This piece originally appeared in RealClearDefense.
Ships and telecommunications networks employ technologies which are vulnerable to cyberattack. The United States (U.S.) and European Union (EU) attempt to enforce rules to regulate business practices and prevent misbehavior from adversarial foreign entities. With some efforts stymied because of legislative loopholes and court challenges, some U.S. and EU policymakers respond by increasing regulatory burdens on domestic entities, for example Section 214 designation on U.S. broadband providers and the complex burden of proof for EU shipbuilders to prove dumping by foreign firms. These policies provide policymakers with the satisfaction of the political appearance of national security, but the policies themselves do not necessarily protect people, enterprises, or property. Indeed, pursuing such policies may reduce national security by diverting resources from legitimate activities to secure networks and systems.
Telecom Networks
Efforts to restrict dangerous telecom network equipment from demonstrated malicious providers in the U.S. and EU has been challenged vigorously in court (see Hikvision USA v. FCC and Huawei v. Sweden). The Federal Communications Commission’s (FCC) Covered List notes just 10 Chinese and Russian companies whose products are restricted from licensure, when it should include hundreds, if not thousands, of firms. These delays have prompted U.S. regulators to looks for alternative ways to “secure” networks, and too often they fall back on outdated regulations inapt for today’s dynamic communications environment.
A case in point is the FCC’s current quest to apply market entry and exit rules to broadband in the name of national security. Section 214 of the Communications Act demands that telephone providers obtain the permission of the FCC to operate and subsequently every time they wish to add or remove “lines.”
