FCC Commissioner Brendan Carr hailed House Commerce Committee advancement of the Secure Equipment Act (HR-3919). The committee also cleared seven other telecom cybersecurity measures (see 2107210064). HR-3919 and Senate companion S-1790 would ban the FCC from issuing new equipment licenses to Huawei and other companies the commission considers a national security risk. It “would help ensure that insecure gear from companies like Huawei, ZTE, and others can no longer be inserted into America’s communications infrastructure,” Carr said Thursday. “We have already determined that this gear poses an unacceptable risk to our national security” (see 2106090063) and HR-3919/S-1790 “would ensure that the FCC closes this Huawei loophole.”
Bipartisan legislation introduced Wednesday would require agencies, contractors and critical infrastructure operators to report cyberhacks within 24 hours of discovery (see 2103040066). Introduced by Senate Intelligence Committee Chairman Mark Warner, D-Va.; Vice Chairman Marco Rubio, R-Fla.; and Sen. Susan Collins, R-Maine, the Cyber Incident Notification Act includes liability protection in certain circumstances. Warner has predicted a bipartisan cybercrimes reporting bill (see 2106100053). Senate Environment and Public Works Committee members told a hearing the federal government should invest in resources to defend against cyberthreats to critical infrastructure. Cyber is a long-term, constantly evolving challenge, said Chairman Tom Carper, D-Del.: It requires “sustained federal investment, not one-time solutions.” Ranking member Shelley Moore Capito, R-W.Va., backed training exercises and information sharing between agencies. She’s looking forward to including cyber policies in committee legislation. The Cyberspace Solarium Commission’s March 2020 report concluded water utilities remain largely unprepared to defend networks against cyber disruption, testified Rep. Mike Gallagher, R-Wis., commission co-chair with Sen. Angus King, I-Maine. It's an “extremely dangerous” situation, said King, saying the next Pearl Harbor or Sept. 11, 2001, attack will be cyber-related. The private sector should have liability protection when sharing information because delays don’t work, said King. The government hasn’t made the necessary investments to protect transportation systems, which begins with cybersecurity, said ITS America CEO Shailen Bhatt. ITS recommended a more robust transportation cybersecurity strategy with requirements for transportation agencies to meet certain “marks” determined by the National Institute of Standards and Technology and the Center for Internet Security.
The House Commerce Committee unanimously advanced the Secure Equipment Act (HR-3919) and seven other telecom security measures Wednesday, as expected (see 2107200001). The others: the Understanding Cybersecurity of Mobile Networks Act (HR-2685), Information and Communication Technology Strategy Act (HR-4028), Open Radio Access Network Outreach Act (HR-4032), Future Uses of Technology Upholding Reliable and Enhanced Networks Act (HR-4045), NTIA Policy and Cybersecurity Coordination Act (HR-4046), American Cybersecurity Literacy Act (HR-4055) and Communications Security Advisory Act (HR-4067). “These bills will only further our commitment to increasing the safety and security of our networks and supply chains, while at the same time increasing competition and innovation,” said House Commerce Chairman Frank Pallone, D-N.J. The measures “will strengthen the security of our networks as industry deploys advanced technologies,” said House Commerce ranking member Cathy McMorris Rodgers, R-Wash. “With recent cyberattacks, it is our duty to find solutions that ensure a robust and secure supply chain for our communications networks.”
Senate Commerce Committee ranking member Roger Wicker, R-Miss., and Sens. Shelley Moore Capito, R-W.Va., and Todd Young, R-Ind., filed the Funding Affordable Internet with Reliable (Fair) Contributions Act Wednesday to explore requiring “Big Tech” companies to contribute to USF. It would direct the FCC to study “the feasibility of funding Universal Service Fund through contributions supplied by edge providers” like Google-owned YouTube and Netflix. The study should examine “the class of firms and services on which contributions could be assessed, including an inquiry into the specific sources of revenue potentially subject to contributions, such as digital advertising revenue and user fees” and USF contribution “equity issues.” The bill wants the FCC to examine equity of “alternative contributions systems” like federal appropriations and “whether a flat or progressive rate is most appropriate.” More “consumers are moving to internet-based services,” which “raises concerns about the sustainability of fees collected from consumers’ telephone bills,” Wicker said. “As online platforms continue to dominate the internet landscape, we should consider the feasibility of Big Tech contributing to the USF to ensure rural areas are not left behind as we work to close the digital divide.” Commissioner Brendan Carr, who proposed making edge providers pay into USF (see 2105240037), said “requiring Big Tech to contribute is more than fair.”
The House voted 319-105 Tuesday to pass en bloc the 5G-centric Promoting U.S. Wireless Leadership Act (HR-3003) and four other telecom and media measures the chamber had originally intended to vote on Monday (see 2107190054). The other bills: House Resolution 277, the Preserving Home and Office Numbers in Emergencies Act (HR-678), Emergency Reporting Act (HR-1250) and Measuring the Economics Driving Investments and Access for Diversity Act (HR-1754).
The House Commerce Committee is to mark up the Secure Equipment Act (HR-3919) and seven other cybersecurity measures Wednesday, the panel said Monday. The other security measures on the docket: the Understanding Cybersecurity of Mobile Networks Act (HR-2685), Information and Communication Technology Strategy Act (HR-4028), Open Radio Access Network Outreach Act (HR-4032), Future Uses of Technology Upholding Reliable and Enhanced Networks Act (HR-4045), NTIA Policy and Cybersecurity Coordination Act (HR-4046), American Cybersecurity Literacy Act (HR-4055) and Communications Security Advisory Act (HR-4067). The partly virtual meeting begins at 10 a.m. in 2123 Rayburn. The House Communications Subcommittee examined the measures in June (see 2106300077). HR-2685 would require NTIA to report on cybersecurity of wireless networks and vulnerabilities to cyberattacks and surveillance by adversaries (see 2104210070). HR-3919 and Senate companion S-1790 would ban the FCC from issuing new equipment licenses to Huawei and other companies the commission considers a national security risk. HR-4028 would require the Commerce Department to create a whole-of-government strategy to bolster U.S. information and communications vendors’ economic competitiveness and reduce their reliance on foreign resources. HR-4032 would direct NTIA to provide outreach and technical assistance to small communications network providers on how to use ORAN technologies. HR-4045 would direct the FCC to establish a 6G Task Force to provide recommendations on how to ensure U.S. leadership in developing that technology’s standards. HR-4046 would create an Office of Policy Development and Cybersecurity within NTIA. HR-4055 would require that NTIA establish a cybersecurity literacy campaign to increase public knowledge and awareness of cybersecurity risks. HR-4067 would make the Communications Security, Reliability and Interoperability Council permanent and require the council to report to Congress every two years with recommendations on “network security, resiliency, and interoperability” issues it examines.
House Consumer Protection Subcommittee ranking member Gus Bilirakis, R-Fla., will soon introduce legislation to ensure the FTC is “focused on ransomware” and working with a broad group of law enforcement agencies, House Commerce Committee ranking member Cathy McMorris Rodgers, R-Wash., announced at a subcommittee hearing Tuesday. She cited recent ransomware attacks on Colonial (see 2106110031) and others as reasons for Congress to act. Bilirakis isn’t a member of the House Oversight Subcommittee, which held the hearing with testimony from Microsoft and FireEye. Last year, more than 2,400 organizations were victimized by ransomware attacks with a financial impact of about $500 million, said Microsoft Assistant General Counsel Kemba Walden. Subcommittee Chair Diana DeGette, D-Colo., cited a Microsoft report claiming more than 99% of cyberattacks could be prevented with multifactor authentication deployed. She asked if Congress should mandate such requirements through legislation, and Walden agreed. House Commerce Committee Chairman Frank Pallone, D-N.J., cited the Biden administration’s recent efforts to combat ransomware, including a new ransomware website (see 2107150036) and efforts to make it more difficult for hackers to transfer funds using digital currency. Victims pay to accelerate the process of recouping their business operations or because it’s in the best interest of protecting their data and customer data, said FireEye-Mandiant Senior Vice President Charles Carmakal. This is despite the lack of guarantees the compromised data will be deleted, he said: Victims do anticipate that stolen data is eventually published “at a later point in time.”
The House was set to vote Monday night under suspension of the rules on the Promoting U.S. Wireless Leadership Act (HR-3003) and four other media and public safety telecom measures. The other bills in the docket: House Resolution 277, the Preserving Home and Office Numbers in Emergencies Act (HR-678), Emergency Reporting Act (HR-1250) and Measuring the Economics Driving Investments and Access for Diversity Act (HR-1754). HR-277 would reaffirm the House’s “commitment to diversity as a core tenet of the public interest standard in media policy.” HR-678 would limit reassignment of phone numbers during a declared natural disaster. HR-1250 and Senate companion S-390 would direct the FCC to issue reports and do field hearings after activating the disaster information reporting system. HR-1754 would require the FCC “consider market entry barriers for socially disadvantaged individuals in the communications marketplace” for video competition reports. HR-3003 would direct NTIA to encourage U.S. companies and others to participate in international standards-setting bodies as a way of improving the country’s 5G leadership role. The chamber is also set to consider other tech measures this week, including the Consumer Protection and Recovery Act (HR-2668) to restore the FTC’s FTC Act Section 13(b) authority (see 2106210054).
The House Appropriations Committee voted 33-26 Thursday to advance the FY 2022 Commerce, Justice, Science and Related Agencies bill (see 2107150064), which would increase NTIA’s annual funding almost 97% to $89.5 billion. The Patent and Trademark Office would get almost $4 billion, up 8% from FY 2021. The National Institute of Standards and Technology would get $1.37 billion, up 32% and some 8% less than what President Joe Biden sought. The Commerce Department Bureau of Industry and Security would get $143.4 million, up more than 7%. DOJ's Antitrust Division would get $201 million, up 9%.
House Republicans launched the Freedom From Big Tech Caucus Friday to focus on antitrust, censorship and privacy. Antitrust Subcommittee ranking member Ken Buck, R-Colo., formed the caucus with Texas’ Lance Gooden, Utah’s Burgess Owens, North Carolina’s Madison Cawthorn and Arizona’s Paul Gosar. They accused Big Tech of rigging the free market, stifling innovation, “cozying up” to China and censoring Americans.