The US Commerce Department is intensifying its actions against China Telecom’s US unit over concerns that its cloud and internet services could be used to funnel American data to Beijing, according to a Reuters report.
The department issued a preliminary finding last week, stating that China Telecom Americas’ involvement in US networks and cloud services presents a national security risk, the report said. The company was given 30 days to respond.
The decision follows growing concerns in Washington over China’s suspected attempts to compromise US telecom infrastructure, including the “Salt Typhoon” cyber espionage campaign, described as a major breach.
Vulnerabilities in telecom
Telecom networks are an attractive target for adversaries, considering the wealth of insights and potential damage they can cause.
A compromise of the telecom network could intercept calls, provide real-time location access to interested parties, and even disrupt telecom services. Attacks on these networks are typically carried out by adversaries with significant resources or nation-state backing.
“Many telecom providers use Chinese products considering their cost-benefit, but they could be a black box with no visibility into their backdoors, even if codes are exposed for review,” said Sunil Varkey, a cybersecurity specialist. “Or the adversary could compromise a non-Chinese environment and manipulate the outcome.”
Considering the high volume of transactions in the telecom industry, identifying a small number of targeted fraudulent operations can be extremely challenging.
The sustainability of the digital environment and ecosystem relies heavily on the trust it provides to its stakeholders. Services such as telecom, cloud, and routing may have visibility into the data they process, but it becomes a significant concern if the service provider is not trustworthy.
“Due to world trade agreements, it will be difficult to ban products from any specific country based on assumptions,” Varkey added. “Considering the indicators, ensuring due care and regulatory mandates on telecom network infrastructure and the governance practices they follow is essential.”
Effect of FCC’s actions
The FCC has taken steps to restrict companies like China Mobile and China Telecom from operating in the US due to national security concerns.
“However, there are still gaps that need to be addressed,” said Sanjaya Kumar, CEO of SureShield. “One significant gap is the lack of periodic review of existing authorizations. The FCC currently does not have a process for regularly reassessing the national security risks associated with carriers that already have authorization to operate in the US.”
This means that once a company is authorized, there is limited oversight unless the company seeks a modification, assignment, or transfer of control. Additionally, there are broader cybersecurity challenges that need to be tackled.
The US has a National Cybersecurity Strategy in place, but it lacks comprehensive performance measures to assess the effectiveness of various cybersecurity initiatives, Kumar added.
This makes it difficult to ensure that efforts to protect critical infrastructure and data are successful.
Impact for businesses
The crackdown on Chinese telecom firms could create significant challenges for US businesses that rely on their services.
One immediate concern is the potential for service disruptions as companies transition to alternative providers, which may impact day-to-day operations and critical communications.
“Switching to alternative providers might come with higher costs,” Kumar added. “Businesses may need to make operational adjustments to accommodate new service providers.”
Source:: Network World