ICT Supply Chain Security: A Panel Discussion

Listen & Download

On February 24, 2021, President Biden signed an executive order (EO) on a whole-of-government strategy to secure supply chains for critical and essential goods. The EO institutes a parallel examination of supply chain vulnerabilities: (1) a 100-day review of four key industries, including semiconductors and (2) a one-year review of a broader range of industries, including information and communications technology (ICT). At the same time, the Biden Administration did not withdraw the ICT supply chain security rule from the Trump Administration that is scheduled to go into effect March 22. Citing security benefits to the ICT supply chain, the Acting Chairwoman of the FCC has teed up a Notice of Inquiry on Open Radio Access Networks (ORAN) for the FCC’s March 17 meeting. The Commerce Department’s National Telecommunication and Information Administration has launched its own Notice of Inquiry on 5G Open Stack Challenge on behalf of the Department of Defense.

What do these actions mean for the ICT sector, and the semiconductor industry particularly? Will ORAN result in more secure and trusted 5G networks? Will it be adopted due to perceived long-term cost savings and operational benefits, or will government mandate its adoption? If the ICT supply chain rule goes into effect this month, will there be enough semiconductors to power 5G? Join us for a panel of informed experts to discuss these critical issues.

Register here to attend live

Featuring:

Maryam Khan Cope, Director, Government Affairs, Semiconductor Industry Association

Kelsey Guyselman, Deputy Policy Director, U.S. Senate Committee on Commerce, Science & Transportation

Hon. John Kneuer, President and Founder, JKC Consulting LLC; former Assistant Secretary of Commerce for Communications and Information, U.S. Department of Commerce

Gregory Watson, Policy Advisor, Hon. Brendan Carr, Federal Communications Commission

Moderator: Patricia Paoletta, Partner, Harris, Wiltshire & Grannis LLP

---

This Zoom panel is open to public registration. See the above link.

Event Transcript

[Music]

 

Dean Reuter:  Welcome to Teleforum, a podcast of The Federalist Society's practice groups. I’m Dean Reuter, Vice President, General Counsel, and Director of Practice Groups at The Federalist Society. For exclusive access to live recordings of practice group Teleforum calls, become a Federalist Society member today at fedsoc.org.

 

 

Nick Marr:  Welcome, everyone, to this Federalist Society virtual panel, sponsored by our Telecommunications & Electronic Media Practice Group. Today, March 23, 2021, we're hosting a panel discussion on ICT Supply Chain Security. I'm Nick Marr, and I'm the Assistant Director of Practice Groups at The Federalist Society. 

 

      As always, please note that expressions of opinion on our call today are those of our experts.

 

      We've got a whole host of them, as you can see. I'll introduce them one by one, and then I'll hand the floor over to our moderator who will continue the discussion.

 

      We're very pleased to be joined this afternoon first by Ms. Maryam Cope. She's the Director of Government Affairs at the Semiconductor Industry Association. Then we have Kelsey Guyselman. She's the Deputy Policy Director at the U.S. Senate Committee on Commerce, Science & Transportation. We're also joined by John Kneuer. He's the President and Founder, JKC Consulting LLC. He's also a former Assistant Secretary of Commerce for Communications and Information at the Commerce Department. Finally, we have Gregory Watson, who's a Policy Advisor to Commissioner Brendan Carr at the Federal Communications Commission.

 

      Our moderator this afternoon, we're very pleased to have, is Patricia Paoletta. She's a Partner, Harris, Wiltshire & Grannis. With that, I won't waste any more of your time, Tricia. I'll give the floor to you.

 

Patricia Paoletta:  Thank you, Nick. And let me extend my thanks to the panelists and my fellow moderator, John, on this panel, which sounds simple enough: "ICT Supply Chain Security," but it's a big issue with a lot of technical and a lot of different legal pieces out there, between executive orders and legislation from the Hill. And the FCC has a recent inquiry. So I'm going to set the stage by explaining how I understand the issue as a practitioner tracking these issues for clients over almost a decade, at this point. And then we're going to turn to our panelists, who have probably been more active participants in the actual development of the policies, both in their current and former roles.

 

      So ICT supply chain security – I'm sure most of you, but, you know, this is open to any member of The Federalist Society, so ICT, you probably know, is Information Communications Technology. And, like I said, beginning about a decade ago, members of the Hill—up in my memory, most notably, is Mike Rodgers, now retired and actually active in the private sector on this issue—really beginning to raise the alarm on security issues with having non-trusted vendor equipment—and predominantly, that was Chinese equipment—in the network of U.S. telecom providers. And concern over that for cybersecurity attacks, for surveillance, and other issues.

 

      So in 2012 Congress put out a report out on that issue. And then over the intervening years, you saw more and more focus on that. In the larger telecom providers, I assume through just the buying power of the U.S. government, didn't have much Chinese equipment in their network. But the smaller telecom providers—you know, rural and more -- not the big national guys—did have Huawei in their equipment because Huawei operates in a protected home market and has a lot of subsidies from its government. So they're able to provide, probably at below market prices, very affordable -- and good quality but very affordable, maybe below cost, equipment.

 

      So you saw a lot of telephone companies buying Huawei, particularly after the American Recovery Act stimulus came out in 2009. So fast forward, obviously, the existence of Chinese equipment in the market became more of an issue in the last administration.

 

      In 2018, the former FCC chair, the Trump appointee, Ajit Pai, initiated a rulemaking to look at whether the Universal Service Fund that U.S. telecom providers—to use the FCC's euphemism—"contribute" a portion of their revenues into a fund to support the deployment of telecom by rural and high cost areas, by schools and libraries; whether those moneys should be going to actually buy Chinese equipment and maintaining Chinese equipment.

 

      So he begin the proceeding, I'm thinking in 2018. And then, of course, the following year in May 2019 President Trump issued the ICT Supply Security Executive Order, which was very sweeping and basically looked at, and touched on, almost what any relevant agency, including the FCC, looking on, making sure that there were not -- that ICT transactions involving foreign adversaries, would require some preclearance.

 

      Subsequent to that, the FCC tweaked its USF proceeding, now called, well, you'll have to correct me on this, Greg. But Supply Chain Security through FCC Programs, something to that effect, and tweaked it. Now, at the same time, a lot of work was going on at the Hill, as Kelsey can elaborate, including how are we going to get more U.S. involvement in the international standard setting bodies that develop telecom standards? We have a bunch of legislation coming out of that, including support for open radio access networks.

     

      And, as I view that—again, we'll have our panelists dig down deep—Open Radio Access Networks, or Open RAN or O-RAN, is basically decoupling the hardware and software so that you can have competitive software providers interoperating with the network equipment, the Radio Access Network equipment of the traditional vendors. And, typically or traditionally, that was all a closed proprietary system from the big network providers, including Huawei, but also trusted vendors, as we now have that new adjective, trusted vendors like Ericsson, or Nokia, or Samsung or others.

 

      O-RAN began to pick up a lot of interest, both in the administration and in Congress on a bipartisan basis, as a way to facilitate the moving away from reliance on Huawei as telecom providers, again, particularly the smaller ones, the ones who needed the most affordable option, as companies migrated into 5G, or the Fifth Generation of cellular technology.

 

      So we saw legislation out of the Hill, including the Apporpriations Act in the end days of December supporting what we say, rip-and-replace of Chinese equipment and replace it with trusted vendor equipment. We saw legislation coming out of the Hill with the USA Telecom Act to fund R&D for O-RAN. And, again, as I mentioned, last week -- did I mention it? Last week the FCC issued its Notice of Inquiry on O-RAN.

 

      Now, at the same time, of course, this has been a bipartisan concern and the Biden administration, last month, February 24, so, almost a month ago, issued its Executive Order on ICT supply chain security. And in it it did a two-part review, one a 100-day review to look at the supply chains of four key industries including semiconductors. And that's why we're quite thrilled that Maryam Cope is here to parse through that. And then a longer one-year review after which the agencies have to develop a report with a set of recommendations, feed that up to the White House and to CNNSA, and then use of policy recommendations back up to Congress and to the agencies.

 

      So that's a big picture, that big elephant. We can all have different pieces of it, ears and eyes. But that's how I perceive it. And now I'm going to turn it over to John to maybe give a more in-depth view or different view.

 

John Kneuer:  Thanks very much. And I think that was a super scene-setting of where this has been going on for a long time. This Teleforum itself came out of discussion that we were having within The Federalist Society Communications and Information Technology Advisory  Board on potential areas where there would be continuity from the Trump administration into a Biden administration.

 

      I think the conventional wisdom is that these are two administrations that are now as diametrically opposed or separate in their general world view than most successive administrations. And in a lot of ways, I think that may be true, but I think it seems that the one area where there, at least, has become a bipartisan agreement on the diagnosis of the problem, not necessarily the prescriptions, but that the national and economic security risks and concerns that come with a rise in China's growing dominance in ICT technology supply.

 

      And Tricia mentions O-RAN and the issues of Chinese dominance in network infrastructure equipment, and that has raised bipartisan concerns from both a tactical security issue. Do companies that are close to the Chinese government present a threat for infiltration of U.S. networks, if U.S. networks are heavily supplied with outsourced equipment? And then a longer-range economic security question: what happens when strategic key infrastructure that we need to operate our country's networks is potentially sole sourced from China? That there really are no other competitive manufacturers. What sort of concerns does that introduce?

 

      And so O-RAN was looking down-range to try and address both of those problems. At the same time, Covid disruption issues and trade tensions and just-in-time purchasing decisions have really underscored existing supply chain issues around semiconductors and other even commodity equipment where there might a diversity of supply. But the overall volume of supply, for a variety of reasons, has gotten constrained. And, if we are over-reliant on certain countries for those supply chains, what sort of issues should those introduce and how should the government be thinking about that?

 

      And it seems very clear to me that this issue is carrying over absolutely from the prior administration to this administration. Just from a quick review, and I know this is not comprehensive, but just since the beginning of the year, there have been at least three congressional hearings, 12 pieces of legislation have been introduced, there have been at least nine agency actions. The President, himself, has issued four executive orders around the security of the supply chain. And there have been countless other statements and reports from others.

 

      So this is clearly an issue that will carry over, and I think the value of this panel is giving our listeners and Federalist Society members some visibility into how we think these things are going to -- where there's going to be continuity, where there's going to be re-shaping, where -- while there may be a continuity of a description of the problem, are there any changes and potential solutions?

 

      So, with that, we may start with the question on the most recent Biden executive order which requires the agencies to submit recommendations and legislation on how to ensure a resilient diverse and secure ICT supply chain. It asks for comments from industry as well.

 

      So from the panelists' perspective, and I'll open this up to everyone, what would you expect those recommendations to be? What do you think are the touch points that the broadest cross-section of these market participants, as well as policymakers in the Hill, the administration, what do they think are the biggest challenges in maintaining that resilient supply chain?

 

      And maybe I'll start with Greg at the top, just because you're up in that corner.

 

Gregory Watson:  Sure. Thanks, John. And I appreciate it. Patricia, thanks for inviting me out and I'm excited to be a part of the panel today. So I don't know if I'd be the best to really lead off here with this particular question. Obviously, coming from the Trump administration, I won't make claim that I have great insight into what the current administration plans to do or what they're working on over there.

 

      But, I guess I should point out on the FCC side, and this is something that Patricia noticed earlier, we adopted a Notice of Inquiry last week that seeks comment on how the FCC can foster the development and deployment of O-RAN technologies. The NOI is pretty broad, which should really help build out the record on these issues, but it does ask some targeted questions about the supply chain and security of O-RAN systems.

 

      Commissioner Carr's view on this is that O-RAN shows promise for three main reasons: improved services and performance, more high-paying jobs in the software industry which is something America is particularly strong in, and more secure systems through vendor diversification. O-RAN will enable more robust and diverse ecosystem of trusted vendors, but it's not a silver bullet. And nor will this transition happen overnight. We should continue to work with our agency partners, Congress, international allies and, of course, the private sector, to approach ICT supply chain issues holistically. While doing so, the FCC should continue using its authority and expertise to protect our communications networks, whether it be through O-RAN, further Section 214 reviews and meeting the rip-and-replace process to remove untrusted network here.

 

John Kneuer:  Maryam? Kelsey?

 

Kelsey Guyselman:  John, I think you made a really interesting point in your opening remarks in terms of the continuity between the two administrations. I think this is one of those rare issues where there's pretty bipartisan agreement, at least on the goal of having this secure, resilient communications networks. If we have seen anything in the past year, it is how important it is to have reliable and safe and secure internet access. Everything from education, telehealth, commerce, everything's online now, including this panel, obviously. And so having a network that can hold up to challenges or threats and be safe from vulnerabilities is even more important, I think.

 

      So, certainly, we see that on the Hill there's a lot of bipartisan movement on this issue. I won't presume to anticipate what the agencies will recommend. I think in terms of how we view the situation, I think there are some core tenants. Not having tech mandates, making sure that we're looking at solutions through the lens of how they are actually going to be executed and adopted and deployed, particularly in rural areas. We had a hearing last week talking about broadband and the lack of connectivity that's still out there. And anything that threatens to make that divide greater would be of concern. So including burdensome and expensive tech mandates on companies, I think would be a challenge for us.

 

      I think, you pointed out the standards body issue. I think that's something that's really important. Making sure we have a strong presence, both the U.S., in terms of the government, but also our private sector companies. Our like-minded international partners, ensuring that the ideas and standards that are coming out of these bodies are something that will be conducive to secure networks is important.

 

      So I think ideas that are focused on R&D, standards bodies, things like that, will certainly be something that we'd be receptive to exploring further in legislation.

 

Maryam Khan Cope:  Thanks Kelsey and Gregory.

 

      I think, just to take a step back, we went through this presidential transition in the middle of a pandemic. And, lately, there are a lot of problems with the U.S. supply chain across various industries, everything from pharma to personal protective equipment. And, quite frankly, the semiconductor industry was able to maintain production really well across the whole pandemic.

 

      But what happened was that a lot of trends that the industry is seeing were highly accelerated by the onset of the pandemic. So the transition to remote work, the transition to internet of things, the demand for personal electronic devices, the demand for broadband, just to be able to live and work amidst this COVID era has required a heavy reliance on the ICT supply chain, as Kelsey pointed out.

 

      We commissioned a report, my organization, Semiconductor Industry organization, from Boston Consulting Group, and they had projected that semiconductor demand would increase by 56 percent over the next 10 years. So that's quite a bit. How is this relevant to the United States? We used to be one of the leaders in manufacturing capacity for semiconductors. In 1990 we had 37 percent of global capacity, and now we only have 12 percent. And this was very, very much recognized by Congress in the last Congress, with the bipartisan passage of the Chips for America Act as part of the defense authorization.

 

      What Congress didn't anticipate was that spike for automobiles would also -- personal automobiles instead of public transport -- would also spike during the pandemic and afterwards. The industry is obviously grappling with the auto ship shortage but is shipping more chips at this point in time to the auto industry than at this point in time last year. So really, really ramping up production.

 

      And so I think we need to make a distinction as we look at these issues between resiliency and security so we have a highly secure supply chain. We provide chips to our missile defense systems, our super computers that secure our nuclear arsenal, to banks, to other critical infrastructure, and a very, very secure supply chain to get those chips into the devices that are then created and shipped out to the customer.

 

      But the question of resiliency has become even more pertinent because of where the distribution of manufacturing growth has been globally for the semiconductor industry. So we know that the Senate is looking to consider the Endless Frontier's Act and the America Leads Act, which is just a broad compilation of efforts—bipartisan efforts—to address U.S. competitiveness. We think funding the Chips for America Act is a critical, critical pilar of any effort to keep America competitive.

 

      When it comes to ICT, the broadband ecosystem, everything is really dependent on being the most advanced in AI, 5G and 6G, and at some point is getting quantum computing. But a recent statement by one of our CEOs from our industry was that to be able to effectively deploy 5G, over ninety percent of their chips will have AI at the edge.

 

      So these things are really inextricably linked, and they're also really tightly linked to our leadership in semiconductors. So I would say the same applies for Open RAN, even though it's much more software based. It still requires a chip set can interact with software and be able to reallocate a spectrum in an efficient way to be able to meet the demands of the O-RAN architecture.

 

      So all of these things don't ultimately come down to chips. Policymakers need to look at the whole spectrum of the ICT space. But certainly chips are a key wrench pen for part of this discussion.

 

Patricia Paoletta:  Maryam, you were so good that I'm going to stick with you and ask a follow up.  So, the executive order by President Biden last month does require a 100-day review of key industries, including semiconductor, but with policy recordation.

 

      So what policy recommendations are you hoping to come out of that review and, you guys are no doubt working on it. Are you looking for more support in the U.S. manufacturing process for R&D incentives, tax incentives? And what support does the U.S. semiconductor industry need to keep up with that global demand, and particularly since we're the telecom crowd and 5G and other ICT services?

 

Maryam Khan Cope:  Right. Absolutely. It's a great question. So, I would even point to the President's comments. He held up a chip and said, "Look. We need to invest in the U.S., and need to make sure that those investment pay dividends here in the U.S."

 

      So, again, chips are the fourth largest export by revenue of the United States.  They're still manufactured here across many states. So I think it does align with the Biden priorities to have really robust funding of the Chips Act. We're hoping that those recommendations include fully funding the research pieces of the Chips Act, the manufacturing incentive pieces of the Chips Act. Again, the price tag is really high, but I do want to point out that globally other governments are including semiconductor incentives in their recovery packages.

 

      So I think we need to maybe not look at it so much as industrial policy and look at it as a combination innovation policy and national security policy. It's really important for us to have this leadership position on a fundamental level. There are some that might argue that a lot of America's growth since the post-World War II base has been based off of our innovation in the ICT sector, which really has been driven by innovation in the chip space.

 

John Kneuer: So that's very helpful. Question for I think maybe Kelsey and Greg. When I was in the Bush administration, and the end of the Bush administration, we were concluding a national strategy on securing cyberspace. And when the Obama administration came in, they announced a 100-day review of the prior action. But, essentially, it was very recognizable, the stuff that we had been working on at both OCP and other places.

 

      So the Secure 5G and Beyond Act was bipartisan legislation. Kelsey, I don't know if you were there for the drafting of that, but Greg, you were in the White House as the recipient of that directive to start a whole of government strategy for securing leadership in 5G and other things. Do you have a sense that there's going to be that same kind of continuity to the work that was going on the Trump administration?

 

      In my experience in the Bush administration, the continuity was not because the work we had done was so brilliant or because there was such a political meeting of the minds. It was because the product that was coming out of the White House was really generated by experts in the Federal agencies who continued on from administration to administration. It was really a government work product rather than a political work product.

 

      But, Greg, do you have any insights on the work that you'd be comfortable talking about while you were in the administration? And, Kelsey, if you have any sense in whether you've been communicating with the new Biden administration and whether or not this is something that's going to be a continuation of work, or do you think it's a clean sheet of paper exercise as this point?

 

Gregory Watson:  Yeah, thanks for that, John. I think that's a good point. And, again, I haven't spoken with folks over in the Biden administration or can't speak for them. But I think generally that's a fair assumption that you make, especially when there's been pretty clear signaling from leadership from the Biden administration that there are at least some policy approaches or recommendations from a tactical approach that they'd like to maintain from the previous administration. It really frees up the ability of the career staff who have been there, not just during the Trump administration, but even years before that, who have been working on these issues, are familiar with them, and can work quickly to develop policy and formulate things through the interagency process.

 

      I know that's from my experience it's, and you pointed to the Secure 5G and Beyond Act, that was another example that it stands out to me where there was just a tremendous amount of interagency agreement through that, which allowed us to really build off of things like the 2019 ICT supply chain EO. Other directives that had been passed on by Congress either through NDAA or other legislation. And so it really frees up the ability of the staff to put forward policy ideas that leadership then can then either run with or decide to go a different direction. But to your point about the carry-over here, I think this could be an opportunity just given that fact.

 

Patricia Pauletta:  And to note a little bit on what Greg said, I think with these sort of policy and strategic solutions, I think they're almost inescapably a whole of government approach to it. I don't think you can have an effective plan without involving all of the various agencies and  turning to the expertise at the agencies that we have used.

 

      When I was at the White House, there were a lot of interagency conversations around this issue. And several of the people at the table had been there for several administrations, and so I think drawing on that experience is really important and will be a step towards continuing some of the work that was done in the previous administrations. I know the strategy that was required by the Secure 5G and Beyond Act came out at the very end of the Trump administration in January. So it'll be interesting to see what this administration does in terms of acting upon some of the suggestions and recommendations from that report. I think there was a lot in there that was actionable in the near term, so I think that will be something we'll be keeping an eye on to see if there's progress in that.

 

      And then to see if this administration takes the same approach. I know that they're still staffing up in a lot of the offices, including NTIA and OSTP. So I think until those folks are in place, it's a little difficult to predict what things will look like in terms of their action on these issues, but it's something that I think if they're going to be effective, we'll have to take that approach of the interagency process and a whole of government look at securing the supply chain, especially given some of the things that Maryam pointed out about how this touches essentially almost every industry at this point. And so you can't de-couple the work of securing the supply chain without considering all of the different equities at play here.

 

Kelsey Guyselman: Yeah, and John, I might add to the interesting difference between how we viewed cybersecurity and security in prior generations of technology is that we almost viewed it in a vacuum that didn't include some of the supply chain components as deeply. That was considered more of like a human factor. Can someone walk in and plug something in, etc.. It wasn't necessarily following the product.

 

      I think that 5G and Beyond Act takes an even broader step back and says, "Okay. What is the U.S. government doing to make sure that our allies are plugged into our ICT supply chain strategy and how can they help us? How can we all get aligned around a strategy that's good for the U.S. and also good for our allies?" And I think that is a positive development that I hope to see carried over through the Biden administration is robust conversation of allies about what our priorities are. And not necessarily just, we think that we should do 'x', but also it's unlikely for the U.S. to be able to take the lead and to bear the brunt of the cost of drastically taking the lead in every sector of the ICT supply chain.

 

      Part of the reason that it's so globally distributed is because it drives costs down. The economy, our global economy means that supply chains are global, and ICT companies want to be able to sell globally so that they are able to reinvest those profits back into R&D. And so I think maintaining an open conversation with allies is really important for market access on the front end, as well as R&D projects that can help keep the U.S. and their allies at the front end of ICT innovation. And then also use those conversations with allies to identify any sort of emerging threats that are relevant to the U.S.

 

      So just some thoughts on that.

 

Patricia Paoletta:  Thank you, ma'am. And certainly the Biden executive order from last month, in the longer-term review, does have a component to keep discussing with our allies how to keep up a secure, diverse, resilient supply chain in those key industries. So it is, at least, baked into the executive order and as you all have suggested, long standing interagency discussions and support from the State Department hopefully would further that.

 

      I'm going to switch to a more specific topic, but still staying with the interagency dialogue theme, I guess. Greg, recently—well, last week—the FCC actually revoked the licenses of a number of Chinese owned telecom providers that had followed up on about a year and a half ago denying China Mobile's pending application to have international telecom authority. So, obviously, the FCC doesn't make that decision in a vacuum. There is an interagency process that, back in the day, team telecom only applied to new licenses, but the prior Trump administration executive order developed a—or codified really, codified—tweaked and codified an interagency discussion on licenses generally, whether they're pending or already -- I mean the application is pending or it's actually licensed -- to discuss whether that's secure.

 

      Anyway, if you could walk us through the thought process for revoking the existing licenses last week and denying China Mobile a couple of years ago, that would be very informative, I think, to the audience.

 

Gregory Watson:  Yeah, sure. So, obviously, the U.S. has acknowledged for some time that Chinese telecom firms pose a threat to our communications networks and, in turn, our national security. If the FCC were in a position to do something about it, and we are.

 

      As you pointed out, the FCC blocked China Mobile's application in 2019 and, at that time, Commissioner Carr actually called for the FCC to conduct a top-to-bottom review of every telecom carrier with ties to the CCP due to their inherent national security risks. With that type of review on their mind, the FCC opened investigations into several carriers, including the three included in the proceeding we watched last week. This puts the FCC towards the final step in the process that could prohibit these carriers from operating in the U.S.

 

      As to the process part of your question, ultimately the FCC makes an independent decision on whether to allow foreign carriers to operate in the U.S. based on the totality of the public interest considerations. But in cases like this, the executive branch, agencies responsible for national security, weigh in as part of our process at the Commission. As you can imagine, FCC weighs heavily their expertise in identifying any national security concerns associated with our decision. So, in this case, we are pleased that they agreed with us.

 

      The U.S. has set a high bar for action over the last few years when it comes to meeting the threat to our networks from entities aligned with communist China, and we've got to continue to meet this challenge head-on.

 

Patricia Paoletta:  Just looking for my -- so last week the FCC just initiated the proceeding to withdraw their licenses. They didn't withdraw them outright. The initiated -- of course, the Communications Act would provide some due process, right? For those entities?

 

Gregory Watson: Yes.

 

Patricia Paoletta:  Okay. Well, thank you for clarifying.

 

Gregory Watson:  So last week we did revoke the international side. We are opening the proceeding on the domestic side.

 

Patricia Paoletta:  Oh. Thank you.

 

John Kneuer:  So, Maryam, a question for you. The Secure Networks Act required NTIA of the Commerce Department to lead an interagency information sharing program for preventing future vulnerabilities. But its also supposed to give regular briefings to trusted vendors in the private sector. Has SIA been engaged in that from your perspective? I am sure there is transition at NTIA that head of that agency hasn't been named, but is that a process that is benefiting and getting enough input from the private sector from your perspective and from what you hear from your members?

 

Maryam Khan Cope:  I think we could certainly use more engagement from NTIA throughout the transition. I know they are making their best effort. So I don't want to knock them for that. A lot of great, very knowledgeable career staff at NTIA.

 

      We've been very involved with the NSTAC group, that NTIA feeds, into DHS feeds into, other entities within commerce feeds into, and that's been really helpful. I think they were, about two years ago, very early on in identifying this issue around chips. The IT supply chain security task force, last November, identified the lean supply chain security, sort of lean inventory methods for the IT sector, and so this is a potential problem just doing on-demand storage of chips, etc. We saw with some international auto companies that they had anticipated potential disruptions in their chip supply, and so they had more chips on hand when chips became less available.

 

      So I think that there's a lot going on in this space in terms of conversations between the U.S. government and our industry on what types of practices are needed to make sure we have a resilient supply chain. I think the secured supply chain discussions are ongoing. But, again, we have a lot of commercial practices that are really strong in the commercial space, so we may not need to layer on additional requirements for the government, depending on what type of program the government is doing.

 

      But, I think on the resiliency side, there's a lot of discussions going on and we're happy to engage with NTIA on this.

 

Patricia Paoletta:  Thanks. Now, I'll pick up that thread over to Kelsey. Obviously you guys are very busy up there in Congress over the last couple of years. A lot of legislation on this issue broadly. Well, we'll start with the specific oversight issue but then, generally, so you directed the FCC to implement secure and trusted communications networks. They're in the middle of that in terms of developing a list of covered equipment that has to not be supported, it has to be ripped and replaced. But again, as John had mentioned, NTIA has a lot of tasks under the various legislative pieces you've done, and the GRAM program.

 

      So, I guess, if you could share your thoughts on how the various agencies are doing implementing these Congressional mandates. And then what oversight do you anticipate over the next year to make sure that all these Congressional mandates are actually being followed?

 

Maryam Khan Cope:  Well, we are certainly watching closely what's happening on these issues at the FCC, in particular. We were really pleased with the progress that was made under Chairman Pai towards this goal.

 

      And then, of course, in December when the Rip and Replace Program was fully funded through the Consolidated Appropriations and COVID Relief Bill. I think we view that as an important step towards the FCC completing its efforts to begin getting money out the door and getting the equipment out of networks.

 

      So I think that we're going to continue our oversight of the program, continue our oversight of the expenditures of the funds that were appropriated. So it's something that's ongoing. I think looking at what happened at the February meeting, it seems like they're moving in the right direction towards implementation of the legislation including the expansion of eligibility that was included in the December bill.

 

      So I anticipate that this will be something we'll continue to keep a close eye on. This was a big project for my boss in the last Congress getting this legislation both passed, but then also fully funded. It was a nearly, I guess, 18-month effort for him and so something that he was really committed to and continues to spend a lot of time thinking about and talking about. So I anticipate it'll be something we keep a close eye on.

 

John Kneuer:  So, Trish, should we see if there are questions from people out in Zoom land?

 

Patricia Paoletta:  Yeah, we can do that.  Yeah, so for panelists -- sorry, not panelists, audience, Zoom-land members. Raise your hand or put on the Q and A or the chat the questions you might have.

 

      And I see we do have one. It relates to enforcement of export restrictions. And I'm going to interpret that, or at least I'm going to spin that -- this question to be in the -- it's hard to remember all the details, but certainly under the original Trump administration May 2019 -- or actually it's in follow-on commerce orders in terms of U.S. entities not selling chips to China or -- and there was a lot of talk in the trade press -- I'm directing this at Maryam -- a lot of talk in the trade press that Huawei was going to have a real problem not fulfilling its 5G infrastructure and needs for chips if it was denied access to U.S. chips. So if you can expound a little bit on that. What's going on with that situation? There was some cheering by some Huawei opponents, "Oh, it's just going to be the end of Huawei. They won't have enough chips. We finally destroyed the giant." And now they're just like, "No, no, no. They're going to draw up their own diverse supply chains." And anyway. You can talk about that issue.

 

Maryam Khan Cope:  Yeah, I think, well, the U.S. chip industry, the chip industry as a whole is very, very sensitive to national security concerns, and we follow all applicable export control rules for controlled technologies. And once something moves into a national security designation, we just comply with the rules, quite frankly. We have a long history of doing that.

 

      You know, I think Elizabeth's question is on risks introduced to the ICT supply chain from deemed export restrictions which are related to hiring people who have access to information that they -- that the U.S. government deems is relevant information to a controlled technology. The rules around deemed exports are really, really strict. In fact, we found them to become even more strict over the past 5 or 6 years.

 

      So I actually think that is an unlikely place that you would see a vulnerability. I think that the concern is less about stealing IP. I mean, we don't want our IP stolen, and we want strict IP enforcement across the globe for the semiconductor industry's IP. But the reality is its not easy to steal a chip design and make it. There are thousands and thousands of engineers working on some of the most sensitive equipment in the world. One semiconductor manufacturing facility costs between 16 and 20 plus billion dollars to build. And it has very complicated equipment in it. It has been attempted before for bad actors to steal chip designs and to make them themselves, and they've been highly unsuccessful in doing that. And part of the reason is its, this isn't the era of -- this isn't airplanes or something that's less complicated to make, even though an airplane is quite complicated to make.

 

      But the reality is the reason China is such a concern is because they're investing in the technology and the people and the research. So they're looking at our success, the U.S.'s success in the semiconductor industry and they're trying to replicate that. And that's what causes there to be a geopolitical issue. So, that would be my suggestion to the group is look at it more broadly, less about stealing technologies and more about who's catching up with us in these technologies. The reality is someone described it to me recently: once other countries or bad actors stop wanting to steal U.S. technology, we have a major problem. Because then we're behind. So if nobody wants to steal from you, that's the biggest problem.

 

[Laughter]

 

Patricia Paoletta:  I like that positive spin on that issue. If only we had known that. I used to be at the U.S. trade representative and we had China stealing our intellectual property has been a long-standing problem. But we just should have had a more positive spin on it.

 

      So we got a question. In January, commerce published their IFR, which stands for Interim Final Rule, on securing the ICT supply chain. And this, again, was under the Trump administration May 2019 executive order. They put out a drafts rule at end of November and then late, mid-January, of course, January 19, so it was the day before, right? They put out their Interim Final Rule. Comments were actually authorized up through yesterday, the 22nd.  So, the question is, "Have any of your respective organizations identified opportunities or concerns with the implementation?"

 

      So, as I understand it, and I'm going to turn it over to the experts on our panel, the Rule, the Interim Final Rule, is deemed in effect as of yesterday. However, the Biden administration did not actually issue the draft regulations, so there's still a high UC pre-clearance licensing for an ICT transaction that might involve a foreign adversary. And, again, the ICT EO from the  Trump administration, it is farther than China. It applies to Iran, to North Korea, the Maduro Regime of Venezuela, Cuba. But, again, when you come to ICTs -- Russia. When you come to ICTs, obviously China is the big hegemon there, right?

 

      So the draft regulations are still not up, but the rule is in effect, so it is going to be implemented. What I have heard from industry filings is that there's a lot of frustration in how overbroad it is. And it's still just not very clear what type of transactions would require that pre-clearance. So, there is industry concern. But, hey, I'm not industry. Maryam, maybe you've got some more insightful views on this.

 

Maryam Khan Cope:  Well, the U.S. Chamber just submitted some comments on this Interim Final Rule, and we worked with them on that. I think you hit the nail on the head. I think there are some concerns about how broadly the Interim Final Rule is written. There was intended to be some type of pre-licensing process. From what I understand, the pre-licensing process has been submitted to OMB and will be released soon.

 

      But I think it would've been a lot easier for industry to feel that they had regulatory predictability if we had been able to see the licensing process before the rule was finalized. But that hasn't been the order thus far, but we're looking forward to engaging on the licensing process.

 

Patricia Paoletta:  Thank you. Anybody else on the panel on the terms of the current set of play? Kelsey, any concern with your members on implementation of the Final Rule and ICT's supply chain security?

 

Kelsey Guyselman:  I have not heard anything specifically, but don't want to speak for them. So I would defer to those members.

 

Patricia Paoletta:  Okay. Fair enough.

 

      John, you want to  handle this next question from Christopher Garvey?

 

John Kneuer:  We get it here?

 

Patricia Paoletta:  Yeah. And then maybe, you had mentioned that the President has signed a number of Executive Orders. Christopher writes he recalls seeing one revoking the ban on using China to supply critical infrastructure to the U.S. That doesn't sound in line with what you were saying. But are you aware of any?

 

John Kneuer:  I am not aware of that. I don't know if the panelists have come across anything. There was a massive flood of EOs that came out in the first few days of the administration, some with intents to reverse executive orders from the prior administration, I guess just in general matter. The executive order policy is policies that are pushed through in agencies on a strictly partisan basis. Those are policies that are typically rented. They're subject to quick revocation.

 

      But, as we talked about at the outset, I think there's a lot of continuity in thinking about this. So I have not seen that EO. I don't know if the panelists may have a different recollection.

 

Patricia Paoletta:  Maryam, does that ring any bells?

 

Maryam Khan Cope:  No, not quite.

 

[Laughter]

 

Patricia Paoletta:  All right. It doesn't seem consistent with the concern we've seen from this administration as a carry-over from the prior, let alone the broad bipartisan consensus from the Hill on concern with overreliance on Chinese equipment for critical infrastructure.

 

      So --

 

Maryam Khan Cope:  -- Patricia, I would just say the new administration isn't totally staffed up yet. So I think a lot of this is still to be determined. There's been a tremendous amount of action on it thus far, but I'm not sure the policy is totally settled yet.

 

Patricia Paoletta:  Okay. Well, I'm going to take this opportunity to do a follow-up with Greg on the O-RAN Notice of Inquiry. What's your sense of timing on that? Obviously, once it's published in the Federal Register, we'll get comments. But what's your thinking -- will there be a next step? Obviously, most of our viewers in Zoom land are administrative lawyers and know that was follows a Notice of Inquiry is sometimes a Notice of Proposed Rulemaking. Kelsey had mentioned concern with her members in mandating technology. Assuming that was debated even in the last FCC about whether it's part of Rip and Replace, should it be mandated that what is replacing China's equipment is Open RAN equipment? What's your -- if you could project what might come next and when, with an NPRM, that would be great.

 

Gregory Watson:  Yeah. No. That's a good question. I don't know that I'll have a good answer there. I think, realistically, it's going to take some time, one, for comments to come in on the NOI, and then there will be the standard process that leads us towards an NPRM.

 

      I think one thing that may come into factor at some point is, I think there is generally, just based on the statements that we saw from the other commissioners during the adoption of the NOI, I think that there's generally -- and I don't mean to speak for them here, but just based on their statements, it seems there was support broadly for exploring these issues of O-RAN and flushing out some of the details here.

 

      But I think you're right. Some of the more difficult policy questions would seem to come next through an NPRM. And so, depending on, I think it's a 30-day time frame for comments on the NOI -- I could be off on that, so don't quote me, but I think it's 30 days. Unclear whether we'll be still in a 2-2 commission at that point, or whether we'll be in a 3-2 scenario. So while that is still to be determined, I guess the one thing that I would really encourage folks to do is to -- I think Maryam made this point earlier about how there's connection between semiconductors, as well as O-RAN and being able to work together on that, to the extent that you all out there are tracking issues that are important, we would really encourage folks to weigh in through the NOI, which will help develop a record that can lead us towards an NPRM.

 

      I don't work for the acting chairwoman, so I shouldn't commit her to timelines that she doesn't intend to keep, but I think from Commissioner Carr's perspective, I think we're really looking forward to reviewing the record on this. And the sooner we can get towards an NPRM and keep this process moving along, purely out of the concerns that we've talked about from the national security standpoint, 5G jobs, innovation, and we think that there's a lot of promise there.

 

      So the quicker that we can move towards this transition, we think generally is a good thing. But, obviously, there's sensitivities around and careful attention that we should also give consideration to in terms of our trusted more -- I don't want to say the word "legacy," but our trusted and experienced vendors currently operating in the RAN marketplace and ensuring that there is attention given to issues around those vendors, as well.

 

      So I can't commit to a timeline here, but I think generally we're hopeful to see this move forward quickly.

 

Patricia Paoletta:  Thank you for that. And, moving quickly, you did mention that Commissioner Carr has said that O-RAN is not a silver bullet in terms of making sure our networks are trusted.

 

      Let me turn quickly to Kelsey. In the U.S.A. Telecom Act, Congress appropriated $750 million in R&D grants to help promote O-RAN. But there's perceived urgency in trying to get this technology out there to help wean our dependents, or some dependents, from China, as well a making more competitive vendor market and actually improve functionality for 5G with virtualization and qualification of 5G. Obvious good things.

 

      Why is it that the GRAM Program doesn't kick in? Or it says, "beginning no sooner than," or whatever the language is. But the GRAM Program had to be done by June 30, 2022. I was curious why isn't there more a sense of getting the money out there to help seed the field?

 

Kelsey Guyselman:  So I would note, actually, that that bill did not appropriate any money for the program. It authorized the original version that was pushed through the Senate did, but the final version that was signed into law did not. And so, that's something that will have to be independently appropriated at some point.

 

      And so, I think in terms of urgency, I think this is still somewhat meets the technology. I would argue it's certainly becoming more ensured, and we're seeing it deployed more and more. And I think the standards development process is ongoing. I think that the R&D that was part of the U.S.A. Telecom Act is an important step here. I think talking about things like test beds, particularly with how this can be deployed in rural areas, as I noted earlier is of particular concern.

 

      I think one of the things that we heard at our hearing last year on 5G security from Steve Berry with CCA, he said that it was like rebuilding the airplane mid-flight for rural carriers. And so I think that's a concern for us in terms of how do we align the process of developing and maturing this technology with the deployment of it, and particularly in some of the networks where it's going to be, perhaps, a little bit more of a lift. Although, I will note there are rural carriers who are deploying O-RAN successfully. I spoke last week with a carrier out of Idaho and Washington State who has put O-RAN as their network and reduced costs by 40 percent per site.

 

      So I think it's certainly a promising option. I think it's just something that we're trying to take a measured approach to in terms of making sure that it's done in a lawful way that is beneficial for both consumers, providers, and, of course, beneficial for national security above all, too. So I'm trying to find the right threading of the needle on the issue.

 

Patricia Paoletta: Well, thank you very much for that.

 

      I see Nick has popped up. We've run out the hour, folks.

 

Miles Simpson:  Patricia, quickly. Just like to answer the question that was posed by one of the viewers. Someone commented saying that the critical infrastructure EO was suspended and not revoked. And that's a lot more common in terms of a new administration coming in and saying, "Look, we're going to take a fresh look at some of this stuff." But I think it fits much more within that -- more of a, let's take some time to confirm our thinking rather than signaling a dramatic change in view. And I just wanted to make sure that I was responsive to our viewers.

 

Patricia Paoletta: Thank you, Miles Simpson, for clarifying that.  All right, Nick. Over to you.

 

Nick Marr:  I want to thank you all very much on behalf of The Federalist Society for participating today, to our panelists, to our moderator, Patricia Paoletta, who organized this panel. And, of course, to our audience for calling in. Very good questions. Very engaged audience. We always like to see that. Just a reminder, we welcome your feedback by email at [email protected]. Also, be checking your emails and our website for announcements about upcoming Teleforum calls and Zoom events like this one. We have a couple more to close out this week. Some interesting ones. So check those out on our website.

 

      And with that, thank you all very much for joining us today. We are adjourned.

 

[Music]

 

Dean Reuter:  Thank you for listening to this episode of Teleforum, a podcast of The Federalist Society’s practice groups. For more information about The Federalist Society, the practice groups, and to become a Federalist Society member, please visit our website at fedsoc.org.