Adding to regulatory burdens doesn’t necessarily improve cybersecurity

Ships and telecommunications networks employ technologies that are vulnerable to cyberattack. The U.S. and EU attempt to enforce rules to regulate business practices and prevent misbehavior from adversarial foreign entities. With some efforts stymied because of legislative loopholes and court challenges, some U.S. and EU policymakers respond by increasing regulatory burdens on domestic entities.

Section 214 designation on U.S. broadband providers and the complex burden of proof for EU shipbuilders to prove dumping by foreign firms provide policymakers with the satisfaction of the political appearance of national security, but the policies themselves do not necessarily protect people, enterprises, or property.

Indeed, pursuing such policies may reduce national security by diverting resources from legitimate activities to secure networks and systems.

Telecom networks

Efforts to restrict dangerous telecom network equipment from demonstrated malicious providers in the U.S. and EU has been challenged vigorously in court (see Hikvision U.S.A v. FCC and Huawei v. Sweden). The Federal Communications Commission’s Covered List notes just 10 Chinese and Russian companies whose products are restricted from licensure, when it should include hundreds, if not thousands, of firms. These delays have prompted U.S. regulators to looks for alternative ways to “secure” networks, and too often they fall back on outdated regulations inapt for today’s dynamic communications environment.

A case in point is the FCC’s current quest to apply market entry and exit rules to broadband in the name of national security. Section 214 of the Communications Act demands that telephone providers obtain the permission of the FCC to operate and subsequently every time they wish to add or remove “lines.”

Claiming it will help national security, the FCC now proposes extending these obligations to all U.S. broadband providers, whether wireline, wireless, or satellite broadband (like SpaceX) as part of its Safeguarding and Securing the Open Internet proceeding, which is better known as the latest partisan move to reclassify broadband under Title II of the Communications Act. This amounts to the presumption that 3,000 domestic U.S. providers (predominately U.S. owned and only operating in the U.S.) present the same risk to Americans as if they were state-owned entities including China Mobile and China Telecom.

U.S. broadband providers never having to comply with such conditions has led to a more robust broadband U.S. market compared to many other countries. There is no evidence that U.S. broadband providers behave in ways which endanger national security that requires Section 214 oversight. European regulators, also concerned about network security, suggest it may be time to modernize their heavy-handed approach to broadband regulation, which has yielded less advanced networks and coverage in EU.

The FCC’s Title II reclassification of broadband with or without Section 214 will harm network investment and rollout is well-documented. U.S. broadband providers are right to fear that layering on new procedures from Section 214 will frustrate efforts to decommission old technologies in favor of more secure, high-speed technologies. It could also lead to a decelerated rural rollout and slow down the entry of new broadband technologies into the market. Ultimately, providers will lose much-needed flexibility to enter and exit markets as conditions and technologies dictate. Additionally, the massive bureaucratic undertaking of federal micromanagement of millions of U.S. broadband network locations has never been undertaken and will inevitably make broadband more expensive, the very opposite of the FCC’s goal in the wildly successful but soon to be expired Affordable Connectivity Program.

Section 214 aside, the FCC’s Title II effort is on shaky grounds. In fact, former solicitors at the Obama Department of Justice called the entire effort to impost open internet obligations on the U.S. broadband industry “unlawful”.

Nevertheless, the FCC partisans grandstand on this effort, so expectations are that the FCC will implement its proposal soon. Importantly, the Wheeler-led FCC forbore from Section 214 when it implemented a similar proceeding in 2015 because it was worried about the lingering effects on consumers and competition. The same approach should happen now. Alternatively, if the FCC concludes that Section 214 is needed, its application should be limited to the foreign entities Congress intended.

Shipbuilding

The European Commission outlines key security challenges to the critical shipbuilding sector with 150 shipyards and more than 120,000 workers, highlighting anti-competitive practices and financial subsidy distortion by foreign governments. While the EU attempts to incentivize competition on fair market conditions, many Chinese shipbuilding entities like China State Shipbuilding Corporation (CSSC) enjoy unfair advantages.

This includes but is not limited to acquiring and copying European ship design; producing the ship in dual-use, military shipyards under conditions that violate EU protections for workers, safety, and the environment; and receiving Chinese state financial support contravening violation of World Trade Organization regulations. CSSC sells its ships in the EU at below market prices to win market share. In 2023 China built 48.8% of the world’s commercial cargo ships, outcompeting even South Korea and Japan at 16.8% and 8.9%, respectively.

In response the EU Parliament adopted detailed anti-dumping measures, which impose a high burden on prosecution by European firms to prove four conditions for price, material injury, causal link, and macroeconomic harm to the economy overall. However theoretically fair such an exercise seems, it is difficult to perform in practice. Indeed, very few EU shipbuilders have lodged dumping complaints, with fewer still succeeding. Moreover, the presence of anti-dumping measures themselves does little if anything to deter the unlawful, anticompetitive practices ongoing today.

U.S. and EU policymakers should strengthen national security, but that does not mean every measure is justified. The FCC would be wise to forbear domestic broadband providers from Section 214 as it is unlikely to strengthen national security. To improve communications safety and security, the FCC should instead expand the Covered List and restrict the actual equipment and providers which are already documented threat actors.

The EU could clarify and amend existing law to protect fair competition and national security in shipbuilding and support European actors to create EU shipbuilding consortiums to compete with China. Member states should invoke the Article 346 exception to protect local industry when national security is at stake. Just as communications networks must be constructed with equipment from trusted providers to ensure security, so too should ships and their communications systems.

Liselotte Odgaard is a Senior Fellow at Hudson Institute. Roslyn Layton is a Senior Fellow at the National Security Institute at George Mason University.

C4ISRNet