Lawfare Podcast Host

The following podcast contains advertising to access an ad free version of the Lawfare Podcast. Become a material supporter of lawfare@patreon.com lawfare that's patreon.com Lawfair also check out Lawfare's other podcast offerings, Rational Security Chatter, Lawfare, no Bull and the Aftermath.

Monday.com Advertiser

Breaking up is never easy. But saying goodbye to your old clunky work tools, well, that's easy. Just repeat after me. It's not me, it's definitely you, you rigid, unfriendly software. It's time to freshen things up with Monday.com, the first work platform you'll love to use with stunning dashboards, customizable templates, and built in AI that actually works. Switching to a new work platform has never felt this so move on to Monday.com why choose a Sleep Number Smart.

Sleep Number Advertiser

Bed Can I make my site softer?

Monday.com Advertiser

Can I make my site firmer? Can we sleep cooler? Sleep number does that cools up to eight times faster and lets you choose your ideal comfort on either side your sleep number setting. It's the sleep number biggest sale of the year all beds on sale up to 50% off the limited edition Smart bed Limited time all sleep number Smart beds offer temperature solutions for your best sleep. Check it out at a sleep number store or sleepnumber.com today.

Adam Chan

So, so what our rule does is we apply kind of the same presumption of denial, same clear and convincing evidence standard for any cable that wants to connect directly from the United States to a foreign adversary country. So that would be, you know, if I want to land a cable in Virginia and connect it directly to Iran, for example, that would be prohibited.

Justin Sherman

It's the lawfare podcast. I'm Justin Sherman, contributing editor at lawfare and CEO of Global Cyber Strategies, with Adam Chan, National Security Council at the Federal Communications Commission and inaugural director of the FCC's new Council on National Security.

Adam Chan

I think the idea here really is to kind of incentivize industry to do the right thing where, you know, okay, if you, if you really go all the way and sort of do all the kind of national security things we want to make sure these cables are safe and secure from foreign adversaries, then you're going to have a real streamlined process that's going to save a lot of costs and kind of promote kind of certainty and investment.

Justin Sherman

Today we're Talking about the FCC's new submarine cable rules, what role submarine cables play in the Internet and in the data and AI era, and how to confront the dynamic national security risks. So why don't you start by telling us more about yourself, including about your current job. As I noted in the introduction, you are, among other things, not only advising the chair of the fcc, the Federal Communications Commission, on a wide range of national security issues, but you're also leading a new group within the fcc, spearheading work on national security as well. So why don't you introduce yourself a little bit and maybe tell us more about those couple positions.

Adam Chan

Thanks for that. So I'm Adam, national security lawyer, probably most relevant prior experience was on the House China Committee, Select Committee on Strategic Competition with the Chinese Communist Party, working on sort of a variety of national security issues involving the econ and tech competition with the ccp. Worked on a bunch of sort of legislation and oversight matters there. Did a clerkship with a judge, brief stint in the private sector, that kind of thing. As for my current job, basically what happened is when Chairman Carr was announced as the FCC chairman, he asked me to come on board to head up the FCC's national security portfolio. I saw this as kind of a real sign of sort of his broader prioritization of the national security area as a policy matter, given that he sort of wanted someone for the first time to be a direct report to him focused exclusively on national security. As for the new group, you're right. One action we did take early on was to set up this new Council on National Security, which is sort of internal to the FCC, but really meant to kind of elevate the FCC's general national security role both within the interagency and to the broader public. But it's made up of a bunch of different staff from all the different bureaus and offices within the fcc. Whereas historically a lot of these functions have been like more siloed within the agency. And so we see this. It's really helping to encourage information sharing, build sort of institutional leadership and memory on the national security issues and drive a centralized agenda. I think you see this on the submarine cable rule we're talking about today, where a lot of different bureaus and offices helped out, even if the Office of International affairs sort of took the lead there. And yeah, I mean, just a final sort of point I'd make that I think helpful that national security has been such a sort of bipartisan endeavor that, you know, for all the things I've worked on, that the council's worked on, have been very bipartisan, that all the different, you know, FCC commissioners, both Democrats.

Justin Sherman

And Republicans, have supported that's helpful ground setting.

Adam Chan

And we'll.

Justin Sherman

We'll circle back to pieces of that. So. So as you alluded to, we're going to talk today about the new summary cable rules out from the fcc, how the FCC is approaching telecom infrastructure and national security issues in an era of not just a lot of AI research and development, but also strategic competition with China and a dynamic threat space. But before we get into all of that, start by framing this for us. So what are submarine cables? How many of them are there? You know, in the US we'll say in quotes and in the world and how do they impact our daily lives and the country?

Adam Chan

Submarine cables have a long history here, but they really have been for a long time and are increasingly so the unsung heroes of global international communication. So the first submarine cable was laid in, I think it's 1866. This was for a telegraph wire that was transatlantic connecting Europe to the United States. Now they're really critical for modern forms of communication. Basically 99% of global high speed Internet traffic travels along submarine cables. So that's, you know, the vast majority of, of modern communication. I think it's something like $10 trillion each day in financial transactions are routed across submarine cables. So, you know, this is, we're really talking sort of all the kind of data that the Internet uses traverses these cables underneath the ocean. I think they've gotten some more attention recently because of some incidents that, you know, maybe we'll get into later, but around the, you know, Baltic or around Taiwan, where certain cables and strategic locations have been, have been cut, which has potential to disrupt communications networks. As your question, how many, I think are about 600 cables in service globally with about 90 that connect directly to the United States, which when you think about it is actually sort of a tiny number given how important they are to total communication. You know, if you think compared with something like terrestrial telecom cables or other major communications networks, there are a lot more than 90 of those. There are even a lot more than 90 satellites in space. And we're seeing, I think sort of relevant to this discussion the sort of changing commercial landscape within the submarine cable space. Obviously not just vital to sort of ordinary communication or even sort of military communication, but now it's increasingly relevant for AI and the AI data center build out and that kind of thing. Traditionally it was more the major telecommunications companies that were the leading builders and operators and owners of these submarine cables. Now it's really primarily the hyperscalers like Amazon, Google, Meta Alphabet, Microsoft that are really the leading players in laying new cables. And they're really building like crazy to Keep up with the data center boom, because cables are the interconnection from data center in one country, a data center in another country. I think Meta alone recently announced $10 billion in submarine cable investment. So it's sort of a booming industry in the sort of AI future.

Justin Sherman

Yeah, the AI point is important. I'm sort of thinking, as you say, it's a smaller number compared to their significance. If this was a webinar, we had video here, I would, I think, to your point, under, to underscore it, hold up an actual piece of a cable, which of course is about the width of a small garden hose, which sort of always gets people. But in any event, so that's useful context, what is then the FCC's role broadly in regulating submarine cables? And you alluded to some of the recent national security concerns around cables. So related to that, what role does the FCC play in mitigating those kinds of risks to this Internet infrastructure?

Adam Chan

Right. So the FCC's role kind of goes back to the Cable Landing license Act of 1921, which shows sort of how long cables have been regulated directly by the government. Cable Landing license Act of 1921 sets out a sort of general public interest review of cables landing directly in the United States. So basically, if it connects to the United States and then goes to another point, either from the continental United states to a U.S. territory or, you know, Alaska and Hawaii, or, you know, between Hawaiian Islands or Hawaii to Alaska or something like that, basically any, any port, you know, U.S. to Europe, U.S. to Asia, basically any point that's not continental U.S. to continental U.S. you, you need a license to land in the United States. In the Cable Landing License act, it actually gives that authority to the President to review submarine cables in executive order, I think it was 10, 15, 5, 30, that was in, I think, 1954, the president delegated that authority to the FCC. And so since then, basically all cables that connect to the US have been licensed by the fcc, which means also we have the power to condition those licenses on licensees adopting certain, you know, rules, measures, standards, et cetera. So that kind of makes the FCC the main licensor and regulator of the submarine cable infrastructure insofar as it connects to the United States. Often these are in consortia of companies that apply for, you know, to build a cable whereby, you know, anyone who owns more than 5% of the cable has to become a licensee and get a license from the fcc. In terms of evaluating risks, traditionally, the FCC does not itself take a leading role in identifying what specifically the risks are the FCC relies on a group of national security agencies colloquially known as Team Telecom, which is kind of a junior cousin to cfius, if folks know about that. It consists of doj, DOD and dhs, and it reviews a whole bunch of telecom and tech licenses for concerns around mostly foreign ownership, national security and law enforcement threats, that kind of thing. As part of that Team Telecom, we give every application for a submarine cable to Team Telecom to review for national security risks, that kind of thing. Usually that results in a sort of mitigation or national security agreement between Team Telecom and the licensee, which then the FCC makes a condition upon the grant of a license. So yeah, that's sort of the current state of play as I'm sure we'll discuss Thursday, August 7th. We adopted like a major rule that's sort of the biggest revamp of submarine cable regulation for several decades. Then that may sort of change up that process to some extent, but that's kind of how we're, we're thinking about things.

Justin Sherman

Let's turn to that rule and cfius of course, I'm sure most listeners to this episode know, but CFIUS being the, as you referenced, the Committee on Foreign Investment in the United States. So as you just said, there's a new rule from the FCC out a solid I'll note 207 pages for how the FCC handles the licensing of submarine cables, including as you were describing, because of the national security risks that are at play. So this rule ranges from updating important regulatory definitions such as what constitutes a quote unquote submarine cable system to account for technological changes, goes all the way to other kinds of things such as modifying the submarine cable license application requirements for national security reasons. So at a high level, what are some of the major changes in the rule and what is the reasoning behind some of those changes? Perhaps to include some of the recent threats that national security threats that have motivated the changes.

Adam Chan

High level I think the way we're approaching this is through a document known as NSPM3, which is also known as the America First Investment Policy Memorandum. And we sort of try to hew closely to the principles there. Now this NSPM3 focus mostly on inbound and outbound investments such as CFIUS like you mentioned, but really starts from the premise that economic security is national security. And so therefore like while welcoming new investment from our friends, partners from, from US Companies that have good intentions and can drive innovation, prosperity and national security. There are also some substantial national security threats from foreign adversaries like China at you know, targeting American technology going after us, critical infrastructure, that kind of thing. So, so that's sort of high level theory of what we're doing, a sort of streamlined approach for the good guys with a hard line against foreign adversaries. I think we're kind of motivated by looking at a wide variety of threats to submarine cable infrastructure. I think they're the kind of day to day threats. And some of this, you know, you've seen in the news with these cuts of submarine cables. Justin, you alluded to how like small these cables are and so how easily they're cut, often by accident by a, you know, dropped anchor or something like that. But, you know, could be potential for more malicious cable cuts. I think there are cyber and physical security risks. So, you know, hacking into the cables, getting access to all the data and key, you know, strategic communications, including military communications that traverse submarine cables. Physical security risks which include not just like cuts of the submarine cable, but perhaps even more vulnerable are the landing stations on land. Because, you know, rather than sort of dive, you know, two miles under the ocean to cut a cable, you know, if you go to an unguarded landing site, it's pretty easy to either blow it up or stick some equipment on it to get access, etc. Etc. I think there are other issues around access that where foreign adversaries can get access to the cable, either through just owning and operating the cable or having equipment and services on the cable, leasing capacity agreements on the cable. There are concerns around how quickly we can repair, like repair and maintenance ships. So, so I think that's sort of a survey of the kind of day to day risks. There's also more generally like the sort of risks in a crisis, which I think is what really keeps me and others up at night. Like what happens, we get into a war with a foreign adversary where, you know, submarine cables will be crucial for communicating to our allies, to our military bases overseas, to the theater where military operations are happening. And we can't rely on a lot of cables where foreign adversaries have access. What if foreign adversaries start damaging a whole bunch of cables which could seriously disrupt our, you know, just ability to communicate for basic, you know, the economy of the Internet either slowing communication or potentially stalling it to crucial, you know, say to, you know, an island that only has one or two cables. Or in an extreme scenario to the U.S. i think we have something like two American repair ships which would take, you know, many years to actually repair all our submarine cables if they were damaged in a sort of simultaneous action. And so thinking through some of that is particularly concerning. And so given how kind of critical the infrastructure is and given the numerous threats from foreign adversaries, we really see it as important to decouple the submarine cable industry from foreign adversaries. At the same time, we want to make it as easy and welcoming as possible for investment by the good guys, which can promote US AI leadership and prosperity even as it also like builds resilience against disruption. So I guess a kind of brief, very brief kind of high level overview of what we're actually doing. In this rule we have a kind of protect and promote side of things. So on the protect side, we have restrictions on foreign adversaries being licensees on landing in foreign adversary countries, on, you know, certain leasing capacity agreements with foreign adversary entities, on what equipment and services you can use on submarine cables. We have reporting about the landing stations and the detailed physical location reporting. And then on the promote side, that's sort of more generally kind of in line with Chairman Carr's recently announced Build America agenda, which promotes US Infrastructure build out in these sort of critical sectors. We're looking at how can we, or we did in the rule, codify certain definitions and scope of jurisdiction to give certainty? We streamline a lot of the licensing rules and reporting requirements in this final rule. And then we have that we'll probably get into but a further notice of repose rulemaking where we tee up a lot of other reforms that can hopefully sort of streamline things for the good guys, as it were.

Justin Sherman

This is an excellent segue because as you said, certainly for instance, most cable breaks year to year are accidents, but there's also a considerable threat space. And as you noted, how a nation state might act vis a vis anything, including a cable during relative peacetime might be very different in, in something like a war. So with that in mind, part of the new rule is to get at very specifically some of these national security risks you laid out to include requiring applicants for a submarine cable license to make certifications in those applications about their physical security measures and their cybersecurity measures. So talk to us about this. What do these certifications entail? Are companies making them already or not making them adequately already? And what are the potential benefits of these certifications and are there any risks? For instance, are these self certified? Are they done through auditing? And how do we ensure these security protections are sufficient for our national security?

Adam Chan

So currently the FCC does not require any certifications with regard to cybersecurity and fiscal security. So this is a new measure we're Implementing right now, oftentimes in mitigation agreements reached with Team Telecom, entities will have to agree to certain cyber and physical security rules, but that those are often sort of ad hoc conditions agreed to by Team Telecom. This is the first time that we're putting a kind of standard certifications for all applicants going in sort of both the initial application and in renewal applications and modification applications. I think the way we see it is there is a risk in self certification only, although we do also have a provision where we can request access to the plans at any time, making sure that, you know, entities are actually implementing. We also have some pretty big sticks when it comes to submarine cable licensees because we can at any time, if there are violations of the self certifications, issue penalties, engage in enforcement actions up to and including revocation of the license and, you know, potential restrictions on future licenses, which is, you know, obviously sort of would be catastrophic for any of the entities operating submarine tables. So we're sort of confident in that sense we can make them comply without some of the, you know, more substantial kind of reporting obligations that might, you know, sort of be more burdensome than necessary, I guess the sort of base level certifications when it comes to cybersecurity and physical security, in addition to a lot of the reporting on just like the location of where the cable is, where the landing stations are, that kind of thing, we also require all applicants to certify that they created and will implement an update cybersecurity and physical security risk management plan and take reasonable measures to protect their systems and services from threats that could hinder the communication services offered through the submarine cable system. And so the plan has to describe reasonable measures they'll take to address cyber risks. And like risks that come from logical or physical access, it needs to be, you know, signed off by a senior officer at the company that, that holds the license. And so that's sort of how we're thinking about that. We have some more sort of proposed rules in the further notice that we can talk about later. But, but that's sort of baseline of the certifications.

Lawfare Podcast Host

Deleteme makes it quick, easy and safe to remove your personal data online. At a time when surveillance and data breaches are common enough to make everyone vulnerable. Data brokers make a profit off your data. It's a commodity. Anyone on the web can buy private details about you. Your name, contact information, Social Security number, home address, even information about your family members. It can all be compiled by data brokers and sold online. And that can lead to identity theft, phishing attempt and harassment. But now you can protect your privacy with Delete Me. I've said it before and I'll say it again. I have been using Delete Me since before they were ever an advertiser. With Lawfare, I have an active online presence. I'm out there. I make arguments that people off and sometimes there can be blowback for that. And my privacy really is important to me. I don't want people mucking around in my personality beyond that which I choose to make public. I've been a victim of identity theft. I've been harassed. I've never been doxxed. But you know, I expect it sometime. And if you haven't, you probably know someone who has. Delete Me can help. So take control of your data and keep your private life private by signing up for Delete Me now at a special discount for Lawfare listeners. Get 20% off your Delete Me plan when you go to JoinDeleteMe.com Lawfare20 and use the promo code Lawfair20 at checkout. The only way to get 20% off is to go to JoinDeleteMe.com lawfair20 and enter code Lawfare20 at checkout. That's JoinDeleteMe.com Lawfare 20 code Lawfare20.

Monday.com Advertiser

Breaking up is never easy, but saying goodbye to your old clunky work tools, well, that's easy. Just repeat after me. It's not me, it's definitely you, you rigid, unfriendly software. It's time to freshen things up with Monday.com the first work platform you'll love to use with stunning dashboards, customizable templates, and built in AI that actually works. Switching to a new work platform has never felt this good, so move on to Monday.com a dog's love letter to.

Lemonade Pet Insurance Advertiser

His Squeaky Avocado Dearest Squeaky Avocado, my heart yearns to chew thee. Alas, I've devoured a small action figure and have taken ill, unable to partake in our jubilant squeakings. Worry not, as I am on the mend and Lemonade pet insurance covered 90% of the veterinarian's cost. I recommend all the cats and dogs of the land. Get a quote@lemonade.com slash pet. Soon my tummy will be unburdened and we shall frolic once more. Yours, Jerry.

Hesu Jo

Ever feel like you're carrying something heavy and don't know where to put it down? Or wonder what on earth you're supposed to do when you just can't seem to cope I'm Hesu Jo, a licensed therapist with years of experience providing individual and family therapy, and I've teamed up with BetterHelp to create mind if We Talk? A podcast to demystify what therapy's really about. In each episode, you'll hear guests talk about struggles we all face, like living with grief or managing anger. Then we break it all down with a fellow mental health professional to give you actionable tips you can apply to your own life. Follow and listen to Mind if We Talk on Apple Podcasts, Spotify, Amazon Music, or wherever you get your podcasts. And don't forget, your happiness matters.

Justin Sherman

Part of the logic, as you mentioned this with with your high level overview and the fcc, of course, gets into this in detail in the rules, is to do two things at once, right? Make it more difficult for foreign adversaries to exploit elements of the cable supply chain at the same time as making it easier for allies and partners to work with US Companies on submarine cable projects. So let's take these in turn. When we say foreign adversary here, what countries are we talking about? And why does the FCC rule presumptively deny applications from companies, perhaps in those foreign adversary countries who were already designated by the FCC as a potential national security risk?

Adam Chan

So there are two big categories of entities that we're concerned with here that we impose a presumption of denial for granting a license where whereby we, you know, in general wouldn't even refer these licenses to Team Telecom. We just, you know, have a presumption of denial. These entities would be entities that are identified on our covered list. So the FCC maintains a covered list of certain equipment and services that have been found by the executive branch or Congress to pose an unacceptable risk to the national security of the United States. So this includes, for example, telecommunications equipment produced by Huawei or, you know, hikvision, which makes surveillance cameras. And so if Huawei or hikvision or any of their affiliates or subsidiaries tried to get a license, they would fall under this category. The other category that is most significant is any person owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary. And that phrase is lifted from a Commerce Department rule. Their ICTS office, which was an office set up in the first Trump administration to deal with threats to the information communications telecommunications sector. And so what we're really looking at there is six foreign adversary countries. So that's China, Russia, Iran, North Korea, Cuba, Venezuela. And then we're looking at basically any entity owned by, controlled by, or subject to the jurisdiction of those entities. So it's not just, you know, the government themselves or state owned enterprises, but really sort of treating this like it is often said that there are no private companies in countries like China or Russia, that these countries like, like the sort of Western distinction between the government and private companies doesn't really apply when, you know, a country like China will have, you know, numerous laws that require cooperation by nominally private companies with the government that have programs like military civil fusion or that kind of thing where, you know, private companies really are arms of the Chinese Communist Party. So, so the way this will work is if an entity, you know, that's owned by, controlled by, subject to jurisdiction or direction of a foreign adversary or identified on our covered list comes to get a license, there'll be a presumption of denial which can only be overcome with clear and convincing evidence. This is the standard laid out in the Uyghur Forced Labor Prevention act, actually, which applies that standard to any goods made in Xinjiang, China. And so we sort of take a similar standard here and then we have a kind of similar restriction not, not just on being a licensee, but also entering into certain leasing capacity agreements. For submarine cable. We have a prohibition on doing that with any entity owned by, controlled by, subject to the jurisdiction or direction before an adversary. Again, if the leasing capacity agreement gives that entity the ability to, you know, install, own, manage the actual equipment on the submarine cable within the United States. Because we sort of see, and we see kind of all of those as limiting or preventing foreign adversary entities ability to access the submarine cable and therefore potentially disrupt communication or gain access to the data from a kind of surveillance espionage standpoint.

Justin Sherman

Another related part of the rule limiting foreign adversary reach into the US cable supply chain is presumptively precluding applicants from building or adding a landing point. You mentioned this earlier in a foreign adversary country. So how common is this that a US Company is involved with a group or is solo sort of proposing to have a cable network where there's a connection to both the US and China? And then you mentioned decoupling over time. Is the thinking that we should be cutting off more of these directions? I shouldn't say cutting off, I guess in this context, but not shopping an existing one, but limiting the extent of cable connectivity to China? And if so, how is that impacting risk and what are the implications?

Adam Chan

Right. No, it's a good question. So what our rule does is we apply kind of the same presumption of denial like we were just talking about the same clear and convincing evidence standard for any cable that wants to connect directly from the United States to a foreign adversary country. So that would be, you know, if I want to land a cable in Virginia and connect it directly to Iran, for example, that would be prohibited. You know, California to Hong Kong, same idea, or presumptively prohibited. This probably used to happen more frequently. I think in the last few years, Team Telecom in their reviews have really been pushing back against this. I think most entities kind of recognize that they're unlikely to get a license if they're connecting directly to, say, China. Because like, like because of all the concerns we were talking about where that could give sort of clear access to the cable by a foreign adversary, you know, easy potential for disruption there. And so this is more of a codification of kind of existing practice. I think the way we see this also is kind of not just could, you know, a cable landing in China obviously give China sort of access to the, the data or potential to disrupt, but also, you know, on these big sort of trans Pacific or transatlantic routes, they're often sort of main cables that then kind of branch off to other, you know, connections. And so maybe, you know, a cable between the US and China, if that gets disrupted, that could affect communication to, you know, allies in the region like Korea or Taiwan or the Philippines. You know, to your point, we do have to recognize that, you know, there is a balance here. And so arguably this does give us some leverage over foreign countries just in the same way that they have potential leverage over us. But ultimately we see the risks as kind of as greater than the benefits we get from these cables. And you know, so notably, I think none of the commentators on our, in our rule actually push back against this. I think there were a lot of the security requirements that some of the industry players were not fans of. But, but, but on this one at least, I think they recognize the US Government's position here is reasonable given the concerns.

Justin Sherman

So that's on the protection against threats side, as was mentioned, there's also the part of the rule to make it easier for allies and partners to work with American companies on sub cable projects. So how is the FCC approaching this allies and partners idea in the new rule? And if you want to elaborate perhaps on some of the thinking behind it.

Adam Chan

Right. So I think this may be useful to start, like a few years ago, the FCC was pretty deeply involved, as was the rest of the government, in a kind of broader international counter, Huawei, counter zte push that was both in US Networks but also abroad. And I think there we recognize that like a lot of the actual telecommunications equipment. Unfortunately, there weren't major US Players that could compete with companies like Huawei or zte. So we really had to rely on Nokia and Ericsson, which are Scandinavian companies that still are sort of leaders and competitors both in the U.S. and, and now globally with the Chinese companies. And so we adopted this standard, you know, the trusted vendor idea, rather than just saying, you know, it must be American. You know, ideally it's American as much as possible built in America, but also reliant on allied companies that we can, you know, are potential military allies and don't pose the same risks as some of our adversaries. And now I think we see in, in this space, in the summary, cable space, we're in a much better place than we were in some of the terrestrial equipment sectors that there are major American leaders in this area. I mentioned the hyperscalers is the owners and operators. They're also leading American companies that kind of dominate a lot of the actual fiscal infrastructure itself. Like, you know, Corning makes, makes a lot of the fiber. Subcom builds the cables. But they're also, you know, critical kind of allies. They're, you know, Japanese companies, for example, play a major role in building out the cables. I think one place where allies and partners actually play a pretty critical role is, as I mentioned, in the kind of ship repair and maintenance side of things where, where the US really isn't a significant player and China is perhaps the leading player, as they are in shipbuilding more generally. But, but luckily that sort of number two and three players in shipbuilding are Japan and Korea, which are two, you know, U.S. treaty allies. And so I think, you know, in order to have a thriving cable ecosystem, we need, at least for the foreseeable future to rely on trusted vendors which could include these Japanese and Korean counterparts. And so in, in this rule we start, we, we have in the rule we adopted yesterday, an absolute prohibition on using, you know, equipment on our covered list or services on our covered list for submarine cable licensees for their submarine cables. But then we have, in the further notice, we propose to go substantially further and basically say you can't use equipment or services produced or supplied by any entity owned by, controlled by or subject to the jurisdiction or direction of a foreign adversary, which to your point, really would be a sort of total supply chain decoupling there. And again, while we would want sort of as much as possible to be American, having sort of close allies as partners, especially for, you know, what is a sort of necessarily international industry like the submarine cable industry, I think that's important to ensure there's sort of no supply chain disruptions there.

Justin Sherman

I appreciate the clarification on the decoupling point. I am going to just editorialize for a minute here and say I completely agree with you, especially on the ship point, because it just is not sufficient that we have a country that's digitally connected and lacks such. Have such, you know, little independent ability to repair infrastructure that keeps that all going.

Adam Chan

No, exactly. And I mean I think I, I think therefore we're sort of seeing a lot of, I mean for those who are interested in shipbuilding, I mean I think we're seeing things one, on the sort of naval shipbuilding. But also USTR has been pushing and Department of Transportation, DHS have all been pushing. Congress is, is interested. I know there's a bipartisan, I think Ships for America. There are various fields on this. I think everyone kind of recognizes that like US Shipbuilding is such a critical like industry for you know, both the economy and military wise, that it is, it is pretty essential. And I think the Japanese and Koreans will be probably key partners to that effort.

Justin Sherman

Certainly. Yeah, let's. So now let's look ahead. As you referenced earlier, the fcc, in addition to the lengthy rule that has just been published, is also pursuing future rulemaking. One of those components to talk a little bit more about as we love here at Lawfare. The wonky process of it is that the upcoming rules propose potentially excluding some submarine cable applications from national security review if the executive branch does not meet certain standards of streamlining that review process. So talk to us a little bit more about this. Are there ways from your perspective, if you had to give one or two top priority ones, that how we could streamline the review process right now? And why is that important that we have a process that's streamlined when we're dealing with really complex risks?

Adam Chan

Yeah. So this is kind of super interesting, especially for the kind of legal nerds that work in the foreign investment review, kind of cfius Team Telecom, that kind of space. I think we see it an important piece of the puzzle and very much in line with the NSPM3 document I mentioned earlier, this numeric first investment policy memo that talks about kind of streamlining the investment from certain American or ally companies. This is definitely the piece of our rulemaking effort that I think the industry is most excited about. But the basic idea is kind of like we talked about earlier, we have these sort of presumptive blacklist for the bad guys. We'll also have a presumptive white list for the good guys. And so we Kind of almost are proposing to adopt a kind of frequent flyer program whereby for an entity that already has gone through a team Telecom review at least once, that has operated a, you know, at least one submarine cable license without major issue, that they would effectively, rather than go through team Telecom review each time they want to build a new cable, which is, you know, often a long process. Industry definitely does not like, enjoy the team telecom process. You know, you know, they have to do a lot of reporting, negotiate a mitigation agreement, that kind of thing, that we would basically have a presumption of grant for those cables where they wouldn't be referred to team Telecom, where they would just be granted. I think the sort of paradigmatic example of this is perhaps, you know, a couple of hyperscalers that are building just a lot of cables and have real incentives to meet kind of high standards. And so the idea here is we wouldn't be sort of weakening the national security rules. We'd, in fact, if anyone wants to take advantage of this kind of frequent flyer program, they would have to certify upfront to a very high level of national security standards. We see comment on exactly what that should be. And likely there will be a lot of comments from industry saying they should be lower and maybe some national security experts saying HP higher. But the basic idea is that even more than some of the baseline requirements we talked about earlier, but a sort of even greater kind of limiting of foreign adversary involvement, whether that's investment or board seats, a sort of greater kind of physical security and cybersecurity rules, that kind of thing. But if they agree to all that, then they get this really big carrot. And so I think the idea here really is to kind of incentivize industry to do the right thing where, you know, okay, if you, if you really go all the way and sort of do all the kind of national security things, we want to make sure these cables are safe and secure from foreign adversaries, then you're going to have a real streamlined process that's going to save a lot of costs and kind of promote kind of certainty and investment and that kind of thing.

Justin Sherman

So stepping back further, as has now come up many, many times on this episode, the US faces a range of risks to the telecom supply chain that really are not going away. And obviously submarine cables and especially adversaries like Beijing are part of the threat picture, as you've, as you've said many times now. So how do you see the national security risk space evolving vis a vis our telecom and submarine cable networks? And where are places where the FCC can act or can even do more to mitigate these complex risks in the coming years?

Adam Chan

I think these risks will only grow over the near term as submarine cables are ever more critical and as AI becomes ever more critical to the US and global economy, to national security, et cetera. Additionally, we see often their kind of tenuous connections to certain of our Asian allies, to many of the Pacific island states, to Taiwan, that kind of thing. And so I think we see these risks as growing, at least in the near term, especially as tensions potentially are high with certain countries. But over time, I think we have a real opportunity to substantially reduce the risks by building in resiliency within the cable system overall that, you know, the more cables that are built that we can say confidently are secure, the safer we are because the harder it is to disrupt cables if they're, you know, if one gets damaged or to get damaged or three get damaged, you know, if there are 10 backups, that's not as significant threat. Obviously in the kind of telecom sector more generally, there are a range of risks. As you mentioned, I think we see submarine cable infrastructure as particularly critical node in the sort of telecom sector more generally. But there are other critical sectors. I mean, obviously we're also thinking about kind of new forms of communication like space industry is a big one with obvious national security implications to it. Additionally, the FCC regulates devices that emit radio frequency, which is most every tech device and their potential, you know, supply chain and cyber vulnerabilities there. I think one that definitely keeps me up at night is drones. We've seen in the sort of military applications of even small commercial drones in say Ukraine or the Middle east that, you know, most of the drones in the United States are produced by, you know, a Chinese military company called dji. Like obviously that poses some substantial, substantial risks that we're sort of concerned with. But I think in the submarine cable space at least we're hopeful this is a good kind of step in the right direction to make things more secure.

Justin Sherman

Lastly, but certainly not least, a lot of what we're discussing today pertains to how the US Government designs and implements and enforces regulations on the private sector to protect national security, as with both the cable rules that just came out as well as the upcoming ones you were talking about. So how do you see the future of US Government engagement with companies about these issues evolving? And how is the FCC currently thinking about all those trade offs around engaging with industry or the public on issues that are important and impactful? And as We've said have transparency and other considerations, yet also deal with really complex, plenty of times, secretive, fast moving national security threats.

Adam Chan

No, I think this is really a great question and I think, Chairman Carr, I really see this public engagement as critical in our role and in the sort of this new Council on National Security that the FCC has set up. I think traditionally a lot of the national security agencies, be it DoD or the intelligence community or the FBI or Department of justice that do a lot of great work in the national security space, like obviously industry is just going to be a lot more. Either industry can engage at all, for the most part, like the intelligence community, or are going to be a lot more cautious with certain entities than they would with the fcc, which is more of a traditional economic regulator. And so that allows us, I think, a real opportunity to interface with industry, I think, in this, in this rulemaking. You know, I had a lot of meetings with various industry groups, coalitions, companies. Industry filed a lot of comments in our record. I'm sure they're going to file a lot of comments in our record for the further notice of proposed rulemaking, especially on this frequent flyer program we discussed. I think ultimately we see American industry is obviously critical to innovation, to infrastructure building in the United States, and their success is ultimately critical to America's success in the broader strategic competition. That said, I think we also need industry to do more on the national security front, especially in critical industries like technology, telecom, that we really need to see them rise to the challenge when it comes to foreign adversaries like China, mitigate their risk exposure, ultimately. Decouple. I think we're starting with the submarine cable sector to maybe help bend the curve in that direction such that, you know, industry has substantial carrots and sticks to adopt national security when it comes to foreign adversaries. And, you know, if we can incentivize them to, you know, adopt good standards, you know, and provide kind of clear rules, clear guidelines of kind of what something like this would be. And if they do it, then they would really have the support from us and from the government to, you know, innovate, build, and thus support, you know, a growing American economy and strengthening US national security.

Justin Sherman

That's all the time we have. Adam, thanks very much for joining us.

Adam Chan

Thanks so much for having me, Justin.

Justin Sherman

The Lawfare podcast is produced in cooperation with the Brookings Institution. You can get ad free versions of this and other Lawfare podcasts by becoming a Lawfare material supporter through our website, lawfairmedia.org support. You'll also get access to special events and other content available only to our supporters. Please rate and review us wherever you get your podcasts. Look out for our other podcasts, including Rational Security, Allies, the Aftermath, and Escalation. Our latest Lawfare Presents podcast series about the war in Ukraine. Check out our written work@lawfaremedia.org the podcast is edited by Jen Powell and our audio engineer. This episode was Goat Rodeo. Our theme song is from Alibi Music. As always, thank you for listening.

Sleep Number Advertiser

This is Rose Rose's flight is delayed again. At this point, she has walked the entire terminal twice and has memorized every news headline on the airport tv. All she really wants is to do is take off. Good thing Rose has a library of free ebooks with Prime. Suddenly she's chasing bad guys, kissing hot vampires, solving murders. You know, living her best life. Free ebooks library. It's on Prime.