NEW YORK FOREIGN PRESS CENTER
MODERATOR: Welcome to the Foreign Press Center’s videoconference briefing with Deputy Assistant Secretary for Cyber and International Communications and Information Policy Robert L. Strayer.
Please keep your microphone muted until you are called on to ask a question. If you have technical problems during the briefing, you can use the chat feature, and we will try to assist you. As a reminder of the ground rules, this briefing is on the record. We will share a transcript and a video to our website and through email following this briefing.
All right. So, DAS Strayer, over to you. Thank you so much.
MR STRAYER: Great. Thank you, Katie, and thanks to the Foreign Press Center for inviting me to discuss our 5G security campaign. It’s always an honor and a pleasure to talk about 5G in the company of such – a group of such distinguished journalists and guests. This is my second time having the privilege of talking at the Foreign Press Center. These are certainly unprecedented times, having to do this remotely, and I hope you all are staying safe wherever you all are around the world.
As the deputy assistant secretary of state for cyber and international communications policy, I lead a team of approximately 50 professionals in Washington, D.C. They are committed to ensuring that the United States remains a global leader in protecting cyber space, facilitating the development of innovative technologies, and growing the digital economy. We implement key pillars of the President’s National Security Strategy related to security and economic competitiveness. We recognize the – in doing so, the fundamental principle that economic security is national security.
Our responsibilities related to information and communication technology include ensuring that the internet and data flows remain open and interoperable across borders and that digital technology is secure and resilient. Pursuing these policies supports a vibrant and innovative digital economy worldwide. To ensure the national security of the United States and our partners and allies, we promote trusted supply chains that safeguard communication networks, including for 5G.
Today, I plan to focus my remarks on three important aspects of 5G. First, I will discuss how the COVID pandemic has increased demand for trusted and reliable connectivity. Second, I will talk about our 5G security campaign and why I believe it is so important. And third, I will highlight the growing international consensus on the importance of trusted and secure 5G networks.
Increased demand for connectivity during this devastating pandemic has made digital technology more important than ever. The fact that we’re able to speak virtually and continue to get work done is due to the phenomenal advances made in the information and communications technology space over the last decade. The COVID-19 pandemic has brought the critical nature of ICT sectors’ work to the focus of industry, governments, and the general public. Everyone now realizes the importance of digital technology for telemedicine, education, and doing business.
The economic impact of the virus certainly would have been much worse around the world if digital connectivity did not enable broad sectors of the economy to continue operating. So as the world learns how digital technology underpins almost everything we do, people also are becoming more aware of the need for it to be secure and reliable. We are seizing this moment to underscore to governments around the world that information communications technology are, in fact, critical infrastructure and should be secured as such.
Many are beginning to comprehend this reality. The consequences of 5G deployment choices made during the next year or so by government and by telecom operators will be felt for years, if not decades, to come. The countries need to make the right decisions now. Countries need to be able to trust the 5G equipment and software companies and that they will not threaten their national security, privacy, intellectual property, or human rights. Trust cannot exist where telecom vendors are subject to an – authoritative governments like the People’s Republic of China which lacks an independent judiciary or the rule of law that would effectively prohibit the misuse of data or the disruption of critical networks. In addition, in authoritarian countries there is no way for individuals to challenge such untoward activities.
The principle that 5G vendors should not be under the ownership or control of a country that lacks democratic checks and balances was enshrined in the Prague 5G security proposals that were developed at a international conference in the Czech Republic among 32 countries in May of 2019. The ownership control of a company like Huawei is not transparent, and the company has a history of unethical and illegal behavior, including intellectual property theft. Allowing untrusted, high-risk vendors such as Huawei and ZTE into any part of 5G networks makes critical systems vulnerable to disruption, manipulation, and espionage while putting sensitive government, commercial, and personal information at risk.
While this year’s Prague security conference is being rescheduled because of COVID, we are working closely with our partners in the Czech Republic. We’re committed to making sure that when this year’s conference does occur, we’ll build on last year’s successes and provide specific tools and strategies for countries to ensure that their 5G networks are secure. At some point in the coming year, the Czech Republic will also launch a 5G repository; that is, a virtual library housing existing tools, assessment frameworks, and sample legislative and regulatory measures to assist countries with their own efforts to implement best practices when deploying 5G networks. We are collaborating with allies and partners to ensure that this repository houses the most up-to-date and effective information.
As Secretary Pompeo said on June 24th, the tide is turning against Huawei as citizens and governments around the world are waking up to the dangers of the Chinese Communist Party’s surveillance state and suppression of information. More and more countries are taking strong actions to secure their 5G networks. We welcomed the news last week that the United Kingdom plans to prohibit new purchases of 5G equipment from Huawei and phase out existing equipment from its telecommunications networks. We understand the United Kingdom made this important decision in order to protect its own national security interest. We will continue to work with the United Kingdom on fostering a secure and vibrant 5G ecosystem, which is critical to transatlantic prosperity and security.
The United Kingdom is just one of a growing list of countries that are standing up for their security by prohibiting the use of untrusted vendors in their 5G networks. We have seen a number of countries across Europe – including the Czech Republic, Poland, Romania, Denmark, Estonia, Latvia, Sweden, and Greece – that are prohibiting these high-risk vendors from their networks.
Telecommunications vendors are also taking action on their own. Telefonica in Spain, Orange in France, the largest telecom operations in those countries, as well as Jio in India, Telstra in Australia, SK and KT in South Korea, NTT in Japan, and the telecom operators in Canada and Singapore, as well as many others, have made the decision to only use trusted vendors in their 5G deployments. I encourage all countries to secure their communication networks by prohibiting untrusted vendors, thereby increasing the attractiveness of their digital infrastructure to outside investment. Investors are more inclined to invest in countries that are secure from interference or disruption by vendors that could be subject to the control of authoritarian regimes.
The more countries, companies, and citizens ask whom they should trust with their most sensitive data, the more obvious the answer becomes: not the Chinese Communist Party’s surveillance state.
Let me stop there. I know there’s a number of questions that have already been submitted, and I look forward to answering those and many more. Thank you.
MODERATOR: Thank you very much, sir. So now we’ll turn over to the Q&A. For those of you joining via the Zoom app and not by phone, please click on the “Raise Hand” button at the bottom of the participant list, and I will call on you. Please provide your full name and outlet prior to asking your question.
And so first, the first hand I had seen up, is from Nikhila. We will unmute you. Thank you.
QUESTION: Thank you, Katie. And I hope you’re able to hear me, Assistant Secretary Strayer?
MR STRAYER: Yes, I am. Yes, I can.
QUESTION: Great. So I’m Nikhila Natarajan, or Niki for short, with the Indo-Asian News Wire and the Observer Research Foundation, a think tank. Just one question, really: Following on from the Clean Path and trusted 5G network vendors team, with three ingredients tossed into that question – I’ll keep it really short. Ingredient one: What is the U.S.’s assessment on the homegrown 5G solution developed by India’s Reliance Industries? I know you mentioned it just now. During the President’s visit to Delhi in February, Mr. Ambani told him he’s building 5G without a single Chinese component. And last Wednesday, Ambani stated Reliance is ready to roll. Your comments?
Ingredient two: What’s U.S. advice to legacy networks in India still using Huawei and ZTE, still significantly dependent on Chinese confidence?
And finally, your latest assessment on Zoom’s extraordinary dependence on the Chinese? Thank you.
MR STRAYER: Great, Niki. Those are great questions. I could probably spend most of an hour talking about them more in depth, so I would give some just brief responses to them.
With regard to Reliance Jio, we’re pleased to hear that they’re using trusted vendors. I think the lesson of Reliance Jio is that they’re – they’re just – there’s nothing mystical about 5G technology. It has the same types of components that 4G technology has; it’s just evolved to another level. So there’s ways that the indigenous production could occur in India, and really there’s a global market of different components that go into these between the antenna, the base stations, the backhaul, the core servers and management of the network are things that have occurred in previous generations, and it’s things that can be continued on. So I hope there’s – as we deepen our trade relationship in the digital area with India, that is for both hardware components and software, that we see a flourishing of collaboration and innovation so that India has the best of ICT technology, and the United States does as well.
With regard to the legacy untrusted – technology with untrusted vendors, all technology has a life cycle. It wears out more quickly than other types of equipment that businesses purchase, other types of capital expenditure, because technology moves so quickly, as we all know. New generations come out, new capabilities, faster computing, better storage. So as that life cycle wears out or, if you will, depreciates, it makes equipment less relevant and less usable for today’s needs. That’s – those are good opportunities to replace it. So there’s ways to look at the life cycle of equipment and replace it according to that. Our campaign is focused on the move to 5G, but we realize the legacy 3G and 4G infrastructure will underpin move to 5G. So we do encourage governments and telecom operators just to look at how they can start moving, migrating away – that is, from untrusted vendors to trusted vendors.
And on the last point, we are concerned I think – just if I can abstract that even higher level – what’s fundamentally the focus that we have is to ensure that information that belongs to citizens around the world, their private information, as well as the intellectual property that belongs to businesses, that that information will be secure, and that the information not fall in the hands of governments that are authoritarian in nature, where they do not have a rule of law set of protections that govern them, and where it’s impossible for individuals to go to court to adjudicate their rights with regard to those government policies or for companies to seek redress for the theft of their intellectual property.
Just today, the United States indicted two Chinese actors for the theft of hundreds of millions of dollars of intellectual property, including – they also made attempts to access COVID research that was being done in the United States. So those are concerns about the way that Chinese companies would act under the control of the Chinese Communist Party, and it’s ones that we should be vigilant about in whatever we do with our – whatever kind of company we’re doing business with. Thank you.
QUESTION: Thank you so much.
MODERATOR: Thank you. All right. If you have – okay, we have another hand – a few hands have gone up. Great. So we’ll continue calling on people, and I will say that I believe we have time, so if you have e-mailed a question in, we invite you to please indicate that you would like to ask the question that we noted previously, but we would like you to have that opportunity. So I will now call on Muath Alamri. We will unmute you. Thank you.
QUESTION: Hello. I hope everybody’s doing good.
MR STRAYER: Yes.
QUESTION: I have a question to Robert, which is why the West countries have been criticized the Chinese company Huawei for spying and – on other societies by using the 5G technology. There might be any effort with the U.S. through (inaudible) the Middle East countries where it has very close allies there to protect them from the Chinese company? I mean, protecting those Middle East countries is protecting also the U.S. interest there. Are we going to see any effort between them? Thank you.
MR STRAYER: Great question. The real reason for our 5G campaign – we in the United States are already securing our largest telecom networks. Our – the reason for our campaign with our partners and allies around the world is so that they can also have secure networks. And as you mentioned, we have an interest in secure networks of our partners because we have such strong economic ties and we also have strong national security ties in many cases. We need to know that the information that we’re sharing back and forth is also going to be secured.
So we’re making real efforts on the diplomatic side as well as talking to the countries at a more technical level about ways that we can ensure cyber security more broadly; that is, a general risk-based approach that focus on many aspects of protecting our digital infrastructure from a security perspective. And part of that is of course starting with a supply chain that is the base components being ones that you can have trust in, and those aren’t easily undermined by an authoritarian government that could be in an adversarial posture with regard to our mutual interests. So we are working closely with the countries for that reason.
MODERATOR: Thank you. Our next question comes from Olivia Zhang. We’ll unmute you. Thank you.
QUESTION: Hi, Mr. Strayer. Thank you so much for doing this. And I have two questions. First that you hear, like, Chinese officials or even some experts has been saying the only mistake that Huawei has (inaudible) is because it is a Chinese company. I wonder, what’s your response to that?
And secondly, this administration has been campaigning against Huawei, and I wonder it’s trying to kill Huawei using the power of a nation, which is kind of – the U.S. has been accusing China of doing. So I wonder what’s your response to that as well. Thanks.
MR STRAYER: Thank you for the question. Our campaign is not about a particular company or even a particular country. We abide – want to have everyone abide by a fundamental principle that vendors for technology should be not headquartered where there is the potential for a government to control the company’s hardware and software without rule-of-law protections or an independent judiciary. And when you apply that principle around the world, unfortunately, when you look at China, you have the national intelligence law, which says that all entities within the country must abide by the commands of the security and intelligence services of the state, and that they must make their cooperation secret. They cannot let anyone know about that. They also have no ability through a court system to object to the commands that are being made upon them.
So we’re seeing this general principle, objective principle really, that could be applied to any country in the world, playing out here with regard to our sensitive information that will be on 5G networks. And in the particular case of Huawei within China, it’s just an application of that principle. And we’ve seen through the 5G Prague conference a principle established by the 32 countries there that vendors should not be under the influence of a third country like China without democratic checks and balances. And we’ve also seen the European Union, at the end of January, adopt a security toolbox that included that high-risk vendors should not be providing technology to networks, and those high-risk vendors are companies that are headquartered in countries without rule-of-law systems, and are one – are companies that do not have transparent ownership structures.
So Huawei meets that definition of a high-risk vendor, and I think increasingly we’re going to see those – Huawei and ZTE excluded from European networks and then I think more broadly in networks of telecom operators around the world.
MODERATOR: Thank you. Our next question comes from Annette. We’ll unmute you.
QUESTION: Yes, thank you. My name is Annette Meiritz. I’m working for Handelsblatt Germany, and of course, I have a question about Germany in this regard. So Deputy Assistant Secretary Strayer, thanks for giving our readers an insight what the U.S. Government exactly expects of the German Government when it comes to securing their networks, especially in regard to intelligence cooperation, transatlantic intelligence cooperation. Is there a timeline, an expectation when Germany has to act to make more of an effort to secure their networks?
MR STRAYER: Great question. So we’re interested in seeing our partners secure their networks as they move to 5G. So as you might be aware, in Germany a few of the telecom – major telecom operators are already starting to move to 5G, so we would like to see that those 5G networks are secured. In our view, it’s important that we have a robust dialogue with our partners about the ways that we would have to secure information. If they do not have trusted vendors, there’s probably additional steps that would have to be taken or procedures that would have to be followed that would not allow us to have such an expeditious sharing of information or to share in the ways – robust ways that we share today.
Importantly, in Germany I think that I’ve seen some calls for a self-certification by a company of its trustworthiness or this – but – or the exclusive application of some testing of source code to then define who is a trustworthy vendor. The fundamental nature of digital technology is that the software and the hardware components can be updated instantaneously with millions of lines of source code. One cannot scrutinize all millions of lines of source code before those patches or updates are put into effect. So it’s easy – relatively easy for a nefarious actor under the command of a adversarial government to take actions that would undermine the integrity of the network when those updates occur. So you cannot just rely on source code reviews or some technical testing. It does fundamentally fall back to the question of who do you trust. You have to be able to trust that vendor. So we’re urging our friends in Germany to carefully consider the measures that need to be in place to ensure trustworthiness and to apply the high-risk vendor principle from the European Union’s security toolbox.
MODERATOR: Thank you. Our next hand up is from Jinmyung Kim. We will unmute you.
QUESTION: Hello. Nice to meet you, and first I should appreciate for offering this wonderful opportunity, and my question is about yesterday’s Wall Street Journal report stated for – that China may take retaliatory actions against Ericsson and Nokia if European countries will join this 5G campaign and ban Huawei. And I think what is U.S. response to this possible retaliatory actions is really important because I (inaudible) that Secretary Pompeo and Under Secretary Krach already said that U.S. will stand by with allies and partners when it comes to Chinese retaliation, but I’m not seeing a specific measures or specific policy of U.S. to protect its partners and allies. So thank you.
MR STRAYER: Great. Yeah, I also read that story in The Wall Street Journal yesterday. It’s unfortunate that a country would take specific actions against a company as a pure retaliation step for other countries taking actions that are in their security interests. That’s what – they’re not equivalent. Our actions are and those of our friends in Europe are there to secure their networks. They’re doing so as a security measure, noting the unethical and illegal behavior in the past and the participation of a company like Huawei in human rights violations and abuses in provinces like Xinjiang in China. So it’s an unfortunate retaliation that has nothing to do with – it is not equivalent to the policy measures that are being taken by United States and our European partners at this point to secure their networks.
I think that the story or the overall – not that particular story but the overall notion of this is also could miss one of the huge points, which is that while there is some manufacturing of Nokia and Ericsson within China, the vast majority of their manufacturing is occurring in European countries and in the United States. And when it comes to a company like Samsung, they just opened a $17 billion semiconductor manufacturing facility in Texas, and Nokia purchased the old Bell Labs American research entity of our Big Bell system, and so they have more than 10,000 employees as well as Ericsson has more than 10,000 employees in the United States. So there is a lot of manufacturing already occurring outside regardless of these prospective export (inaudible). I’m not going to comment on the exact policy because I’ve only read it in the press there. Thank you.
QUESTION: So can I have one more follow-up question, because you mentioned SK and KT, and they are two South Korean companies who did not use Huawei equipment, but we have also one – one other company named (inaudible) you must know that LG, they use Huawei equipment, and I think the U.S. campaign puts a sort of burden on LG because they cannot just stop using Huawei equipment not only economically but also in terms of their whole business in China. So why just – this is just not – I don’t know whether LG will take some actions in terms of Huawei or not, but I’m just asking what if LG decided to stop using Huawei equipment, and will U.S. have – give some incentives to LG in that case?
MR STRAYER: Well, on the narrow question on incentives, we’re probably not going to provide any financial incentives for them to do so. We consider this a severe security issue and we would urge companies like LG Plus to migrate away from untrusted vendors to trusted vendors. We think in the future there’s going to be growing demand – we’re already starting to see it – from critical infrastructure owners and operators to be using trusted vendors, ones that as their autonomous vehicles or smart manufacturing or telemedicine are built on top of 5G, that those can’t be disrupted by authoritarian state. So – and that’s funnily the issue when one is deploying Huawei technology, is the ability for the Chinese Communist Party to make the decision that they would want to undermine that technology by disrupting it or using it for – as a surveillance tool.
So it’s actually in their financial interest probably to move as quickly as possible to trusted vendors, and the cost overall for operators is relatively small compared to their overall operating budgets. It’s probably less than 10 percent – is – of – is the cost of the equipment, equipment for the radio access network that we’re talking about. They have – run massive retail operations with advertising, retail stores. They also have operation maintenance costs on a day-to-day basis that are much larger than their capital expenditure over the course of a year. So it’s – I think it – that the line that it’s too expensive to do it is one that can be mitigated by doing it along the life cycle replacement timelines and also by I think recognizing the overall revenues of a company during a year.
QUESTION: Thank you.
MODERATOR: Yes, we’ll go to Alex next. We see your hand up, and we will unmute you.
QUESTION: Yes, thank you very much. This is Alex Raufoglu from Turan News Agency. Robert, thank you very much for being here today.
I totally agree with you that countries that choose this low-cost option from China for fear of losing out in the 5G race might risk creating an unstable and insecure foundation for their future societies and democracies. But the question that I have in mind is – and my apologies if this is an unfair question given the time that’s left – when it comes to messaging, how do you make a distinction between countries that are subscribed to Western values and those with poor human rights records? I noticed you mentioned authoritarian countries, but do you have any other – let’s say – how do you, let’s say, convey your message when communicating with those countries? Like, is there anything alternative you can offer to societies that are living under those regimes who enjoy China’s leeway on human rights violations in the first place? In other words, if the Azerbaijani Government, let’s say, prefers Chinese technology simply because it sees itself in the same club with the Chinese communist regime, so then what options do we have left?
And this also triggers another question of concern in my part of the world, that the U.S. might eventually compromise human rights and other key values in expense to ensuring technological secret. Can you assure us that this by any means will not be the case? Thank you very much.
MR STRAYER: Great. Those are interesting questions. With regard to countries that may – there’s a number of reasons in addition to security that I mentioned, including human rights and economic competitiveness, why a telecom operator in a country might want its telecom operators to use trusted vendors. So, for example, if a company – a country wants to attract a lot of outside investment, those major IT companies that are going to come from abroad and do foreign direct investment, they’re going to want an IT ecosystem, including major movement of data to servers and to cloud computing resources – they want that to be secured by trusted vendors and not have untrusted vendors providing that.
In addition, indigenous development, research at universities and other places, could all be compromised within a country (inaudible) having the ability for the Chinese Communist Party to command Huawei and ZTE to take actions to exfiltrate that data. So it’s just an overall self-interested move to move to trusted vendors regardless of what one thinks about the human rights abuse problem and the system of government in China.
You also asked about the United States. We have a strong rule of law system here. We have vigorous public debate about privacy issues and data and the activities that are undertaken here, and United States has been very clear that we do not conduct any sort of espionage for the purpose of economic gain for our companies. That is a fundamentally different posture on that issue than that China has endeavored upon, stealing terabytes of data – just today an indictment for that – hundreds of millions of dollars. So United States, you have transparency, you have the ability to come after executives, you have publicly traded companies as well. The other providers of 5G technology in Sweden, Finland, and South Korea are all publicly traded companies, have public boards of directors, and are subject to rule of law protections. So that’s very important, I think, for the rights of citizens and to effectuate the rule of law related to their data and to – for other companies to also effectuate their rights.
QUESTION: Thanks so much. May I follow up if possible? I mean, if not, I understand.
MODERATOR: No, sure, go ahead.
QUESTION: Thank you very much. If any country, such as Russia, Azerbaijan, Turkey, and others approach you with – as a – by using Chinese technology as a leverage to convince you that it might change its mind if you don’t question them on human rights and democracy, is that a nonstarter for you, sir? Thank you.
MR STRAYER: Well, we are forthright defenders of human rights, and so we’re not going to change our messaging just because a potential listener or someone we’re trying to convince about the dangers of untrusted vendors is – may not be – at this point been receptive to our points about protecting human rights and freedom of expression. But as I said, I think that there’s keen self-interest in countries that may not even have a concern for human rights in the economic and their own national security interests not being compromised because of the fundamental nature of having their ecosystem of interfacing technology basically under the control of a third country. I think no country’s leadership wants that. No country wants to have its sovereignty put at risk, even if they might hold similar non – even though they may not value human rights and individual liberties in the same way.
QUESTION: Terrific. Thanks so much.
MODERATOR: Thank you. I’d like to give an opportunity to those who have called in. I believe we have two journalists who have called in to ask a question. If you have a question, to unmute yourself, you can press *6 and then please introduce yourself and your outlet.
Okay. If anyone else has a question, as a reminder, you can raise your hand using that function or you can also indicate in the chat feature that you have a question you’d like to ask. We’ll just give a few seconds for everyone.
Okay. If there are no additional questions from the phone or from those who have joined via the Zoom platform, we can conclude today’s briefing. Thank you again to DAS Strayer. Thank you to everyone for joining, and we will produce a transcript and video link as soon as we can.
MR STRAYER: Thanks, Katie. Thank you all for joining.
QUESTION: Thank you.