New York Foreign Press Center Briefing on “U.S. Policy on 5G Tech.

MODERATOR: Okay, good afternoon. We’re pleased to have Robert Strayer with
us today, but first let me just introduce myself. I’m the new director in the Foreign Press
Center here in New York, Liz Detmeister, for those of you who we haven’t met. So the Deputy Assistant Secretary for Cyber
and International Communications and Information Policy in the Bureau of Economic and Business
Affairs at the U.S. Department of State is here today to speak with you, and I’ll turn
the program over to him in just a minute. First, I have a few housekeeping items. Please take a moment to silence your cell
phones. At the conclusion of his remarks, we’ll
open the floor for questions. Please wait for the microphone that we’ll
pass around as a courtesy, and please state your name and your affiliation before you
ask your question. Today’s briefing is on the record. And with that, over to you. MR STRAYER: Thanks, Liz. Thanks for that kind introduction, and I want
to thank the Foreign Press Center for organizing this event. I understand this isn’t the first time there’s
been an event here talking about transformative technologies. There’s very important international implications
of any new technology both from a political perspective, an economic perspective, as well
as from a national security perspective. We in the United States are very excited about
the potential for the fifth generation of wireless technology to empower a vast array
of transformative new applications that will benefit our country as well as societies around
the world. 5G is going to have increased amounts of throughput
of data up to 100 times what we have currently in 4G technology, as well as very low latency;
that is, the time delay that it takes a device to connect to the internet and receive data
back. So with those improved technologies, we’re
going to see many more devices connected to the internet, devices and sensors of what
they call the internet of things. We’ll see tens of billions of those new
devices in just the next few years. Those devices will be able to communicate
with one another and with systems automatically. That’s going to empower a whole new set
of types of critical infrastructure, so we’ll see autonomous vehicles, we’ll see telemedicine. We’re also going to see the current types
of critical infrastructure like electricity and water distribution being supplied through
things like the smart grid for the case of electricity distribution. Those will occur through the backbone of this
5G technology. Because it’s going to be so important to
our societies, we want all countries around the world to think carefully about the security
practices that should be in place to secure these 5G technologies. We encourage countries to adopt a risk-based
security approach, and they should do that for any type of information or communications
technology. With regard to 5G, we also think it’s very
important to look at the supply chain of the vendors that will supply these critical services. In 5G there is the privileges that the vendor
of technology will have both of its – providing its hardware and software will give it a lot
of influence over how these critical systems operate when oriented toward the consumer
or for governments. So for example, these vendors of hardware
and software technology could cause data to be exfiltrated for purposes that are not authorized
by the users, so that could cause the compromise of citizens’ privacy. The exfiltration data could also cause intellectual
property that belongs to businesses and corporations to be taken or stolen, and it could also cause
the disruption of those critical services like water and power distribution. So it’s very important that we have trust
in those vendors for 5G technologies. One indicator of trust that we’re very concerned
about is that a vendor not be under the control of a foreign government without appropriate
judicial controls. We know that the national intelligence law
in China as well as other laws empower the government there to require any entity within
China to comply with the mandates of the intelligence and security services in China. We think that’s very concerning, particularly
because there is no independent judiciary that stands in the middle between those entities
and the government. So in effect, they are under the direction
of the Chinese Communist Party. There’s other indicia of trust that we’re
concerned about. We think that companies should have transparent
ownership structures that are well understood and that comply with our Western laws related
to corruption, related to export controls and to intellectual property theft. We think that the best practices of corporate
governance are indicators of whether or not you can trust a company to be in such a privileged
position in these 5G networks. It’s important to understand in 5G networks
that there will be much more software on the systems. That increased software really presents an
increased cyber attack surface area; that is, there’s much more code that can be compromised. There are frequently updates to software that
are the operating system as well as software that is running the devices, which is called
firmware. When those updates occur, code can be introduced
in the systems that cause them to be compromised, that would enable the disruption of those
systems, or the data that’s running over them, including location data and other information,
to be exfiltrated outside the network surreptitiously. So it’s very important that we have trust
in those vendors. Last May, the Czech Republic organized a conference
with about 40 countries there to talk about best practices related to securing 5G technology
that focused on policy areas, technical areas, as well as the economics, the funding of 5G
systems. That conference resulted in a set of principles
called the Prague Proposals that we’re encouraging countries around the world to adopt. We think those are good, high-level principles
that can then be integrated into each country’s decision making about what kind of vendors
and what kind of system requirements they want to set for 5G technology. Here in the United States, on May 15th, President
Trump signed an executive order on information communications technology supply chain security,
which adopts – sets a legal framework in place that will allow us to adopt many of
the principles that are part of the Prague Proposals. We’ve also noted that, as of last March,
the European Union Commission also set out a security framework for 5G. It includes a principle that says that an
evaluation should occur of the ability of a third country to influence the vendor of
5G, the 5G equipment supplier. So we think that’s a very important criteria
to have in place. I should note that when we’re talking about
the radio access network, which is the non-core part – that is the part where there are
transmitters that’ll be closest to the user, and it’s closest to where your handset device
or other sensor will communicate with – the vendors for those are not American. So this is not us pushing U.S. technology. In fact, Ericsson, which is Swedish, Nokia,
which is Finnish, and Samsung, which is South Korean, are the three major providers outside
of the Chinese providers. Of course, there’s a much larger ecosystem
of 5G that will be empowered that will include U.S. technology, but we are in no way benefiting
these large integrators for any competitive purpose because they’re not American. They’re actually headquartered in other
countries around the world. The other point I wanted to make, too, is
that because our devices will be connected for all these critical uses in all parts of
the network, anywhere there’s computing going on within a 5G network will become critical. So there’s no portion of the network that
one could say is okay to have untrusted vendors. You want to have a trusted vendor in all parts
of the 5G network, wherever there is computing taking place; that is, the collection, the
processing, or the storage of data. So with that, I’d be happy to answer any
questions. QUESTION: Okay, my name is Harrison. I report for the News Agency of Nigeria. Why is the United States Government so wary
of China? MR STRAYER: So I don’t know if I heard the
question. Let me repeat it. So we’re – in our efforts here, our diplomatic
efforts here, we’re sharing our views about how we see the importance of 5G technology
and the importance of securing it and having trusted vendors. It’s agnostic as to the country. And we realize that each country with the
information we share with them is still going to make its own sovereign decision. We encourage them to make the sovereign decision
on their own. They need to – every country needs to have
its own calculus about the risk that it’s willing to accept in these technologies. We, of course, have an interest in working
with other governments because we share important government information with them, and we have
very interconnected economies. If a factory is compromised through autonomous
manufacturing that goes down in another country, that can quickly affect the United States
and other allies because we don’t see that factory providing that part of the supply
chain that others have come to rely on. And just with regard to China, we know that
their national intelligence law has that feature of them being able to mandate that vendors
like Huawei and ZTE comply with mandates of their intelligence and security services without
an independent judicial review, which does us – does cause us serious cause of concern. QUESTION: Almost a follow-up. Hi, Sherwin Bryce-Pease, South African Broadcasting. I just wanted to read you something that our
President Ramaphosa said a few months ago. Quote: “The standoff between China and the
United States, where the technology company Huawei is being used as a victim because of
its successes, is an example of protectionism that will affect our own telecommunications
sector, particularly the effort to roll out the 5G network, causing a setback to other
networks as well.” How do you respond to criticism like that? MR STRAYER: Yeah. We certainly appreciate the South African
president’s ability to make decisions that are in the best interests of all South Africans,
and which your nation will do at the end of the day. We would say that, as I mentioned earlier,
there is no U.S. company that stands to benefit from the campaign, the diplomatic campaign
of sharing our concerns. And in fact, on the point about whether there’s
a setback for other countries, we don’t think there is one. We, in the United States, are only going to
be using three trusted vendors, which are Ericsson, Nokia, and Samsung. We actually were the first to start rolling
out 5G in major cities. We have over two dozen major cities with 5G. Second place was South Korea and third is
likely to be China. So we’re seeing that the rollout with just
those vendors, we think there’s no slowdown in our ability to implement 5G by going with
those more trusted vendors. QUESTION: Hi, Kaori Yoshida from Nikkei. I had a question about rural America, and
some wireless carriers in rural U.S. are able to use equipment or are using equipment from
Chinese firms, including those under U.S. sanctions. And are you concerned that these rural areas
will experience a delay in the rollout of 5G technology, and what steps are you taking
to avoid that from happening? Thanks. MR STRAYER: Thank you for the question. Our four largest wireless carriers in the
United States have all committed not to using untrusted vendors in their 5G rollouts. As your question notes, though, some of our
rural carries in their 4G networks currently have some of these untrusted vendors. Our process for implementing the executive
order to secure the information and communications technology supply chain will likely address
this issue. That is on a roughly five month implementation
period under the executive order, so we haven’t yet announced our policy with regard to the
rural carriers, but we are going to work closely with them as well as with Congress. There are a number of bills in Congress seeking
to address this issue that will, I think, be borne out in the next couple of months. MODERATOR: We’ve got a question in the back. QUESTION: Hi. This is Carol with Just wondering, so for – you mentioned several
times only trusted vendors are going to be used and how this is going through a risk-based
approval process. Is there any thought in the future that 5G
network is going to be nationalized? MR STRAYER: No, we’re not planning to nationalize
our 5G network. We think that competition is important, that
we work with the private sector to – who knows best how to map out their next-generation
networks. QUESTION: Hi. Vincenzo Pascale, Messaggero di sant’ Antonio,
Italy. We know that most of the cyber attack come
from Eastern Europe and Russia. Why do you have so a main focus on China with
5G and not with Eastern Europe and Russia? MR STRAYER: Thank you for the question. We are sensitive to the fact that we all need
to improve the cyber security of all parts of the information communications technology
ecosystem, whether that’s 5G networks, telecom networks, or the computers that we’re using
every day for all kinds of other work, and all the databases that retain massive amounts
of data. We need to improve the cyber security of all
of those. The United States director of national intelligence
has assessed that there are really four countries that we’re most concerned about – and
that includes Russia, China, Iran, and North Korea – from a cyber security perspective. So we’re talking about addressing cyber
security overall, but in this particular context of 5G security, we want to talk about trusted
vendors. We see no reason to add to the overall risk
profile that we’re facing by having untrusted vendors. In this case, there are two major Chinese
vendors for 5G technology that we consider unsecure. So we say both address the cyber security
issues, including those that emanate from territories in Eastern Europe or in Russia,
as well as address this supply chain security issue for 5G technology. QUESTION: Thank you. Manik Mehta, I’m a syndicated journalist. You mentioned earlier that we want countries
to adopt risk-based security approach. What does that exactly mean, and could you
define it? Also, would you like to highlight – not
highlight, but at least update if you are putting any extra measures in place to avoid
a repetition of the security lapses we saw in the last election? MR STRAYER: Yes. Okay, thank you for both of those questions. So risk is fundamentally based on a few things,
but it’s the vulnerabilities potential to the system – think about the vulnerabilities
of any network – as well as thinking about the threat actors. And if you have untrusted vendors, that feeds
into the threat analysis because those are most easily compromised and more likely to
do something in someone else’s interest and not in your interests. So we think that trusted vendors feeds directly
into a threat model that should give anyone serious cause for concern when they’re doing
that overall risk analysis. There are a number of measures that wireless
operators will put in place to help secure the vulnerabilities, but as I mentioned earlier,
when you have a system where there is software that can be updated overnight almost instantaneously,
there is no way to review all the source code, all the lines of software that go into that
that could compromise the entire network, so that allows a malicious threat actor to
infiltrate the network and cause disruption or the exfiltration of data. We know, for example, that for years China
has caused – China Telecom, one of the carriers there, has caused the routing of internet
traffic to not go through its normal mechanism but to then be routed through China instead
of its normal conduits through the internet. The United States and 14 other governments
last December attributed one of the largest instances of industrial espionage in modern
history to the Chinese Ministry of State Security. The Chinese Ministry of State Security working
with a private company there was able to cause what they call managed service providers or
managed cloud providers, which are basically IT systems for major global companies. They caused at least companies in 12 different
countries to be compromised, their data to be taken, and some of that data to be shared
with commercial enterprises in China. So – and on your last point about election
security, we’ve taken a number of steps to improve the security of our elections and
to take steps against those who would seek to convene influence operations in the United
States using social media platforms. So I can’t talk about that necessarily in
this context of all the specifics, but we are working very seriously on that. We’ve also put grants out to our state and
local governments to help them secure their election infrastructure. QUESTION: Hi. Tamami Shimizuishi from Nikkei. I have two questions. The first one is: I understood like these
Chinese firms now labeled as the untrusted, but what kind of steps they need if they want
to be included as a supply chain to the U.S. telecom companies? And then second question is: I understood
all these four top carriers will not use any these Chinese suppliers for building the future
5G network, but I understood like they need to use the kind of fundamental network already
existed, like 4G network, and then I wonder is any of them have any these Chinese – the
parts or the system embedded for the kind of previous-generation network? MR STRAYER: Yeah, thanks for those questions. So that partially came up in the earlier question. Someone asked about the rule carriers. So there are – some of our rule carriers
in their 4G networks have what we consider untrusted vendors in their networks, and we’re
going – we’ve said that we’ve got concern about any 5G network having untrusted vendors. I – the question about how a company goes
from being untrusted to trusted, I mentioned there’s a number of indicia of trust, of
ownership structure, of compliance with export control laws, with intellectual property theft,
and with anti-corruption practices that are indicia of trusted companies. I would note that there are two pending indictments
against Huawei, one related to the theft of intellectual property from T-Mobile and the
other one related to a multi-year campaign to commit bank and wire fraud that deceived
banks about the nature of Huawei’s subsidiary in Iran that was in violation of U.S.-Iran
export control laws. There’s been no admission or any attempt
by Huawei to remedy that situation. They’ve just sought to deny it, and so I
don’t think we’re at a position yet to opine on what would be – make a company
trusted. QUESTION: Hi. I’m Nicolas Rauline from the French newspaper
Les Echos. It seems there is a problem in the cities
with price. The biggest problems of many cities are – is
the price, and it seems Huawei has the cheapest prices on the market. So how can you fight against that? And my second question: Is it a possibility
for you to completely close the U.S. market to Chinese companies in terms of 5G? MR STRAYER: So I’ll just take the last question
first. I just want to be clear: We’re not seeking
to close the U.S. market from anyone, but we want to just be clear is that we will use
the highest standards of security related to our information communications technology,
and that, admittedly, will have some effects on the market of what is allowed to be put
into very critical systems for the future of our citizens, and we would – as we talk
to others around the world, critical for their national security and economic security as
well. Oh, and then the – sorry, the price question. So every year, dozens of changes happen between
one vendor and another vendor. These types of changes happen all the time. There is arguably some price advantage because
of the government subsidization by the Chinese development bank and the Chinese export-import
bank of Chinese technology. That’s one of the reasons why we think it’s
important that the Prague Proposals – those principles that we arrived at with that group
of dozens of other countries in Europe – was to say that it should be transparent about
all the terms of any of these financing deals. Many countries have gotten themselves in the
position over the years of having massive debt burdens because they weren’t paying
any of the cost up front, and so what initially appeared to be a very cheap deal turned out
to be very expensive. It’s well known that in Sri Lanka the government
had to put up as collateral their port, and they ended up giving that port over to the
Chinese Government for a 99-year lease to settle their debt situation. So we think it’s really important that countries
think about what is the long-term, sustainable model for information communications technologies,
and we’re all the time seeing Nokia and Ericsson being selected by telecommunications
operators in country, so that’s telling us that they are offering something that’s
competitive and something that those operators in those countries deem to be economically
viable for a longer period of time. QUESTION: Hi. David McClure with NHK News. Two questions: first about the potential economic
impacts of barring Huawei or ZTE from participating in U.S. markets; and then second, if there
is any possibility to impact the way that the United States shares intelligence with
other countries that choose to use Huawei or ZTE, other companies that the United States
has deemed to be not safe. MR STRAYER: Yep. Thanks for those questions. So on the rollout of the technology, we think
we’re leading the world in that with dozens of cities already deploying 5G on a commercial
basis, not just on a trial basis. We know that Ericssson, Nokia, and Samsung
are leaders in that market and have ample supply to supply the buildout of 5G. So we don’t see any delay in choosing these
more trusted suppliers. From what I can tell, the only people who
are really the original source of suggesting that Huawei is a more sophisticated technology
and is – would be in the best position is really the company itself in Shenzhen. I’m sorry, and your second question was
the — QUESTION: Any possibility that countries that
choose to use Huawei or ZTE will have some – in some way be affected in the U.S.’s
ability to share intelligence? MR STRAYER: Yep. So we have important information-sharing relationships
around the globe with countries. We benefit. Our partners benefit. We want to make sure we can maintain those
relationships by having a vigorous flow of information, a bilateral flow of information. But if countries implement in their telecom
networks that are doing 5G untrusted vendors, we’re going to have to reassess how we’re
sharing information with them to ensure that we’re not compromising that very vital data. MODERATOR: I think we have time for about
three more questions. QUESTION: Thank you so much. I want to ask the question about 5G and concern
of terrorism. Has there been – do you think it will have
an impact on especially organizations and operation like ISIS? Will it help them, or it will be able to help
you in stopping them with their recruitment? And my other question – again, related to
terrorism – a wider question, broader: I wanted to ask right now there are talk that
ISIS is restructuring its organization, the focus on more global scale. Have you noticed any change on their behavior
in term of their cyber activities, especially in term of recruitment in Western countries,
Europe and United States? MODERATOR: Would you mind stating your name
and outlet? QUESTION: Majeed (inaudible) Rudaw Media Network. MR STRAYER: Thanks for the question. Some of that on the counterterrorism approach
is a little bit outside my normal lane, but what I can say is that we’re very focused
on countering violent extremist content online, the way that terrorists can use online activities
to gain recruits or to use online platforms to do – to increase their financing, or
to communicate, to coordinate a potential attack. So those are things that we’re working on
with American and global platform companies to ensure that we’re addressing the violent
extremism that can be online. And we’re also addressing those other concerns
about how terrorists can use the internet. That’s somewhat separate from the underlying
infrastructure. There, of course, is anywhere there’s more
internet connectivity, one needs to ensure that there are appropriate policies in place
to address platforms or other communications mechanisms from being misused or abused by
potential extremist elements or terrorists. QUESTION: Sophie Ding, Asahi Shimbun. Are you aware of any instances of industrial
espionage on the part of China? MR STRAYER: So the one case that – there
have been a long history of industrial espionage by China that led to an agreement between
President Xi and President Obama when they signed an agreement in 2015 in the Rose Garden
to ensure that there would be no more economic espionage through cyber means. We note that has continued, and very importantly,
last December the United States and 14 other countries attributed a massive industrial
espionage campaign through cyber means to the Ministry of State Security in China. MODERATOR: Do we have any more questions? Okay. Well, then thank you very much. MR STRAYER: Thank you.

, ,

Post navigation

Leave a Reply

Your email address will not be published. Required fields are marked *