The $3 billion that Congress folded into the annual defense policy bill to remove Chinese-made telecommunications technology from U.S. networks would be a huge start to defending against breaches like the Salt Typhoon espionage campaign, senators and hearing witnesses said Wednesday.
Federal Communications Commission Chairwoman Jessica Rosenworcel recently told Hill leaders that the $1.9 billion Congress had devoted to the “rip and replace” program to get rid of Huawei and ZTE equipment left the agency with a $3.08 billion hole to reimburse 126 carriers for eliminating use of that tech, “putting our national security and the connectivity of rural consumers who depend on these networks at risk.”
The fiscal 2025 National Defense Authorization Act (NDAA), which passed the House by a 281-140 vote Wednesday, contains language authorizing funds to fill that gap. Sen. Ben Ray Luján, the New Mexico Democrat who chairs the Commerce Subcommittee on Communications, Media and Broadband, said at Wednesday’s hearing of his panel that Congress should approve that funding even though there’s much still unknown about the attacks from the Chinese government hackers known as Salt Typhoon.
“What we do know is that more must be done to prevent attacks like this in the future,” he said. “One obvious thing we can do today is get equipment manufactured by companies that collaborate with our foreign adversaries out of our American networks. … I’m hopeful that there’s strong bipartisan agreement to fully fund this program through this year’s National Defense Authorization Act and address one of the major known vulnerabilities facing our networks every day once and for all.”
Congressional action on the “rip and replace” program “demonstrates that Congress can take bipartisan action to secure our networks, an approach that is urgently needed now as we take steps to confront the challenges posed by China,” said Sen. Jerry Moran, R-Kan.
Tim Donovan, president and CEO of the Competitive Carriers Association that represents telecommunications providers and vendors, said that for rural carriers deciding whether to remove equipment but not replace it under the program’s original timeline, “the situation is dire.” Equipment still in place can’t be upgraded.
“If Salt Typhoon can hack major operators, then there’s a flashing red light for ‘rip and replace’ networks that do not have the same resources,” he testified.
The timing on final passage of the NDAA remains up in the air in the Senate following the House’s approval Wednesday. Some Democrats have opposed the NDAA over provisions related to transgender medical treatment. Prior to lawmakers reaching a deal and releasing the final version of the legislation over the weekend, incoming Senate Majority Leader John Thune, R-S.D., said the GOP would prioritize it when they assume control of the chamber from Democrats next month — assuming it doesn’t pass before then.
Some Republican senators at the hearing also cast doubt on a recent FCC proposal to regulate telecommunications firms’ cybersecurity under the 1994 Communications Assistance for Law Enforcement Act. Texas Sen. Ted Cruz, the top Republican on the full Commerce panel, said the Biden administration shouldn’t “rush into regulatory expansion” as an answer.
But Sen. Ed Markey, D-Mass., said the FCC was taking needed action and telecommunications companies have to invest more resources to safeguard their systems. Major telecoms should’ve also already been doing the things the FBI and Cybersecurity and Infrastructure Security Agency recently recommended, said Justin Sherman, founder and CEO of Global Cyber Strategies and nonresident senior fellow at the Atlantic Council’s Cyber Statecraft Initiative.
The post Senators, witnesses: $3B for ‘rip and replace’ a good start to preventing Salt Typhoon-style breaches appeared first on CyberScoop.