FCC 'Rip and Replace' Provision For Chinese Tech Tops Cyber Provisions in Defense Bill (therecord.media) 21
The annual defense policy bill signed by President Joe Biden Monday evening allocates $3 billion to help telecom firms remove and replace insecure equipment in response to recent incursions by Chinese-linked hackers. From a report: The fiscal 2025 National Defense Authorization Act outlines Pentagon policy and military budget priorities for the year and also includes non-defense measures added as Congress wrapped up its work in December. The $895 billion spending blueprint passed the Senate and House with broad bipartisan support.
The $3 billion would go to a Federal Communications Commission program, commonly called "rip and replace," to get rid of Chinese networking equipment due to national security concerns. The effort was created in 2020 to junk equipment made by telecom giant Huawei. It had an initial investment of $1.9 billion, roughly $3 billion shy of what experts said was needed to cauterize the potential vulnerability.
Calls to replenish the fund have increased recently in the wake of two hacking campaigns by China, dubbed Volt Typhoon and Salt Typhoon, that saw hackers insert malicious code in U.S. infrastructure and break into at least eight telecom firms. The bill also includes a watered down requirement for the Defense Department to tap an independent third-party to study the feasibility of creating a U.S. Cyber Force, along with an "evaluation of alternative organizational models for the cyber forces" of the military branches.
The $3 billion would go to a Federal Communications Commission program, commonly called "rip and replace," to get rid of Chinese networking equipment due to national security concerns. The effort was created in 2020 to junk equipment made by telecom giant Huawei. It had an initial investment of $1.9 billion, roughly $3 billion shy of what experts said was needed to cauterize the potential vulnerability.
Calls to replenish the fund have increased recently in the wake of two hacking campaigns by China, dubbed Volt Typhoon and Salt Typhoon, that saw hackers insert malicious code in U.S. infrastructure and break into at least eight telecom firms. The bill also includes a watered down requirement for the Defense Department to tap an independent third-party to study the feasibility of creating a U.S. Cyber Force, along with an "evaluation of alternative organizational models for the cyber forces" of the military branches.
Taxpayers always foot the bill (Score:3)
Re: (Score:2)
The companies vetted the hardware and made their decisions based on the information at the time and the costs involved. It was the US gov't that later said "get rid of it" after the fact, hence the US gov't that needs to pay for it if they want it done without the companies just folding.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
So the US taxpayers foot the bill for the telecom companies that never properly vetted the hardware they were buying.
Those companies almost certainly validated the operations. What they could not know (and would not have the expertise to know, as these are the smaller companies) is if the software could possibly be vulnerable or exploitable (by something other then the US governments own required backdoor).
Sadly, bailing out stupid and incompetence continues to be the American way.
Re: (Score:2)
replace with what? (Score:4, Insightful)
I'm curious to know what equipment they will be using as a replacement for the Huawei gear, and how we will know that stuff is safe.
Re: (Score:3)
Nokia, Ericsson and Alcatel-Lucent are the main competitors in that market.
Re: (Score:2)
According to Wikipedia, "Alcatel-Lucent started operating as part of the Nokia Group" in 2016.
Re: (Score:2)
So European gear. Maybe because it looks bad when the NSA hacks US gear, but when GCHQ does it for them and hands the data over, that's fine.
On the plus side we are getting a lot of cheap, high end gear on the used market now. A flood of decent but not Windows 11 capable laptops too.
Re: (Score:2)
Re: (Score:2)
As the attackers are using US placed backdoors, this may make things _less_ secure.
Verizon Net Income (Score:2)
Verizon 12.1 billion in 2023
But wait, they will have to share it...
AT&T 15.6 billion in 2033
Comcast 15.1 billion in 2023
and so on...
So long, Joe - and thanks for all the fish!
Re: (Score:2)
The president doesn't allocate money or enact laws.
Rip and replace (Score:2)
Until it is done.
Chinese hacking didn't rely on Huawei gear (Score:2)
Salt Typhoon apparently exploited the law-enforcement intercept capability that's legally required in all exchanges. Nothing to do with Huawei and ZTE. Nokia and Ericsson exchanges were hacked too.
I wouldn't be surprised if a lot of the equipment being ripped out is stuff like antennae and UPS gear, which realistically poses no security threat. But I guess it's politically expedient.
Chinese or American (Score:2)
Was their intrusion/cracking (not Hacking) success achieved by Chinese-made back-doors or American-made back-doors?
In the case, of the former, removing Chinese-made hardware is a good idea. For the latter, the only answer is giving each LEO their own username/password, like any other information system requiring privacy. That means removing the 'I'm a cop, trust me, you have to tell me' cop-out, too.
Re: (Score:2)
US made and mandated backdoors to be used by law enforcement and spy agencies. Exclusively. And so badly made that they apparently cannot evict the attackers now.
Yep, that will help (Score:2)
Not using Chinese equipment will surely keep the Chinese from using US placed backdoors!
Never forget (Score:2)
Well, we just find out who was right (as if we didn't know at the time).