cannot expect the critical of the structure critical not only to our economies but the where military fight the way all of us will communicate with each other in the future you cannot deploy that in an insecure and nonresilient. This is the most critical of critical info structures in the future. Its the definition of single point failure. I cant put speed ahead of the security truck. I hope that remains true but within china if the horse leaves the barn is still a chinese horse in a chinese bar and they have a closed system with a lot of users in very strong levers of control. So they know where the horse is because theyve got surveillance cameras. They got the worlds biggest market with early adopters and a willingness to use these adapters as guinea pigs. As the test cases without regulation. So you make a very important point i hope that it holds but if its as much at stake as you say there is we may want to be skeptical about that assumption even if its been true up till now. China is racing ahead, what are they using 5g for . What are the applications right now and what are coming online and what can we learn from that . China is very proud they just won the latest International League of legends team competition. Actually most of it is faster delivery of mobile lunches and gaming in the shortterm but then we get into the kind of innovation that you are discussing. I think its also important to not look at 5g just as this totally sequestered standalone issue for basically at the high level talking about interconnected world the stuff that fits together that enables a whole host of activities for individuals, consumers, and the broader Critical Infrastructure community and even when we look at the deployment of 5g its not like there is a day where 5g get slipped on and there is Autonomous Cars everywhere you look between now and 2023, 2024, 2025 what we anticipate in terms of 5g deployment will go from the current 4g lte buildout from nonstandalone 5g deployment where you effectively have 5g on top of the existing 4g infrastructure and move down the road closure to 2025 where you have the true nonstandup atrue standalone 5g. Within that we look at what provides the backhaul functionality that is the existing Fiber Network and the new fiber we are laying satellite also plays a role. Its really a connected holistic ict infrastructure we need to think about as well. We need to look ahead over the coming decades in a World Without infrastructure is going to power more and more than it ever has before hold the more valuable data it ever has before how do we have a framework of risk informed lens that gives us trust and assurance in the organizations, components and people that play the roles in that. Getting back to huawei, wondering is it practical to purge huawei equipment from the United States . If it is, at what cost . As we heard earlier, there are a lot of rural carriers that install huawei equipment years ago and this proposal would require them to go out and physically pull out all this gear to get paid back for that but clearly very disruptive. Is it solving a problem . I guess if we do this or is it sort of a preventative measure solving a problem that currently exists . I think we look at the u. S. Right now we are largely in pretty good shape. All the major carriers have committed to not putting huawei and other untrusted Telecommunications Equipment fifthgeneration networks and its a smattering of rural carriers across the country that have huawei in their existing 4g lte. The estimates around 700 million and 200 billion of the cost to rip and replace but if you talk to the carriers its more replace and ripped in terms of the sequencing. When you think about the same as compared to the rest of the world, the total cost really to get huawei out of her system somewhere in that range we spent a lot more on other National Security imperatives before. Were actually in a pretty good spot right now in the u. S. If not unattainable. What one of the two of you knows the answer to this but even if we do this rip and replace ericsson and nokia manufacture most of their transmitters, receivers, routers in the peoples republic of china. Over concerned about surreptitious installation of some vulnerabilities they are just as open. My question is this, given all those vulnerabilities, given the eminent packet ability of these systems made by anybody by almost anybody in the question about vulnerabilities that you raised, it seems to me when we look at the cost and we talk about the vulnerability from huawei the question has to be in certain safeguards we can put in place germany and the uk are saying they may let huawei into the least vulnerable parts of their system because they are confident they can wall these off technologically. Given there is some ability, not perfect, to monitor, it seems to me the unasked question is what is the marginal increase in the ease of hacking and access to the Chinese Government of huawei equipment as opposed to any other equipment . Because of that margin increase needs attacking isnt that great then we are not actually talking about an enormous vulnerability that comes from huawei were talking about vulnerabilities from the system generally. I dont hear that question asked and it seems like a key question. I think this is really good point its one of the reason theres more to worry about than just huawei. I think the answer to your question between marginal benefit of trying to break out huawei in u. S. Networks and networks globally which is part of the u. S. Ambition have to deal with what the network would look like. Without huawei. Part of what i think might push at this moment is to think about three different scenarios we could get in the u. S. And the globe. One is the ideal scenario we are able to somehow undermine chinese dominant close to while huawei and we can gain leadership in that. Thats the best Case Scenario. The second scenario is we get some traction but we have a mixed vendor model of which huawei is to be publicly one of them. Either in the u. S. Or abroad to some extent. The worst Case Scenario is huawei wins the supposed race of which ill defined concept of a race and is the primary core critical vendor both in the u. S. And abroad. Any three of those worlds there is still one really vital Security Trust for the u. S. And thats how do you operate securely and inherently Insecure Networks. Independent of what huawei is doing in the state independent of what future we find ourselves in we have to solve that security and resiliency question of 5g in general that has to deal with software, that has to deal with abilities to check, perimeter monitoring versus the pushing outward of the network this has to deal with concepts around iot and increase the attack space and vulnerabilities that brings with it. These are what are going to be popping onto this. Any of those worlds thats the fundamental National Security. Thats a more human question than a china question per se. Is a china dimension of it i dont want to underplay the ways in which china amplified Security Threat for the United States in these networks but it is not sold security problem with these networks. Even if china were to magically decide it did not want to compete on 5g for whatever reason said carryon finland, swedens of the world, do your best, even if we ended up in that world magically we could snap our fingers we still have a major security problem with one of the most Critical Infrastructures in the world coming onto our economy i think we should solve that. What worries you the most . Huawei or the underlying . Underlying. Underline. I think it hasnt been a lot of the Security Solutions im hearing articulated at least in the public space are very issue tailored to huawei. Im less concerned whether we can solve those and more concerned on whether or not we are looking at this much broader area of waste aRisk Management to think about maybe we can do and day encryption, how much bang for our buck does that get us . We can Start Talking about segmentation for networks. And start doing comprehensive risk analysis versus theres a geopolitical concern over here looking in this corner, i still think in the end of the day we are left with a deeply insecure network. And like to ask robert steps that have been taken to blacklist huawei, to isolate huawei in the u. S. At the same time, we had a trade war with china. Wondering what you think if theres a connection between these steps against huawei and the trade war and if not, how do we go about convincing the American People these are two separate issues . Is abroad connection and the specific connection. The broad connection is that we are now engaged in a global competition with china for influence over Security Architectures over trade investments very much over the development mechanization and regulation of tech thats moved to the foreground. In relating to that also norms and practices and underlying value systems. The huawei question like the trade war is a subset of a global rivalry characterized by deep distrust. Every aspect of that rivalry reflects on the other. You cant pull these two things apart. The more specific connection is that the president has twice implied that he might change some of his attitudes toward huawei if he gets the deal he wants. This is very difficult because the claims they are making against huawei are all based on security. They should have nothing to do with the trade deal. If youre willing to pull huawei in abit also sounds like we are cynical about the rule of law because the Eastern District of new york when it asked canadians to arrest the cfo of huawei among wong joe a awhen the president subsequently implied he might be willing to let her go for a trade deal this was then even more strongly interpreted as hostagetaking. There is both the broad geostrategic competition side which they are linked and that the president statements have also implied there might be a link between how we treat huawei, including placing of it on the entities list and the other issues in a trade deal more generally. Elect to bring it back to you aas 5g moves forward we know what the fcc is proposing but what other steps do you think the u. S. Government could take to secure the networks here . Forcefully. The first step for us has been extensives takeover engagement. The abagency is not a regulator and you heard from a apai earlier. We have an awesome opportunity to have a front row seat in the it sector and the u. S. Of the communication sector the u. S. And bring them together. Its been the last 18 months weve had forums like this pop up every week. The hockey stick of 5g engagement the circuit has increased exponentially in terms of the interest but theres level setting activity that it doesnt taken place. There so much activity going around admiring the problem but not fundamentally laying out understanding from an architectural perspective what 5g actually means. As melissa was talking about understanding the fundamental job of critical Infrastructure Protection and enabling Technology Like 5g. Weve done extensive work with it and comms partners to do a lot of the initial level setting activity of understanding at Network Component elemental level how 5g architecture works. We are talking were largely underplay network at this point. Its been one of the things that has been most lost in the media is that this is an issue where the ship is already sailed and what we do now . For the most part we are ahead of this curve enough we can still make smart tailored investments and decisions we can still catalyze Risk Management activity together. Understanding actually what we are talking about when we say 5g network. We are talking about things like what is the abtruly understanding that so it has been from dhs is a perspective much of the last year for us has been digging our teeth into that is there still a lot of work that had not been done. Another big activity for us is only understanding the marketplace dynamics around this. Our goal is Pretty Simple we want to risk informed deployment of 5g technology around the country and the world. We also want vibrant and fair marketplace oh 5g providers and manufacturers. When we are talking things like interoperability like Price Transparency and discovery theres a lot of work there so much more nuanced than just huawei weaver start engaging more heavily with organizations out there like the oran alliance which their goal is in the Radio Access Network portion of 5g ensuring you have true interoperability between those. There is an extensive 3g and it new standard process. 700 pages of detailed standards work that talks about frequency and privacy issues but is actually practical for that rural provider . Take one component from this company here thats in the core cisco router here and then small sale pizza boxes at every Street Corner from a different, can you actually stitch together a diverse and aggregated 5g network in a way that actually works . Theres interoperability but then real interoperability. There is great work being done in efforts like the old man alliance of trying to say, we truly want to have a free open competitive aggregated stack and i think its a message that has really resonated in our domestic and International Engagements as we have very defensive position in the u. S. About huawei that we have intelligence and support we think its the right decision. Not every country has agreed with us on that. We continue to make a risk informed case but something almost every country has agreed with is that we cant get into a position where in the 1980s ibm controlled the whole stack. From the servers to the mainframes to the computers to the software to the people coming in to maintain it, that was the communication stack you have. No one is saying athen there was a writ period of aggregation. No one is saying, you know what i would really like i would really like to go back to that model that makes a lot of sense. We were talking to other countries we have great Risk Management success so far and so in that narrative. Maybe we are still going to continue engagement talking about what vendors are fully trusted and on trusted and why they need to make a better risk informed decision and why you look at the state report, k report, but everyone agrees for something is vitally important, this is whats going to power and underpin all Critical Infrastructure for decades ahead. You cant have a model where its just talk to bottom block and so how do we understand the marketplace of who the players are so that there is true interoperability and affair vibrant marketplace for them to compete on the quality and security and resilience of the products they offer . Those of the really exciting a but its been a really government effort there so far. I think we are early on in the process. There still five, six, seven years until we really realized all this. I found both of your comments reassuring to a degree but there still a big question which occurs in u. S. China relations and internationally. Across a number of sectors. We hear about chinas infrastructure to belton road which is fairly massive and we are coming up with smaller pots of money we want to use him to do better quality lending thats probably more sustainable. The question your comments were raising was this question of quality we are pushing versus quantity. It seems to me in continents like africa and south america to a degree in central asia the model youve outlined and you implied the same thing we are offering quality and ideal set of circumstances that is expensive and slow coming whereas china is offering quantity and good enough technology to get started now. Including with a lot of lending. So im concerned many places we just lose the quality versus quantity. And desperately poor areas. This is the one way we can get enormous benefits even with all the problems you describe. Relatively cheaply now huawei continues to march ahead and much of the rest of the world, although not western europe will go for the chinese deal. They will get the data they will set the standards. How can we make this argument for something that is ideal, expensive and slow coming and how can we prevail in the developing world when china is offering something that is good enough, inexpensive now. I think some of it comes down to the tactics. We have really forced the conversation in our agency as we need to think this through the operators viewpoint. Thats the person you need to think through their eyes. Those people are generally wellintentioned they understand the reason for argument they understand the issues were raising around serious concerns about both the lack of independent judiciary and china issues and huawei being a leaky product. Then theres a practicality whoever hits the road they actually have to some people and deploy the stuff and pull stuff down and put a stop in. Theres work to be done just in terms of play booking and better understanding saying heres how we can walk with you to understand how this is not is a scary and daunting as it seems. You dont need to just say you guys do it top to bottom soup to nuts option. Its not just a theoretical thing, we are actually doing it now. Is there real engagement issue in the u. S. We were in denver two weeks ago meeting with ab and the owner is veteran and selfdescribed patriot and he said, listen, i like a pot of money to help do this if not, i still want to do it to the extent i can but you got to help me figure out how to do it. Rip and replace the wrong order. You want to do it for security reasons are quality reasons . He wants to do it for security reasons he believes the argument and wants to work with us but he must understand the sequencing of how you have confidence to not just pull a bunch of stuff out of the ground and then all of a sudden his customers have a bio reliability issues. We can help build out some of those play booking the tactical levels of how you actually do that. I have some degree of confidence there. When you look at the conversation going in europe and across the world whether its 5g or 4g lte, a lot of the Radio Access Network around the world is going to need to be replaced because its old. We can date of this not necessarily as this scary moment in the sand of either this is your moment of reckoning are you going to go down the good path or bad path . This year for the 15 percent of your Radio Access Network need to replace lets help make a risk informed decision and there are economic concerns which are still troubling but when you pose it like that when there is a huge cost of manual labor of doing that the physical equipment is actually only a fraction of that 15 percent or 40 of the 15 percent they are just doing this year you can get people through the operators lands on board and comfortable with, this year i have decisions to make any to phase out 15 percent maybe its a little more expensive but trusted in the grand scheme of things lets go for that. Its much different than that this is your moment of reckoning. We can do good work in the tactical level i think. Lets get back to melissa and your policy paper on theres more to worry about than just huawei. You said you were more concerned about the underlying infrastructure being developed. What are you most concerned about . What is most vulnerable . What poses the greatest threats to individuals, the institutions, to the United States . As this network is developed with is very broad surface of area thats vulnerable. I think to clarify that, and most concerned about because i think we have too much focus on huawei. Important in different ways but i think we are missing the fourth. In terms of areas of concern when it comes to 5g i think there are a couple. I dont think looking at much Bigger Picture of 60,000 feet and hope that we have a good understanding of how 5g networks and other Critical Infrastructures. These are broader questions about resiliency for society at large. How do you maintain energy and production and service . If your 5g network goes down for example. These are broader questions about whole of government, whole of Society Solutions to Cyber Security vulnerabilities in which one increment will be 5g. More on the kind of 5g Upcoming Technology i think theres a couple areas i find particularly concerning. One is the further shift toward software. I think there are Important Solutions out there being developed and i know if you talk to specific carriers they are a little bit more optimistic about some of the tools they can leverage from 4g and apply them to 5g but i think we need a more robust understanding of what Security Software sense means. The other one for me is really the internet of tanks. This is better inc. To interconnectivity a lot of devices. The internet has daunted us for a good 10 years. Those devices can be leveraged i think theres a real magnifying effect coming out of 5g and find particularly concerning. That brings it down to a personal level. Are you aware of some of these things and how you practice the best to protect your own data and privacy . Let me just talk about that because these are hugely important developments in policy world. The short answer is yes. Sort of two different buckets. We go through this world where cyber Critical Infrastructure we think about advanced persistent threats in nationstate attacks and finding points of leverage and manage Service Providers and the lot of consequence modeling. And Systemic Risk stuff that is new and evolving Threat Landscape gradient from 38 years ago. And theres always basics the country isnt doing. Youve seen recently children knocking on school. And not because we didnt do some crazy systemic modeling to do. In 15yearold Security Best practices noncontroversial and deploy. I rebalance those . The answer is you have to keep doing both. I think im also similarly concerned with the fact that a lot of the time when we see these blazing instances in the news what a dissolution is therefore it should be for a while. Its a question of how to implement at scale across antiquated and diverse technology. That concerns me i think on it personal push. Im clearly wearing it internet of things device. I think for me theres a variety of risk youd be concerned with. I think theres like a packet of basic cyber hygiene an individual can do when dealing with devices. Update your technology. Things of this nature. Not overly complicated and yet surprisingly underutilized. I think having a better sense, this is something i push with friends and family. A better sense of what your technology is doing. I think often people dont understand the security implication or how to secure something or think about personal hygiene because its like a magic box in their hand. Like you mean this app is on in the background . It sending information . Yes the app is the background sending information. Basic education and i think hygiene standards can be huge on the individual level. I think the other part for me is a little bit of a Civic Responsibility. I study a lot of small countries historically with air is really strong Civic Responsibility to the state. A national interest. I think people should be concerned if a device they own has been compromised and being used to leverage an attack against her own government or you another government. That somebody holding your technology hostage to carry out malicious activity. You should be concerned about that with is an individual and want to take proper hygiene. Tasks at hand to prevent that. You cant spend everything but you can sort of take basic steps gain basic awareness. And think about your technology as part of the broader ecosystem. My brief thoughts will be far less useful. I try to spend as little time in cyber land as possible and teach my children in fact you have the choice of not living on the internet. With pencils and the yellow legal pads and paper novel. Im not in any social media. The institution at the Wilson Center when we travel to china or russia we are told not to take her own phones and its very easy to get a burner computer to take with us. Every year we all have to take and retake not one but two different Computer Security courses. That actually does while its highly redundant and keeps your antenna pretty alert. It becomes very easy to spot phishing attacks. You could do a lot for institutional integrity. When i read about all the promises of 5g they have yet to raise a problem im trying to solve i dont really need my car to talk to my refrigerator. [laughter] any final thoughts . I think we have a few minutes . I have a question mostly for melissa. Given that you are mostly concerned about the problems this Technology Poses to everybody anyway. Youre more worried about that then huawei do you see any room for cooperation . We been speaking about chinese tech as if its wholly demonized and wholly competitive. Can we not work with china and other International Players try to answer some of these questions that you raised . If china is moving ahead with some of the hardware but if cisco and a lot of American Companies are going to remain ahead with the software are there any, im not trying to be pollyanna but im wondering or forgetting to ask the question if theres room to cooperate on standards and regulations to tone down some of the holy demonizing language not just a battle between good and evil and trying to. Theres a couple areas of concern. Daniel makes a really good point. When he points out theres governments out there with 14 years of history trying to rectify thinking the uk they didnt have a good degree of confidence. Thats 40 dock 14 years i think its concerning. Thats because of the weakness of the software or malign intents . Its unclear. I had not seen any evidence in the public space that would claim that the Chinese Government is out there masquerading in 5g Huawei Technology building and back doors, shutting things down here to kill switch there, vendor backdoor there. Thats an area of concern but its a lot of speculation at this point. In the public space. I think there are ample opportunities for that even how buggy the code is. Not just for china, if you really buggy code, thats an opportunity for any malicious factor. We keep saying the word china over and over its not the only malicious actor. I think theres that concern. I think theres areas for opportunity when we start doing much more of Risk Management comprehensive process of what the database looks like. It allows us to say in what ways does huawei introduce and secure the that its just unacceptable. In what ways at cost can we mitigate some of the concerns . These are questions around encryption, virtual private networks, vpn, segmentation, questions about building resiliency backups as soon as we start actually operationalizing that a lot of the work daniel is talking about we have a better sense of where we can work with huawei where we can do that and mitigate the risk and where we absolutely cant. I dont think we done that nuance yet. Theres a lot of huawei or no one mentality versus the much more nuance risk. For only having a binary conversation about china awe are going to be able to achieve the security resilience results we want. At the same time the u. S. Government has not been too apologetic about what her assessment of the strategic intent there is. We did a public webinar this past february on a pt 10 cloud hopper which is the Chinese State ad campaign to leverage Service Providers as an ultimate point of leverage just deal with likely tens of billions of dollars of intellectual property across every industry of dozens of countries. Thats something that we have put out publicly and with a boatload of intelligence behind and we are not going to shy away from that and strategic intent thats been demonstrated in bgp hijacking and rerouting of the internet traffic were not to pretend that doesnt exist but at the same time. If were only trying to sell the narrative we are going to not do the operational stuff as well. We have time for questions . Yes. Okay. Over there. [inaudible question] hi im amanda rankin, defense fellow congressional defense fellow. My question is regarding deployment of star link satellites in one Web Satellites reducing global wifi coverage. And its outside the scope of the conversation please let me know but i have a question as to whether more innovative or not even innovative but better or more effective policy solution at this point would be to work on rather than ripping out and replacing all the hardware infrastructure across the country would be better than to build new infrastructure or prepare everyone to use wifi as provided from space the way we do with gps . I think satellite and fiber need to be huge parts of the 5g conversation generally. We work with the satellite segment within the communication sector recording counsel even when you are talking about 5g connectivity when you have rural areas maybe you dont have the connectivity we have the buildout satellite is a great option in terms of filler in between where depending on the ayou need you might have no discernible difference in terms of the functionality of the connectivity at all. It likely is an area where enhanced partnership and engagement with satellite industry its a few different segments would be worthwhile because its part of the equation thats not going away. In the back. Robert dalys question earlier i was wondering as to why developing the standards for 5g technology is an appropriate response to untrusted Network Deployment and formalizing way to make that network trusted. It seems like advanced persistent threats dont care if its hallway tech or nokia tech deployed. It seems like they could still access the networks. Wondering why our conversation is it technologybased rather than the Great Power Competition conversation we are seeing here. I think a large amount of the conversation has been technologybased in terms of thinking about what the structure of 5g is, the technological realities of that. I think youre absolutely right in the sense that if you are a malicious actor of significant skill and you have a strategic imperative to compromise the network whether thats espionage or sabotage, you are not necessarily going to care whats the operator or vendor of that network except for some of those are easier targets than others. If you looking for a weak link your opportunity then is bugs. I think if you are a malicious persistent actor its in your best interest to have your adversaries operating on very Insecure Networks because those are your aand we see time and time again particularly very qualified actors they go for the really well low hanging fruit. They will enter abthey find a more porous opportunity. Thats another reason why we should be much more concerned about operating securely across the stack whatever that stack is. At the same time, we shouldnt just wave our hands and say oh well i guess we lost the battle around the stack and go really buggy. We are running a little bit over time. One more question and then we will be done. Jim salters with nobis, the mobile carriers are already rolling out 5g and i know you can stop in terms of 899 and say heres the equipping youre allowed to use but they are deploying it now at t is utilizing first met to put the radio equipment on the towers anyway as they are rolling that out. What power do you have that to stop it when you say we should wait. I dont think can really stop them commercial market will take over and they will push it out. What power you have to stop it from being deployed in the u. S. . I think its a baseline. We feel pretty good about the deployment for the major carriers in the u. S. Its not sorry its some sort of luscious lower our morals and dust off our hands. From a Risk Management we feel on the front end of the deployment were in a pretty advantageous position right now in terms of specific question about whether the levers that can be pulled to influence what ict is procured and deployed into the field right now or for the federal government which hosted the functions that matters the American People they are sort of eight or nine different levers right now that all touch different parts of it. They are on the federal side theres the mda section 889 which we discussed a little bit a newly created federal Acquisition Security Council brings together civilian government led by dhs dod to a a thats a new development we havent had before. As existing aprocess which has to do with foreign investment. Another levers there as well. There are the export controls and needless authorities of the department of commerce has. Department of commerce also issued abthe president signed executive order may 15 and securing ict supply chain that will have forthcoming rulemaking by the department of commerce and how we want to implement that. To potentially ban private sector ict as transactions to include services as well. Thats another lever that fix into the quiver. I think you stitch almost together and there is a number of ways that pull for what is allowed to go into the federal digitally connected enterprise and what the private sector is able to buy and deploy of ways to influence that. Some incentive based on regulatory based as well. Recognize the fact that it just made one claim policy and aim six or seven other things. There are tools out there. Thank you everybody for coming. We really appreciate it. Thank you to the panelists. [applause] [inaudible background conversations] [inaudible background conversations] [inaudible background conversations] cspan washington journal live every day with news and policy issues that impact you. Coming up wednesday morning, a astephanie zabel discusses u. S. Military deployments around the world. And better angels president and cofounder David Blankenhorn talks about the groups effort to foster understanding among people of differing political ideologies. Be sure to watch cspan washington journal live at 7 00 eastern wednesday morning. For 40 years cspan has been providing america unfiltered coverage of congress, the white house, the supreme court, and publicpolicy events from washington dc and around the country. So you can make up your own mind. Created by cable in 1979. Cspan is brought to you by your local cable or satellite provider. Cspan, your unfiltered view of government. Coming up tonight, a look at some of the programs you can watch every weekend on booktv here on cspan2. Tonights theme is u. S. Intelligence. Next, amaryllis fox, former officer with the cia Clandestine Operations unit discusses her book life undercover then philip mudd, former Deputy Director of the cias Counterterrorist Center talks about the cia Detention Centers that were used to interrogate suspected terrorists following 9 11. After that, Stephen Kinzer explores the work of Sidney Gottlieb the head of the cia mk ultrnd
vimarsana.com © 2020. All Rights Reserved.