GAO to Study Cost of Real Fix to China Telecom Hack

In 2021 Congress authorized $1.9 billion to help small telecom carriers to rip out Huawei and ZTE telecom gear. In this year’s NDAA bill Congress authorized another $3 billion. But this Band-Aid only represents a tiny part of the overall China equipment hacking problem. For example, on the consumer side, about 65% of Small Office/Home Office network gear comes from TP-Link. The feds are looking at banning it as a national security risk. Whether they implement this ban or not, the problem does not change. I am replacing my TP-Link gear this weekend.

With China’s latest hack, Salt Typhoon, the feds publicly admit that nine large telecom providers, including AT&T, Verizon and CenturyLink/Lumen, were compromised. Privately, SEVERAL HUNDRED telecom and other sectors were notified that they may be at risk as well.

The risk is not limited to Huawei and ZTE equipment, which the $5 billion Congress authorized is designed to help replace. Another example is Cisco gear which has a hardware vulnerability that can only be fixed by taking it out to the parking lot and running over it with your car. And then replacing it with new equipment.

So while the FCC works to dole out the rest of the $5 billion Congress authorized, the GAO is looking at conducting a study as to the real cost of fixing the problem. Likely, add one or two more zeros to the money Congress has allocated. Alternatively, just open the door and give China every bit of intellectual property we have.

If the next president considers China a threat, then he might push his allies in Congress to support funding such an effort.

Whether he does or not, you should assume that the public network infrastructure that you use on a daily basis is compromised. And, if it is not compromised today, it likely will be tomorrow.

That means that you are on your own to secure anything you care to keep safe and not wait five or ten years for the government to maybe, possibly, partly fix it. After all, the replacement of the Huawei and ZTE equipment was signed into law in 2021. In 2025 Congress just adding funding to it.

You have to decide whether the government is going to fix this problem before all of your company’s jewels are stolen – or whether you have to do it yourself. Credit: Defense One

If you need help with this issue, please contact us.