Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Communications

FCC 'Rip and Replace' Provision For Chinese Tech Tops Cyber Provisions in Defense Bill (therecord.media) 20

The annual defense policy bill signed by President Joe Biden Monday evening allocates $3 billion to help telecom firms remove and replace insecure equipment in response to recent incursions by Chinese-linked hackers. From a report: The fiscal 2025 National Defense Authorization Act outlines Pentagon policy and military budget priorities for the year and also includes non-defense measures added as Congress wrapped up its work in December. The $895 billion spending blueprint passed the Senate and House with broad bipartisan support.

The $3 billion would go to a Federal Communications Commission program, commonly called "rip and replace," to get rid of Chinese networking equipment due to national security concerns. The effort was created in 2020 to junk equipment made by telecom giant Huawei. It had an initial investment of $1.9 billion, roughly $3 billion shy of what experts said was needed to cauterize the potential vulnerability.

Calls to replenish the fund have increased recently in the wake of two hacking campaigns by China, dubbed Volt Typhoon and Salt Typhoon, that saw hackers insert malicious code in U.S. infrastructure and break into at least eight telecom firms. The bill also includes a watered down requirement for the Defense Department to tap an independent third-party to study the feasibility of creating a U.S. Cyber Force, along with an "evaluation of alternative organizational models for the cyber forces" of the military branches.

FCC 'Rip and Replace' Provision For Chinese Tech Tops Cyber Provisions in Defense Bill

Comments Filter:
  • by kmoser ( 1469707 ) on Wednesday December 25, 2024 @11:06AM (#65038475)
    So the US taxpayers foot the bill for the telecom companies that never properly vetted the hardware they were buying.
    • by chill ( 34294 )

      The companies vetted the hardware and made their decisions based on the information at the time and the costs involved. It was the US gov't that later said "get rid of it" after the fact, hence the US gov't that needs to pay for it if they want it done without the companies just folding.

      • And where does the government get this money to replace the equipment?
        • They borrow it. Just a tiny bit more added to the annual federal deficit. The 2024 deficit was about 1.8 trillion, aka 1,800 billion. So 3 billion amounts to about 0.17 percent of the deficit.
    • So the US taxpayers foot the bill for the telecom companies that never properly vetted the hardware they were buying.

      Those companies almost certainly validated the operations. What they could not know (and would not have the expertise to know, as these are the smaller companies) is if the software could possibly be vulnerable or exploitable (by something other then the US governments own required backdoor).

      Sadly, bailing out stupid and incompetence continues to be the American way.

    • The hardware is fine. The hacking groups mentioned never interacted with it. Huawei equipment is the most closely scrutinized equipment on earth. They can't fart without security researchers the world over digging deep to be the first to expose an intentional vulnerability. And the in-service software upgrades on Huawei guarantee more frequent security patches that their key competitors. Cisco equipment often runs for months with known critical CVEs because upgrades with firmware patches can take 45 minutes
  • replace with what? (Score:4, Insightful)

    by ZipNada ( 10152669 ) on Wednesday December 25, 2024 @11:10AM (#65038481)

    I'm curious to know what equipment they will be using as a replacement for the Huawei gear, and how we will know that stuff is safe.

    • by chill ( 34294 )

      Nokia, Ericsson and Alcatel-Lucent are the main competitors in that market.

      • According to Wikipedia, "Alcatel-Lucent started operating as part of the Nokia Group" in 2016.

      • by AmiMoJo ( 196126 )

        So European gear. Maybe because it looks bad when the NSA hacks US gear, but when GCHQ does it for them and hands the data over, that's fine.

        On the plus side we are getting a lot of cheap, high end gear on the used market now. A flood of decent but not Windows 11 capable laptops too.

      • I'm also curious to know whether they're replacing insecure equipment or Chinese equipment, because the insecure stuff that got hacked was mostly non-Chinese. So which is it?
    • by gweihir ( 88907 )

      As the attackers are using US placed backdoors, this may make things _less_ secure.

  • Verizon 12.1 billion in 2023
    But wait, they will have to share it...
    AT&T 15.6 billion in 2033
    Comcast 15.1 billion in 2023
    and so on...

    So long, Joe - and thanks for all the fish!

  • Until it is done.

  • Salt Typhoon apparently exploited the law-enforcement intercept capability that's legally required in all exchanges. Nothing to do with Huawei and ZTE. Nokia and Ericsson exchanges were hacked too.

    I wouldn't be surprised if a lot of the equipment being ripped out is stuff like antennae and UPS gear, which realistically poses no security threat. But I guess it's politically expedient.

  • ... break into at least eight telecom firms.

    Was their intrusion/cracking (not Hacking) success achieved by Chinese-made back-doors or American-made back-doors?

    In the case, of the former, removing Chinese-made hardware is a good idea. For the latter, the only answer is giving each LEO their own username/password, like any other information system requiring privacy. That means removing the 'I'm a cop, trust me, you have to tell me' cop-out, too.

    • by gweihir ( 88907 )

      US made and mandated backdoors to be used by law enforcement and spy agencies. Exclusively. And so badly made that they apparently cannot evict the attackers now.

  • Not using Chinese equipment will surely keep the Chinese from using US placed backdoors!

"We don't care. We don't have to. We're the Phone Company."

Working...