The Federal Communications Commission took its most aggressive step yet to expunge Chinese tech from U.S. telecom networks with its decision late last week to ban the sale of equipment from companies Congress and the Biden administration deem a national security threat.
But gear from the targeted Chinese tech giants Huawei, ZTE, Hytera, Hikvision and Dahua is so deeply embedded within the American telecom and networking landscape, it’ll take years and billions of dollars to effectively eliminate any risk that these companies pose.
While the FCC order is latest in a series of moves that Washington has made to reduce China’s influence, experts say it remains underfunded and offers no clear plan to help telecoms replace existing Chinese parts or find more affordable alternatives.
Friday’s order bans the authorization of selling new equipment from the targeted companies, but equipment already on the market can continue to be sold, blunting the immediate impact of the order.
“We will not see the full effects of it for years to come,” said Jack Corrigan, a research analyst at the Center for Security and Emerging Technology, who has studied state and local government purchases of Chinese tech.
It’s difficult to determine exactly how much technology from Huawei, ZTE, Hytera, Hikvision and Dahua exists inside domestic networks. Just considering Huawei and ZTE, which both make an array of networking components, the FCC estimates there are at least 24,000 pieces of equipment from those companies spread across more than 8,000 locations in the U.S. wireless network.
Because of the prevalence of Chinese equipment inside U.S. telecoms, national security officials and China hawks have long warned that Beijing could force Chinese companies to give its security services access to American networks.
The Trump administration stepped up efforts to exclude Chinese firms from U.S. networks, and beginning in 2019, U.S. telecoms were no longer allowed to use money from the FCC’s Universal Service Fund to buy gear from Huawei, but buyers that did not receive federal funds faced no such restrictions, allowing Huawei, ZTE, Hytera, Hikvision and Dahua to continue selling their goods to the American market. Now, the FCC will no longer approve new devices from those companies.
The latest move in Washington to beat back Chinese tech influence, a battle also playing out in Europe, is just one part in a massive undertaking to reverse many decades of dependence on cheap devices made in China, say experts.
“This isn’t the end,” said Joshua Steinman, a former National Security Council staffer during the Trump administration who helped coordinate the initial push against Chinese tech companies. “This is the middle of the beginning of it.”
Friday’s order dovetails with other efforts in Washington to improve U.S. technological independence from China, like the recently passed CHIPS and Science Act that created subsidies for domestic semiconductor manufacturing. But it remains to be seen whether companies from the U.S. and its allies can compete on cost from firms with China.
The five firms banned on Friday were able to gain wide adoption by competing on cost, and in their absence, other Chinese firms may step up to fill the void, Steinman said. It is important that regulators like the FCC remain vigilant to how the market shifts in coming years, he added.
While larger companies have mostly avoided the use of Chinese technology, smaller telecoms still need to remove significant amounts of gear from Chinese firms. Huawei and ZTE made major inroads by offering cheap, reliable tech to cash-strapped customers, said Tim Donovan, the senior vice president for legislative affairs at the Competitive Carriers Association, an industry group.
The FCC has created a program to fund the removal and replacement of this gear — “rip and replace,” in industry parlance — but that effort is underfunded. Congress has provided $1.9 billion to the Secure and Trusted Networks Act Reimbursement Program, but the FCC said in July that it needs at least $4.98 billion to cover the costs of replacing insecure gear, a $3.08 billion deficit.
That work is complicated and expensive. “Each network build is going to be different,” says Donovan. “Before you can fully rip, you have to put up a second network in parallel so you can switch customers over.”
There is some momentum in Congress to close the funding gap, but it is unclear when or whether it will get done. And until then, Chinese gear is likely to remain an important part of the U.S. telecom gear. In some rural areas, for instance, these smaller providers may be the only cellphone carrier, meaning that customers of larger companies may see their data move across Chinese gear while traveling through rural areas.
The presence of Chinese gear in rural areas concerns national-security officials, who worry that compromised telecom infrastructure may be used to spy on military bases in more remote parts of the U.S.
“It just so happens that some of these rural telecom companies service high-interest military facilities,” Steinman said.
Beyond telecommunications, products made by the five firms targeted by the FCC are deployed widely in the U.S.
A cursory search of a database maintained by Censys, a firm that indexes internet-facing devices, reveals nearly half a million Hikvision devices — video surveillance cameras — connected to the internet in the U.S. In Brooklyn alone there are nearly 15,000 Hikvision devices. Huawei has comparatively few devices online with just over 800 connected nationally, but the Censys search only shows internet-facing devices used by both commercial customers and consumers, highlighting the difficulty in weeding out gear from banned companies that is already pervasive in the U.S.
According to a study from the Center for Security and Emerging Technology from earlier this year, at least 1,681 state and local governments purchased gear from five Chinese tech companies identified as a security threat between 2015 and 2021. These municipalities are spread across the U.S. — Vermont was the sole state where the authors could not find evidence of gear bought from these firms.
“Organizations that use this stuff already will continue to be able to use it,” said Corrigan, the report’s lead author. “We need the government to start to prioritize these rip and replace programs.”
In a statement Friday, FCC Chairwoman Jessica Rosenworcel said the commission is also examining how to address parts from the targeted firms that are used in other products and whether the body needs to revoke its approvals for already existing equipment.
Addressing components from these companies represents a major challenge. Components from banned companies could still find their way inside U.S. networks through subsidiaries selling to American companies, warned Thomas Pace, the co-founder of the cybersecurity firm NetRise. “These companies make an insane number of components that happen to find themselves in all kinds of things.”