FCC Sharpening Focus on Test Labs and Potential Cyber Threats

In recent years, the FCC has cracked down on foreign RF equipment manufacturers that potentially pose a national security threat, especially Chinese companies Huawei and ZTE Corp. In April, President Biden signed legislation that could lead to a ban on Chinese social media platform TikTok. As a next step, the FCC has proposed rules to prohibit telecommunications certification bodies (TCBs) and RF test labs controlled by potentially hostile governments from authorizing technology for U.S. communications networks.

“The CCP [Chinese Communist Party] has a well-documented record of leveraging control over aligned companies, using them to advance the CCP’s maligned goals from surveillance, corporate espionage, IP theft,” said Commissioner Brendan Carr during the FCC’s May agenda meeting. “We’ve seen this in spades in the telecommunications and technology sectors, in particular. The FCC has played a key role in our government-wide initiative to safeguard our networks against these and other types of threats from bad actors.”

In an earlier proceeding, the FCC established a “Covered List” of entities producing communications equipment deemed to cause a security threat to the United States. The Notice of Proposed Rulemaking the FCC adopted unanimously would set limits on the percentage of ownership companies on the Covered List can have in TCBs and test labs. It also proposes interagency procedures for keeping track of TCB or test lab eligibility.

As the agency charged with managing the nation’s airwaves and ensuring that equipment transmitting radio signals do not create harmful interference, the FCC has long set certifying criteria for RF equipment and employed third-party testing labs as part of the process. New equipment must meet the certification requirements before it can be sold in the United States. In recent years, the issue of RF equipment used to gather information for foreign governments has become as important as testing for interference.

Banning certain companies on the Covered List might not go far enough to protect Americans’ privacy and cybersecurity. “We’ve expressed concern for the U.S. white labeling devices where someone can slap a new name on a Huawei box in an effort to sneak it through the FCC’s equipment authorization process,” Carr said. One way to defend against that is greater scrutiny on TCBs and labs.

“As the number of wireless connections around us multiply and the importance of security of connections matters more than ever before, this system needs an update,” said FCC Chairwoman Jessica Rosenworcel. Rosenworcel and Carr were the main backers of the NPRM.

In a related development, the FCC recently received comments in a Further NPRM on the recently created “U.S. Cyber Trust Mark.” The Commission asked whether certification companies participating in the program should be required to reveal the origin of software and firmware in internet of things (IoT) devices before they can be certified under the program.

Most commenters said that the FCC should not attempt to evaluate potential threats emerging through the Trust Mark program on its own. “USTelecom emphatically supports the exclusion from eligibility of companies that the intelligence community deems an unacceptable risk,” the association said in its comments. “However, we are concerned that the Commission’s approach here is potentially overbroad and lacks grounding in the analytical approaches of other agencies. The Commission should instead defer to the expert agencies’ findings concerning specific entities.”

USTelecom specifically named the Department of Commerce’s Bureau of Industry and Security and the Department of Justice as better equipped for the evaluations. In the process of preparing the TCB/test lab NPRM, the FCC has already issued a request for information from other federal agencies to learn more about labs’ ties to the CCP.