[House Hearing, 117 Congress]
[From the U.S. Government Publishing Office]




 
   A SAFE WIRELESS FUTURE: SECURING OUR NETWORKS AND SUPPLY CHAINS

=======================================================================

                             HYBRID HEARING

                               BEFORE THE

             SUBCOMMITTEE ON COMMUNICATIONS AND TECHNOLOGY

                                 OF THE

                    COMMITTEE ON ENERGY AND COMMERCE
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED SEVENTEENTH CONGRESS

                             FIRST SESSION

                               __________

                             JUNE 30, 2021

                               __________

                           Serial No. 117-41
                           
                           
  [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]                         
                           
                           


     Published for the use of the Committee on Energy and Commerce

                   govinfo.gov/committee/house-energy
                        energycommerce.house.gov                       
                        
                        
                             ______

             U.S. GOVERNMENT PUBLISHING OFFICE 
 51-410          WASHINGTON : 2023
                      
                        
                        
                        
                        
                    COMMITTEE ON ENERGY AND COMMERCE

                     FRANK PALLONE, Jr., New Jersey
                                 Chairman
BOBBY L. RUSH, Illinois              CATHY McMORRIS RODGERS, Washington
ANNA G. ESHOO, California              Ranking Member
DIANA DeGETTE, Colorado              FRED UPTON, Michigan
MIKE DOYLE, Pennsylvania             MICHAEL C. BURGESS, Texas
JAN SCHAKOWSKY, Illinois             STEVE SCALISE, Louisiana
G. K. BUTTERFIELD, North Carolina    ROBERT E. LATTA, Ohio
DORIS O. MATSUI, California          BRETT GUTHRIE, Kentucky
KATHY CASTOR, Florida                DAVID B. McKINLEY, West Virginia
JOHN P. SARBANES, Maryland           ADAM KINZINGER, Illinois
JERRY McNERNEY, California           H. MORGAN GRIFFITH, Virginia
PETER WELCH, Vermont                 GUS M. BILIRAKIS, Florida
PAUL TONKO, New York                 BILL JOHNSON, Ohio
YVETTE D. CLARKE, New York           BILLY LONG, Missouri
KURT SCHRADER, Oregon                LARRY BUCSHON, Indiana
TONY CARDENAS, California            MARKWAYNE MULLIN, Oklahoma
RAUL RUIZ, California                RICHARD HUDSON, North Carolina
SCOTT H. PETERS, California          TIM WALBERG, Michigan
DEBBIE DINGELL, Michigan             EARL L. ``BUDDY'' CARTER, Georgia
MARC A. VEASEY, Texas                JEFF DUNCAN, South Carolina
ANN M. KUSTER, New Hampshire         GARY J. PALMER, Alabama
ROBIN L. KELLY, Illinois, Vice       NEAL P. DUNN, Florida
    Chair                            JOHN R. CURTIS, Utah
NANETTE DIAZ BARRAGAN, California    DEBBBIE LESKO, Arizona
A. DONALD McEACHIN, Virginia         GREG PENCE, Indiana
LISA BLUNT ROCHESTER, Delaware       DAN CRENSHAW, Texas
DARREN SOTO, Florida                 JOHN JOYCE, Pennsylvania
TOM O'HALLERAN, Arizona              KELLY ARMSTRONG, North Dakota
KATHLEEN M. RICE, New York
ANGIE CRAIG, Minnesota
KIM SCHRIER, Washington
LORI TRAHAN, Massachusetts
LIZZIE FLETCHER, Texas
                                 ------                                

                           Professional Staff

                   JEFFREY C. CARROLL, Staff Director
                TIFFANY GUARASCIO, Deputy Staff Director
                  NATE HODSON, Minority Staff Director
             Subcommittee on Communications and Technology

                        MIKE DOYLE, Pennsylvania
                                 Chairman
JERRY McNERNEY, California           ROBERT E. LATTA, Ohio
YVETTE D. CLARKE, New York             Ranking Member
MARC A. VEASEY, Texas                STEVE SCALISE, Louisiana
A. DONALD McEACHIN, Virginia         BRETT GUTHRIE, Kentucky
DARREN SOTO, Florida                 ADAM KINZINGER, Illinois
TOM O'HALLERAN, Arizona              GUS M. BILIRAKIS, Florida
KATHLEEN M. RICE, New York           BILL JOHNSON, Ohio
ANNA G. ESHOO, California            BILLY LONG, Missouri
G. K. BUTTERFIELD, North Carolina    RICHARD HUDSON, North Carolina
DORIS O. MATSUI, California, Vice    MARKWAYNE MULLIN, Oklahoma
    Chair                            TIM WALBERG, Michigan
PETER WELCH, Vermont                 EARL L. ``BUDDY'' CARTER, Georgia
KURT SCHRADER, Oregon                JEFF DUNCAN, South Carolina
TONY CARDENAS, California            JOHN R. CURTIS, Utah
ROBIN L. KELLY, Illinois             CATHY McMORRIS RODGERS, Washington 
ANGIE CRAIG, Minnesota                   (ex officio)
LIZZIE FLETCHER, Texas
FRANK PALLONE, Jr., New Jersey (ex 
    officio)
                             C O N T E N T S

                              ----------                              
                                                                   Page
Hon. Mike Doyle, a Representative in Congress from the 
  Commonwealth of Pennsylvania, opening statement................     2
    Prepared statement...........................................     4
Hon. Robert E. Latta, a Representative in Congress from the State 
  of Ohio, opening statement.....................................     6
    Prepared statement...........................................     7
Hon. Jerry McNerney, a Representative in Congress from the State 
  of California, opening statement...............................    10
    Prepared statement...........................................    12
Hon. Cathy McMorris Rodgers, a Representative in Congress from 
  the State of Washington, opening statement.....................    14
    Prepared statement...........................................    16
Hon. Anna G. Eshoo, a Representative in Congress from the State 
  of California, prepared statement..............................    95

                               Witnesses

Dileep Srihari, Senior Policy Counsel, Access Partnership........    19
    Prepared statement...........................................    22
Jason Boswell, Head of Security, Network Product Solutions, 
  Ericsson North America.........................................    29
    Prepared statement...........................................    31
    Answers to submitted questions...............................    97
Dean R. Brenner, Senior Vice President, Spectrum Strategy and 
  Tech Policy, Qualcomm Incorporated.............................    44
    Prepared statement...........................................    46
Clete D. Johnson, Senior Fellow, Center for Strategic and 
  International Studies..........................................    50
    Prepared statement...........................................    52

                           Submitted Material

H.R. 2685, the Understanding Cybersecurity of Mobile Networks 
  Act, submitted by Mr. Doyle\1\
H.R. 3919, the Secure Equipment Act of 2021, submitted by Mr. 
  Doyle\1\
H.R. 4028, the Information and Communication Technology Strategy 
  Act, submitted by Mr. Doyle\1\
H.R. 4029, the Timely Evaluation of Acquisitions, Mergers, or 
  Transactions with External, Lawful Entities to Clear Owners and 
  Management Act, submitted by Mr. Doyle\1\
H.R. 4032, the Open RAN Outreach Act, submitted by Mr. Doyle\1\
H.R. 4045, the Future Uses of Technology Upholding Reliable and 
  Enhanced Networks Act, submitted by Mr. Doyle\1\
H.R. 4046, the NTIA Policy and Cybersecurity Coordination Act, 
  submitted by Mr. Doyle\1\
H.R. 4055, the American Cybersecurity Literacy Act, submitted by 
  Mr. Doyle\1\
H.R. 4067, the Communications Security Advisory, submitted by Mr. 
  Doyle\1\

----------

\1\ The legislation has been retained in committee files and is 
available at https://docs.house.gov/Committee/Calendar/
ByEvent.aspx?EventID=112840.


    A SAFE WIRELESS FUTURE: SECURING OUR NETWORKS AND SUPPLY CHAINS

                              ----------                              


                        WEDNESDAY, JUNE 30, 2021

                  House of Representatives,
     Subcommittee on Communications and Technology,
                          Committee on Energy and Commerce,
                                                    Washington, DC.
    The subcommittee met, pursuant to call, at 10:30 a.m., in 
the John D. Dingell Room 2123, Rayburn House Office Building, 
and remotely via Cisco Webex online video conferencing, Hon. 
Mike Doyle (chairman of the subcommittee) presiding.
    Members present: Representatives Doyle, McNerney, Clarke, 
Veasey, McEachin, Soto, O'Halleran, Rice, Eshoo, Butterfield, 
Matsui, Welch, Schrader, Cardenas, Kelly, Craig, Fletcher, 
Pallone (ex officio), Latta (subcommittee ranking member), 
Scalise, Guthrie, Kinzinger, Bilirakis, Johnson, Mullin, 
Walberg, Duncan, Curtis, and Rodgers (ex officio).
    Also present: Representative Joyce.
    Staff present: AJ Brown, Counsel; Jennifer Epperson, 
Counsel; Waverly Gordon, General Counsel; Jessica Grandberry, 
Staff Assistant; Perry Hamilton, Clerk; Alex Hoehn-Saric, Chief 
Counsel, Communications and Consumer Protection; Zach Kahan, 
Deputy Director, Outreach and Member Service; Jerry Leverich, 
Senior Counsel; Joe Orlando, Policy Analyst; Kaitlyn Peel, 
Digital Director; Chloe Rodriguez, Clerk; Kate Arey, Minority 
Content Manager and Digital Assistant; Sarah Burke, Minority 
Deputy Staff Director; Michael Cameron, Minority Policy 
Analyst, Consumer Protection and Commerce, Energy, Environment; 
William Clutterbuck, Minority Staff Assistant/Policy Analyst; 
Theresa Gambo, Minority Financial and Office Administrator; 
Jack Heretik, Minority Press Secretary; Nate Hodson, Minority 
Staff Director; Sean Kelly, Minority Press Secretary; Peter 
Kielty, Minority General Counsel; Emily King, Minority Member 
Services Director; Bijan Koohmaraie, Minority Chief Counsel, 
Oversight and Investigations Chief Counsel; Kate O'Connor, 
Minority Chief Counsel, Communications and Technology; Clare 
Paoletta, Minority Policy Analyst, Health; Olivia Shields, 
Minority Communications Director; Michael Taggart, Minority 
Policy Director; Evan Viau, Minority Professional Staff Member, 
Communications and Technology; and Everett Winnick, Minority 
Director of Information Technology.
    Mr. Doyle. The committee will now come to order.
    Today, the Subcommittee on Communications and Technology is 
holding a hearing entitled ``A Safe Wireless Future: Securing 
Our Networks and Supply Chain.''
    Due to COVID-19 public health emergency, Members can 
participate in today's hearing either in person or remotely via 
online video conferencing. Members who are not vaccinated and 
participating in person must wear a mask and be socially 
distanced. Such Members may remove their mask when they are 
under recognition and speaking from a microphone. Staff and 
press who are not vaccinated and present in the committee room 
must wear a mask at all times and be socially distanced.
    For Members participating remotely, your microphones will 
be set on mute for the purpose of eliminating inadvertent 
background noise. Members participating remotely will need to 
unmute your microphone each time you wish to speak. Please note 
that once you unmute your microphone, anything that is said in 
Webex will be heard over the loud speakers in the committee 
room and subject to be heard by live stream and C-SPAN.
    Since Members are participating from different locations at 
today's hearing, all recognition of Members, such as for 
questions, will be in the order of subcommittee seniority.
    The Chair now recognizes himself for 5 minutes.

   OPENING STATEMENT OF HON. MIKE DOYLE, A REPRESENTATIVE IN 
         CONGRESS FROM THE COMMONWEALTH OF PENNSYLVANIA

    I want to thank you all for coming. Thank you to our 
witnesses, some of whom are here in person and some of whom are 
here on screens, just as some of our Members are. This is a 
hybrid hearing, and in a way it highlights the promise of new 
technologies to our country itself, even as we may resume many 
in-person activities.
    Advances in technology have brought us to this place and 
allowed us all to continue life as normally as possible over 
the past year-plus. The pandemic made online work, education, 
civil engagement, and social interaction a norm and a 
requirement for large parts of society. Our telecommunication 
networks and the supply chains that feed those networks 
answered the increased demand and kept our Nation connected. 
And while the pandemic is not over yet, it is clear that the 
need and demand for connectivity will just keep growing.
    The bipartisan work of this committee has laid the 
foundation for the Nation's telecommunications networks to 
flourish. And to ensure that this continues, we look to foster 
innovation and competition, protect our networks and supply 
chains from threats by nontrusted actors, and provide the 
marketplace with a predictable, stable government, a government 
that is a partner as well as a regulator.
    So let's get to it. There are nine bills before us, a 
herculean effort, and nearly all of them are bipartisan. We can 
think of them as loosely falling into three categories.
    Three could be considered bills to keep the public, smaller 
providers, and small businesses educated about how to protect 
their telecommunications networks and supply chains and to 
provide support to them as they navigate the changing network 
and supply chain marketplaces. These are the Understanding 
Cybersecurity of Mobile Networks Act, the Open RAN Outreach 
Act, and the American Cybersecurity Literacy Act.
    The second group of bills that will unlock--that will lock 
in support of Government entities to ensure that our networks 
and supply chains remain safe, these are the Communications 
Security Advisory Act of 2021, the NTIA Policy and 
Cybersecurity Coordination Act, among others.
    And, finally, the third set of bills will facilitate U.S. 
leadership with regard to what technologies come next and how 
we can leverage them to improve the lives of Americans in all 
corners of our Nation. These are the Secure Equipment Act of 
2021, the Information and Communication Technology Strategy 
Act, and the FUTURE Networks Act.
    There is a lot packed into these proposals, and no doubt we 
will need to make changes to improve and clarify each of them, 
but I look forward to doing that with my friends and colleagues 
on both sides of the aisle.
    Let me take a moment to discuss the FUTURE Networks Act, 
which is a bill I introduced along with my friends 
Representatives McBath and Johnson. The FUTURE Networks Act 
will require the Federal Communications Commission to create a 
6G task force with members appointed by the chair and 
comprising representatives from trusted companies, public 
interest groups, and government representatives at every level 
of government, including Tribes. The mandate of the task force 
would be to report on possible uses, strengths, and limitations 
of sixth-generation wireless technology including any supply 
chain, cybersecurity, or other limitations that will need to be 
addressed as wireless technology evolves.
    Convening a broad group of key stakeholders in the early 
stages of 6G development will ensure continued U.S. leadership 
in the global economy. Congress can accelerate our success as a 
Nation by opening the door to new ideas and inventions and 
fostering healthy competition here at home.
    Our job in this committee is to examine, nurture, and 
encourage those advances in technology and ensure that they are 
brought to bear in a manner that makes our lives better. And 
today's subcommittee hearing, I believe, will help us do just 
that.
    [The prepared statement of Mr. Doyle follows:]
    [GRAPHIC] [TIFF OMITTED] T1410.001
    
    [GRAPHIC] [TIFF OMITTED] T1410.002
    
    Mr. Doyle. I am finished with my opening statement. And it 
gives me great pleasure now to yield to our ranking member, my 
good friend Mr. Latta, for 5 minutes for his opening statement.

OPENING STATEMENT OF HON. ROBERT E. LATTA, A REPRESENTATIVE IN 
                CONGRESS FROM THE STATE OF OHIO

    Mr. Latta. Well, thank you very much to my good friend, the 
chairman of the subcommittee, for holding today's hearing. 
Greatly appreciate our witnesses being here. It is great to see 
everybody in person again. It really is. So really great to be 
here to discuss the nine pieces of legislation which aim to 
further improve the security of our Nation's communication 
networks.
    Though we don't agree with our Democratic colleagues on 
every issue, I am proud of our bipartisan record when it comes 
to securing our communications supply chain. Our leadership in 
5G, 6G, and beyond depends on ensuring that all parts of our 
networks are secure and on having policies that encourage 
investment in wireless and innovative technologies in the 
United States.
    In April, this committee held a bipartisan hearing on 
supply chain security issues where there was a bipartisan 
agreement that we must maintain our global wireless leadership 
and prevent adversaries like China from threatening our 
economic national security. Today, I am pleased to see the 
bipartisan bill before us that would help advance these bills.
    As part of this effort, I am working on legislation to 
require the FCC to develop rules to stipulate the Commission 
may not certify or authorize any radio frequency devices that 
originates from the Uyghur autonomous region of the People's 
Republic of China. This would assist in the effort to help end 
the forced-labor abuses that have come to light in that region 
by the Communist--by the Chinese Communist Party.
    While this legislation is not being considered today, I 
hope my colleagues will work with me to advance that 
legislation going forward.
    The bills before us today are just a few important concepts 
to promote the next generation of secure technologies. We must 
also acknowledge the advances being made by companies in the 
United States in these areas.
    5G technology opened our eyes to many new vulnerabilities 
that come with advanced technologies. And as these companies 
have already begun work on 6G, they are developing innovative 
solutions to network security. We must ensure that Congress and 
Federal agencies are up to date on these developments and 
prepared to knock down any barriers that may arise.
    I am pleased that we continue to build on this 
subcommittee's tradition of bipartisanship on issues of 
national security, and also thank my friends across the aisle 
for holding hearings on these bills.
    [The prepared statement of Mr. Latta follows:]
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
     
    
    Mr. Latta. Mr. Chairman, at this time, I would now yield 
the balance of my time to my good friend and colleague, the 
gentleman from Ohio, Mr. Johnson.
    Mr. Johnson. Well, I thank the ranking member for yielding.
    I am very pleased that my bill, H.R. 4029, the TEAM TELECOM 
Act, is included in today's legislative hearing. This 
legislation is very straightforward. It simply codifies the 
existing executive branch process for performing national 
security reviews when requests are submitted to the FCC for 
provider services and when an applicant exceeds the foreign 
ownership threshold.
    This process includes an interagency working group composed 
of national security and law enforcement representatives that 
provide the FCC with the recommendation to either fully grant, 
grant conditionally on mitigation, or deny the application 
based on their national security or law enforcement 
perspective. It is critically important that we equip the FCC 
with the tools necessary to protect America's 
telecommunications networks from foreign interference or 
manipulation.
    H.R. 4029 provides certainty and transparency to the TEAM 
TELECOM review process that would protect our national security 
interests, while providing foreign investors a straightforward 
application process that includes standardized application 
questions and a timely review and notification process. Having 
NTIA in charge of the coordinating efforts would also build on 
their interagency coordination role while preserving the 
subject matter expertise of appropriate national security and 
intelligence agencies that compose TEAM TELECOM.
    And, finally, I welcome any of my colleagues on the 
Democratic side to join me as a cosponsor of this very 
commonsense legislation.
    Thank you again for yielding, and I yield back.
    Mr. Latta. Well, I thank the gentleman.
    And, Mr. Chairman, I look forward to hearing the feedback 
from our esteemed witness panel, and continue to work together 
to pass substantive bipartisan policies to maintain our 
strength and leadership in wireless innovation within the 
industry.
    And I yield back.
    Mr. Doyle. The gentleman yields back.
    The Chair now recognizes Mr. McNerney for 5 minutes for his 
opening statement.

 OPENING STATEMENT OF HON. JERRY McNERNEY, A REPRESENTATIVE IN 
             CONGRESS FROM THE STATE OF CALIFORNIA

    Mr. McNerney. Well, I thank the chairman. I am glad we are 
having this hearing today because, as we have watched wireless 
communication technologies and networks evolve, I am concerned 
that our security technologies may not be keeping pace. 
Consumer demand is driving the growth of wireless devices that 
connect to the internet, while this country simultaneously 
faces increasing threats to our networks and supply chains. 
Moreover, Internet of Things devices can be hijacked by bad 
actors, including foreign adversaries, to target other parts of 
the network infrastructure, and wireless networks can also be 
exposed to risks by their own network components.
    The risk has grown as foreign, nontrusted companies have 
become major providers in the telecommunication supply chain 
both here and around the world. Addressing risks to our own 
supply chain will take more than just industry or just 
government to solve. Congressional action is needed to help the 
industry fortify itself.
    Today, we are considering a fair number of bills, and I 
have cosponsored almost all of them. Each bill does something 
different, but they all have a similar aim, which is to 
strengthen the Nation, its consumers, and trusted companies we 
partner with against network and supply chain risks.
    First, I am coleading, along with Representatives Long and 
Spanberger, H.R. 4028, the Information and Communication 
Technology Strategy Act, which would direct the Secretary of 
Commerce to report on economic competitiveness of trusted 
vendors in the information and communications technology supply 
chain, identify which components or technologies are critical 
or vulnerable, and identify which components or technologies 
the U.S. networks cannot work without.
    Next, I am cosponsoring H.R. 3919, the Secure Equipment Act 
of 2021, with Representatives Eshoo and Scalise. This bill 
would provide the FCC--would prohibit the FCC from reviewing or 
approving applications from companies on the Commission's 
covered list as required under the Secure and Trusted 
Communications Network Act.
    There are several other bills, all thoughtful products of 
my colleagues on both sides of the aisle, and I look forward to 
hearing more about them today.
    Representative Doyle's FUTURE Network Act will ensure that 
we stay on top of policy considerations as wireless services 
continue to evolve. Representative O'Halleran's Open RAN 
Outreach bill will help smaller providers stay competitive in 
the U.S. market by helping them consider their network options. 
Representative Kinzinger's Cybersecurity Literacy Act will 
empower families and businesses with information to keep their 
digital lives secure. And Representative Schrader's 
Communication Security Advisory Act will institutionalize an 
important public and private forum for sharing information and 
best practices.
    I will let the other cosponsors talk about the bills, but 
in general the reason why I am cosponsoring these bills is 
because, in one way or another, each one either supports our 
consumers and smaller providers by educating them about risks 
and threats, while also encouraging competition and innovation, 
or pushes the country forward by fostering network security 
thought leadership with our agencies performing a much-needed 
steady hand at the wheel. These are important initiatives and 
will help our country enter the age, not just the 5G, but of 6G 
and beyond, and do it safely and securely.
    Thank you, Mr. Chairman. And I yield back.
    [The prepared statement of Mr. McNerney follows:]
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
 
    Mr. Doyle. The Chair recognizes Mrs. Rodgers, the ranking 
member of the full committee, for 5 minutes for her opening 
statement.

      OPENING STATEMENT OF HON. CATHY McMORRIS RODGERS, A 
    REPRESENTATIVE IN CONGRESS FROM THE STATE OF WASHINGTON

    Mrs. Rodgers. Thank you, Mr. Chairman.
    Welcome, everyone.
    With the recent cyber attacks on our critical 
infrastructure and priorities to secure America's competitive 
edge from adversaries like China and Russia, it is crucial that 
we continue to bolster our economic success and global 
leadership. We do not want the Chinese Communist Party setting 
standards for 5G and 6G. America must be at the forefront. It 
is our duty to find solutions to ensure a robust and secure 
supply chain for our communications networks.
    Today, I am pleased that we are considering bipartisan 
legislation that builds on our past achievements to advance our 
economic and national security. We worked together to pass the 
Secure and Trusted Communications Networks Act and because we 
all agree that we need to stop our adversaries from placing 
their equipment on our networks.
    For communication networks, we have also taken concrete 
actions to facilitate and support the next wave of innovation, 
including open RAN technology to increase vendor diversity and 
strengthen American and allied companies. Now we must work 
together to strengthen our security of our networks as the 
industry deploys advanced technologies.
    We have a slate of important legislation we are discussing 
today, including H.R. 4028, Mr. Long's ICT Strategy Act, which 
will direct NTIA to identify which components or technologies 
are crucial and possibly vulnerable in networks in the United 
States. NTIA would use this information to develop a whole-of-
government strategy to ensure the economic competitiveness of 
trusted communication technology vendors. It is critical that 
we push back against Huawei and others who are undercutting the 
trusted supply chain.
    I will now yield to my colleague, Mr. Duncan, to talk about 
his bipartisan bill.
    Mr. Duncan. I thank the ranking member.
    And I first want to thank Chairman Doyle for your efforts 
to bring bipartisan legislation forward. Your efforts are noted 
and appreciated.
    I want to speak in support of our bipartisan legislation, 
H.R. 4046, the NTIA Policy and Cybersecurity Coordination Act. 
Everyone knows our Nation has been under constant attack from 
cyber criminals, including state sponsors and multinational 
criminal cartels, who have used ransomware attacks against 
pipelines, hospitals, schools, local governments, and 
businesses of every shape and size. We must coordinate our 
policy responses across Federal Government to protect our 
people in a coordinated way.
    So our bill will allow the NTIA to build on their 
multistakeholder policy development and expertise to act as a 
central clearinghouse for cybersecurity policy development to 
respond to and prevent these attacks from succeeding. This bill 
codifies the existing Office of Policy Analysis and Development 
and allows them to continue current functions. We then rebrand 
the office to elevate the cybersecurity focus and expand the 
cybersecurity policy development role of that office to play a 
coordinating function all across Federal Government.
    So I want to also thank my original cosponsors, Susan Wild 
of Pennsylvania and John Curtis of Utah, for their bipartisan 
support. And I ask the whole committee to support this 
important legislation.
    I yield back the balance of my time.
    Mrs. Rodgers. Mr. Chairman, I will just say thank you again 
for today's hearing. Appreciate you bringing forward these 
bipartisan bills on an important subject, and look forward to 
hearing from our witnesses.
    I yield back the balance of my time.
    [The prepared statement of Mrs. Rodgers follows:]
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
 
    
    Mr. Doyle. I thank the gentlelady. The gentlelady yields 
back.
    The Chair would like to remind Members that, pursuant to 
committee rules, all Members' written opening statements shall 
be made part of the record.
    So it is now my great pleasure to introduce our witnesses 
for today's hearing.
    Mr. Dileep Srihari, senior policy counsel, Access 
Partnership. Welcome.
    Mr. Jason Boswell, head of security, Network Product 
Solutions, Ericsson. Welcome.
    Mr. Dean Brenner, SVP, senior vice president, spectrum 
strategy and tech policy, Qualcomm Incorporated. Welcome.
    And last but certainly not least, Mr. Clete Johnson--I love 
that first name, Clete Johnson; there must have been a baseball 
player in your family--senior fellow, Strategic Technologies 
Program, Center for Strategic and International Studies.
    We want to thank our witnesses for joining us. We look 
forward to your testimony.
    The Chair is going to recognize each witness for 5 minutes. 
Now, if you go over 5 minutes, a trap door opens beneath your 
chair and you will never be heard from again. This subcommittee 
has--this particular subcommittee are sticklers for not only 
our witnesses but especially our Members on both sides of the 
aisle adhering to the 5-minute rule and not to ask questions 
with 3 seconds left that causes the witness to talk 2 more 
minutes. So, with those admonitions, we will get started.
    And we will recognize Mr. Srihari for 5 minutes.

  STATEMENTS OF DILEEP SRIHARI, SENIOR POLICY COUNSEL, ACCESS 
 PARTNERSHIP; JASON BOSWELL, HEAD OF SECURITY, NETWORK PRODUCT 
SOLUTIONS, ERICSSON NORTH AMERICA; DEAN R. BRENNER, SENIOR VICE 
    PRESIDENT, SPECTRUM STRATEGY AND TECH POLICY, QUALCOMM 
 INCORPORATED; AND CLETE D. JOHNSON, SENIOR FELLOW, CENTER FOR 
              STRATEGIC AND INTERNATIONAL STUDIES

                  STATEMENT OF DILEEP SRIHARI

    Mr. Srihari. Thank you, Mr. Chairman.
    Chairman Doyle, Ranking Member Latta, members of the 
subcommittee, my name is Dileep Srihari, and I am senior policy 
counsel at Access Partnership, a global tech policy consulting 
firm. Thank you very much for the opportunity to appear before 
you today in person. I am very honored to be here today.
    My statement this morning will focus on three general topic 
areas: first, the promise of open network architectures, 
including open RAN; second, maintaining and promoting U.S. 
technological leadership; and third, ensuring that NTIA and the 
FCC are well positioned to meet heightened expectations 
regarding network supply chain security.
    First, on open networks, open networks enable the 
disaggregation of traditional network infrastructure elements, 
such as the base station in a radio access network, or RAN, 
into subelements and functions. This enables interoperability 
between products and vendors and thus increases competition.
    The global RAN infrastructure market has been dominated by 
a handful of companies, but the move towards open RAN is 
unlocking the market and enabling new entrants, especially 
American companies who lead in software.
    To keep things moving, Congress should do several things. 
First, fund the USA TELECOM Act. The House should provide at 
least $1.5 billion for the USA Telecom domestic fund, $500 
million for the multilateral fund, consistent with the Senate's 
approach.
    Second, support both the public and private sector test 
beds to help build greater confidence among U.S. operators, 
even as the technology is already being deployed today.
    Third, provide support for companies, especially small 
companies, to participate in relevant standards organizations.
    Fourth, promote outreach and education for smaller and 
rural operators, building on the open RAN showcase that Acting 
Chairman Rosenworcel is hosting in 2 weeks.
    Finally, Congress as a whole should streamline access to 
funding for U.S. open RAN vendors competing for business 
overseas. The competition is fierce, and some of the foreign 
vendors benefit from mass subsidies and other noncompetitive 
advantages.
    A second topic is maintaining U.S. leadership in next-
generation technology. One of the best ways to strengthen the 
supply chains of U.S. networks is to ensure that the domestic 
ICT industry continues to lead the world.
    On 6G, the EU is supporting a consortium whose explicit 
purpose is to put Europe at the forefront of research and 
development in 6G. There is also little doubt that China 
intends to seek leadership in this space.
    Industry should ultimately be leading the way towards new 
standards, but early strategic partnerships could potentially 
prove beneficial.
    Congress should also begin regularly reinvesting a portion 
of spectrum auction revenue into telecom purposes. Since the 
2012 Spectrum Act was enacted, the Federal Government has 
collected over $150 billion in gross proceeds from spectrum 
auctions. While it may be tough to look backward, Congress 
should plan ahead now for future reinvestment. Some have 
proposed a 10 percent rural dividend from spectrum auctions--it 
should be higher--but we also need a research dividend. Even 1 
percent of auction proceeds over the past decade, which works 
out to roughly $1.5 billion, would have been significant, 
although we should now aim higher.
    Finally, my third topic is that this subcommittee needs to 
ensure that NTIA and the FCC are well organized and capable of 
carrying out their assignments in these areas. Six of the nine 
bills before you today would potentially add to or reconfigure 
NTIA's workload. The members of this subcommittee must ensure 
that NTIA has the capacity to execute on these additional 
functions.
    As I have explained in my written statement, the relevant 
staffing within NTIA is actually quite small, although the 
President is currently proposing some increases.
    Finally, this hearing illustrates that NTIA needs an 
Administrator, given the growing importance of what it is being 
asked to do. Ideally, Congress should hear from NTIA itself on 
these issues, and the Administrator position was vacant during 
the previous administration for far too long. You should urge 
the President to fill this vacancy.
    Mr. Chairman, thank you again for the opportunity to appear 
before you this morning. I look forward to answering your 
questions.
    [The prepared statement of Mr. Srihari follows:]
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
 
    
    Mr. Doyle. And I would note that he left 50 seconds on the 
clock.
    Mr. Boswell, you are recognized for 5 minutes.

                   STATEMENT OF JASON BOSWELL

    Mr. Boswell. Thank you.
    Chairman Doyle, Ranking Member Latta, Chairman Pallone, and 
Ranking Member McMorris Rodgers----
    Mr. Doyle. Would you check if your microphone is on?
    Mr. Boswell. It says--it is red. Can you not hear me? Could 
it be a little bit closer?
    Mr. Doyle. Pull it a little closer to you.
    Mr. Boswell. Let's try that. Is that better? OK. Shall I 
start over, please? OK. I will let the time--there we go.
    Chairman Doyle, Ranking Member Latta, Chairman Pallone, and 
Ranking Member McMorris Rodgers, members of the committee, 
thank you for the opportunity to share Ericsson's views on 
secure and reliable wireless communications. We appreciate your 
ongoing focus on secure communications networks, which are a 
top priority for me, for Ericsson, and for our Nation.
    Ericsson has focused on network security for decades, 
contributing to numerous technical committees and standards 
bodies and establishing dedicated internal security 
organizations. As head of security for Network Product 
Solutions in Ericsson North America, I represent Ericsson in 
collaborative government efforts, including President Biden's 
NSTAC, the FCC's CSRIC, the DHS ICT Supply Chain Risk 
Management Task Force, and on the executive committee of the 
Communications Sector Coordinating Council, as well as many 
other initiatives.
    Since I last testified before Congress on March 4, 2020, 
our society has learned the indispensable value of secure, 
reliable, remote connectivity in every aspect of our lives. I 
know from my work at Ericsson and from my service on the NSTAC 
and on other bodies that the telecommunications industry as a 
whole has stepped up and excelled during this historic 
challenge. We are in a pivotal moment for the future of secure, 
reliable wireless communications, and we must not lose focus.
    5G will accelerate innovation and deliver transformative 
benefits and will be the most secure network generation yet. 
And at this moment, we have an opportunity for the U.S. to set 
a global example across policy, technology, and standards.
    I want to share Ericsson's perspective on key priorities 
and action items which can help guide us.
    Ericsson serves customers in the U.S. and in more than 180 
other countries, with nearly 8,000 U.S. employees. While our 
global headquarters is in Sweden, a longtime U.S. partner and 
defense treaty ally, the U.S. is effectively our domestic 
market as it is our largest market and it drives our global R&D 
investments.
    We have key operations here and maintain strategic 
partnerships with many U.S. companies, such as Qualcomm, 
NVIDIA, Intel, and Juniper. In fact, the vast majority of all 
active intelligent electronics for our radio systems and even 
the silicon itself, which comes from Intel fabs, are sourced 
from U.S. companies.
    We are actively expanding our investment in U.S. 
manufacturing and jobs, opening a $100 million 5G smart factory 
in Texas last year and maintaining four U.S. R&D locations. We 
were also the first vendor to launch 5G across the U.S. We are 
committed to helping close the digital divide in rural America.
    Ericsson recognizes that security is fundamental to the 
success of 5G networks and commits significant resources to 
ensure that networks are trustworthy, resilient, and secure by 
design. Across all of our facilities, Ericsson secures our own 
supply chain with tight quality controls, traceability, 
integrity checks, site audits, tests and verifications. And 
years before the disruptions caused by COVID-19, we initiated a 
regionalization strategy for our supply chain to mitigate 
potential risks or regional disruptions--excuse me--and reduce 
our dependence on one supply site or vendor. Well before the 
attack on SolarWinds last year, all of Ericsson's software was 
subject to rigorous software development practices.
    The subcommittee can support our common goals of ensuring 
that U.S. telecommunications networks stay safe and secure in 
the following ways.
    First, pass, implement, and oversee legislation to promote 
wireless security. We commend you for developing and engaging 
with industry on the proposed legislation under discussion 
today, and we look forward to working with you on these bills 
and in future hearings such as this.
    Second, support actions to accelerate 5G deployment through 
increased spectrum access, streamlined small cell siting 
rulings, and incentives for rural build-out, and by ensuring 
wireless and 5G infrastructure qualify for funding in any 
broadband infrastructure funding legislation.
    Third, continue to enable a secure and robust marketplace 
of trusted suppliers. It is critical to leverage strategic 
codependencies among the U.S. and its partners and allies and 
develop policies that foster a diverse, trusted global market 
of suppliers that deliver high-performing, secure, and energy-
efficient network products to U.S. operators.
    Finally, continue to maintain a policy of technology 
neutrality. Ericsson heartily supports openness and the 
evolution toward open architectures, and that shift is taking 
place today within Ericsson and the industry without any 
government mandates or preferences.
    On behalf of Ericsson, I thank the subcommittee for its 
leadership in this area. I look forward to the work ahead, and 
I welcome your questions.
    [The prepared statement of Mr. Boswell follows:]
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
 
    Mr. Doyle. Thank you, Mr. Boswell.
    Mr. Brenner, you have 5 minutes.

                  STATEMENT OF DEAN R. BRENNER

    Mr. Brenner. Thank you.
    Chairman Doyle, Ranking Member Latta, and members of the 
subcommittee, my name is Dean Brenner, and I am here today on 
behalf of Qualcomm, which was founded in a San Diego living 
room but is now the world's leading supplier of chips, an 
entire modem-RF system, for smartphones, tablets, always 
connected laptops, cars, WiFi access points, and more, and the 
world's leading inventor and licensor of new wireless 
technologies.
    We are working on 5G at a feverish pace. It is rolling out 
far more rapidly and broadly than any prior wireless 
technology. There are over 165 operators providing 5G in over 
60 countries and nearly 1,000 5G devices that have been 
announced in development or for sale using our modem-RF system. 
Over 80 devices for 5G fixed wireless access use our solution 
too.
    Let me thank this subcommittee for enacting the Emergency 
Broadband Benefit, which is providing discounted connectivity 
and equipment to over 3 million low-income households, and the 
Emergency Connectivity Fund, which will provide devices and 
connectivity to millions of K-12 students.
    COVID has made it clear that everyone must have a device 
and connectivity. It is essential that we solve the digital 
divide--a 50-State urban-suburban-rural problem, especially for 
students and teachers, once and for all.
    Thank you also for years of collaboration over the key 
input we need for all of our technologies: spectrum. We don't 
just sit back and wait for new spectrum. Rather, our technical 
and standards work takes place in parallel with our spectrum 
initiatives so that, when new spectrum is allocated, we can put 
it into chips quickly to get it right into the hands of 
consumers.
    When the FCC allocated the 6 gigahertz band for WiFi and 
other technologies last year, we had chips using that band 
ready to go. Likewise, the FCC optioned the C-band spectrum, 
and when it starts coming into use late this year, we will have 
chips for the band. Now, we are working on new versions of 5G 
with many enhancements, but also on spectrum initiatives, to 
enable improved use of lower 37 gigahertz, 5.9 gigahertz, 60 
gigahertz, and other bands too.
    American leadership and wireless depends on continuing 
technological innovation but also freeing up a steady stream of 
more low-, mid-, and high-band spectrum. Doing so requires 
continuing the close collaboration among this subcommittee, the 
FCC, NTIA, other policymakers, the wireless industry, and 
others, and that is what we plan to do.
    Let me provide Qualcomm's perspective on three key topics 
covered by the nine bills in front of you today. The first is 
5G security, which has always been a top priority for Qualcomm. 
Qualcomm works on 5G security internally, with other companies, 
and in 3GPP, which sets 5G standards.
    Also, for many years, Qualcomm has been an active 
participant and leader in CSRIC, the FCC's Communications 
Security, Reliability, and Interoperability Council. In 2019, 
the chairman and ranking members of this subcommittee and the 
full committee asked then-FCC Chairman Pai that CSRIC examine 
5G security. Subsequently, one of Qualcomm's engineers, Dr. 
Farrokh Khatibi, was appointed to lead the CSRIC working group 
on that issue. We look forward to continuing our leadership 
efforts in the next CSRIC.
    The second topic is open RAN. Qualcomm is a leader in 
developing open RAN, which allows a more diverse group of 
suppliers to provide innovative, reliable, secure, and trusted 
cellular infrastructure at lower cost. We are actively 
participating in industry efforts to advance an open RAN 
ecosystem through research and development, standardization, 
testing, and security. We are working closely with operators 
and infrastructure manufacturers globally to help drive open 
RAN deployments.
    This week, we announced the world's first 3GPP Release 16 
5G open RAN platform for small cells, which supports open and 
virtualized RAN, open RAN for sub-6 gigahertz and millimeter 
wave bands to facilitate scaleable and cost-effective 5G 
networks across all bands. Our new platform will help drive 
open RAN with flexible and open architectures and power 
efficiency. We also announced a 5G Distributed Unit Accelerator 
Card, which is going to simplify the deployment of 5G virtual 
networks.
    The rapid deployment of open RAN goes hand-in-hand with the 
increasing densification of wireless networks. Densification is 
accelerating sharply in 5G, especially in millimeter wave 
bands, which enable multigigabit, ultralow latency, 
ultrareliable communication to fill in 5G's true potential. 
That is why 43 companies around the world joined us this week 
to announce their support for 5G millimeter wave.
    Finally, the last topic is 6G. Even while working on 
enhancing 5G, we have begun to work on 6G in a very early 
research-an-development phase and to work with NTIA and 
potential spectrum bands for testing. One focus will be on 
spectrum in the 7-to-24-gigahertz range for wide coverage. 
Identifying and freeing up such bands will be a multiyear 
effort. We are also working in industry groups that are 
beginning to discuss 6G. I am quite confident that Qualcomm 
will lead the way on 6G.
    Thank you, and I look forward to your questions.
    [The prepared statement of Mr. Brenner follows:]
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
 
    
    Mr. Doyle. Thank you, Mr. Brenner.
    Mr. Johnson, you are recognized for 5 minutes.

                 STATEMENT OF CLETE D. JOHNSON

    Mr. Johnson. Thank you so much, Chairman Doyle and Ranking 
Member Latta, Ranking Member McMorris Rodgers, Members. I thank 
you for the opportunity to join you here in person. It is a 
delight.
    Having been in the policy trenches on communications 
security issues through many administrations and Congresses, I 
am especially grateful for your bipartisan approach. In my work 
in the Senate, at the FCC, at Commerce, within the NSC, and now 
in private practice, I have been involved in nearly every 
cybersecurity policy development since the Bush administration.
    Through Presidents Bush, Obama, Trump, and now Biden, the 
clear trajectory of cybersecurity policy is, first, industry 
leadership and, second, industry partnership with a well-
coordinated Federal interagency. Successive Congresses and 
administrations have put the cornerstones of this approach in 
place, beginning with NIST foundational cybersecurity framework 
and cyber threat information sharing legislation. And then 
since then, many more new laws and activities and initiatives 
at Commerce, CISA, and the FCC. These precedent-setting 
initiatives all promise to advance industry leadership and 
government industry partnership for secure, reliable 
communications.
    Following recent attacks on SolarWinds and Colonial 
Pipeline, we are now entering a new phase. We must fully 
operationalize the foundational policies and partnerships 
developed over the past 15 years.
    I think the central question here is the crucial 
relationship between the ICT industry and the Federal 
Government. Will the future be prescriptive regulation or 
collaborative partnership?
    Today, I urge the subcommittee to consider exactly why the 
partnership will produce superior outcomes against the common 
threats we face. Government and industry must be on the same 
team to defend against the sophisticated adversaries that 
target all of us.
    As Mr. Boswell noted, the pandemic has shown that the ICT 
industry collectively constitutes our single greatest asset for 
secure, reliable connectivity. The ICT industry in the United 
States has the most sophisticated and well-resourced security 
operations in the world. During the unprecedented demands of 
the pandemic, when every single day it was Mother's Day or New 
Year's Eve with regard to communications traffic, the ICT 
industry's core interest in maintaining connectivity was an 
indispensable imperative. It always is. This industry 
imperative not only fully aligns with the U.S. Government's 
interest in network security, it is actually the foundation of 
defending that Government interest.
    That is why in those harrowing months when our world 
changed completely, the FCC, CISA, and many others turned to 
network operators to keep our society functioning. This 
collaborative effort was not a regulatory mandate. Nobody told 
industry what they had to do. Instead, Government officials 
were asking companies how the Government could help them keep 
our society connected. It was a partnership that was as urgent 
as the lifesaving and life-sustaining activities that depended 
on it, and it worked.
    This is the model for the future, because U.S. network 
operators and their trusted suppliers are the U.S. Government's 
most important partners in securing our Nation's networks.
    Unlike other critical infrastructure sectors, the ICT 
industry has been working with the Government on secure, 
reliable connectivity for decades, really going back to the 
height of the Cold War when President Reagan--under the threat 
of nuclear weapons disrupting our communications capabilities, 
President Reagan established the predecessors of today's 
government/industry partnerships.
    Put simply, the ICT industry knows how to work with 
government to ensure the security and reliability of the 
Nation's networks. Today's new challenges and opportunities 
call for deeper and more efficient partnerships to help network 
operators and their trusted suppliers defend the country.
    The ICT industry needs the Government to advance these 
partnerships, especially with Commerce, the FCC, and CISA. They 
need coordinated processes that leverage industry strengths, 
minimize duplication and turf battles, and maximize 
coordination and impact.
    When I was at the FCC in 2015, the communications sector 
provided an innovative path to this goal with groundbreaking 
CSRIC recommendations for FCC-DHS partnership with network 
operators. It was a new paradigm. It was industry-led 
cooperation with government, perhaps an idea before its time as 
it got bogged down in FCC-DHS turf wars. But it is not too late 
to get this right.
    Given the maturation of interagency processes, the 
increasingly clear authorities of Commerce and CISA, and the 
FCC's recognition that its most meaningful role is in 
supporting the interagency, the time is now ripe for the U.S. 
Government to work with the ICT industry to take big steps in 
securing our networks. The bills you are considering today can 
help us get there.
    I look forward to answering your questions. And thank you 
again.
    [The prepared statement of Mr. Johnson follows:]
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
 
    
    Mr. Doyle. Thank you, Mr. Johnson.
    We have now concluded opening statements. We are going move 
to Member questions. Each Member will have 5 minutes to ask 
questions of our witnesses.
    I want to thank both Ranking Member Latta and McMorris 
Rodgers for their brevity in their opening statements. Since I 
recognized it to the panelists, it is only fair that you get 
some--doesn't get you any extra time on your questions, but I 
just wanted to thank you.
    So I will start by taking 5 minutes for my questions.
    Mr. Brenner, you write that, even as Qualcomm continues to 
work on enhancing 5G, you have also begun to work on 6G in an 
early research-and-development phase, engage with NTIA 
regarding 6G, and are participating in industry groups to 
discuss the emerging standard. Tell me, how would a 6G task 
force at the FCC be useful to industry and to the country?
    Mr. Brenner. Thanks very much, Chairman Doyle, for your 
question. And I want to be very clear: We are in a very early 
phase of 5G. We have two versions of 5G that have been 
completed in the Sanders process. We are on our third-
generation modem. We are working on the third version, fourth 
version. So there is a long runway for 5G, but we work with 
tremendous urgency at Qualcomm. We are not holding our breath 
waiting for a task force. We are chugging along. So we have 
begun in an early phase to look at 6G, to begin working on it, 
and to get ready to start doing some early testing of it.
    So what I liked about your task force is--are two things: 
A, that it should be centered at the FCC. The FCC, at the end 
of the day, is going to have to allocate spectrum for 6G, and 
as I explained in my testimony, there isn't going to be 6G 
without spectrum, and the spectrum and technology interactions, 
they have got to take place at a very early stage. So that was 
point one.
    And then point two, siting. So you--in the bill, I noticed 
that one of the things that this task force would work on is 
siting. The 5G millimeter wave, which I referred to in my 
testimony, it delivers 5G 16 times faster than 5G in a lower 
band. So, you know, people all over the United States, in all 
of your districts, they should get 5G millimeter wave, but to 
do that, we do need more sites. And it is never too early to, 
you know, to have collaboration over where to put these sites 
so that States and localities don't just sort of wake up and 
say, ``Oh, my God, what this is 6G stuff?''
    Mr. Doyle. Sure. Just to put it in perspective, as the 
world began preparing for 5G, what components of leadership 
were necessary? And how long did it take between the start of 
5G development and 5G deployment?
    Mr. Brenner. Yes. That is also a great question, and I can 
certainly remember when 5G was on a whiteboard, and that is how 
all of our technologies start. You know, there is a--you know, 
and the other part of this is every government in the world 
wants their country to be the leader in 5G. You know, we are 
Qualcomm. As I said, we are based in San Diego, but we are a 
global company. We have offices everywhere. I have colleagues 
all over the world.
    So, you know, it is a 5-, 6-, 7-, 8-year process to design, 
test, and get global consensus around a wireless technology, 
and then, in parallel on our product side, get the chips ready 
to go so that, when the spectrum is allocated and the standard 
is finished, the chips can roll out into consumers' hands.
    Mr. Doyle. Well, thank you.
    Mr. Boswell, as you may know, last week, I introduced the 
FUTURE Networks Act, along with Congressman Johnson and 
Congresswoman McBath. Do you support that bill, and would you 
share your views on the importance of focusing on 6G while we 
role out 5G?
    Mr. Johnson. Thank you. As my colleague here----
    Mr. Doyle. Is your microphone on?
    Mr. Johnson. I am sorry. Wow, I will get this microphone--
it has been 15 months. Wow, this is like our new version of 
Skype and Teams' mute button, I guess, now.
    But, thankfully, if we had not already started on this race 
to 6G, frankly, we would already be behind, but industry has 
been investing heavily in this for quite a bit. Each cycle in a 
cellular generation is about 8 to 10 years. To give you a sense 
of how important 6G is to us at Ericsson, we are already hard 
at work on related research and testing to ensure a leadership 
position for the U.S.
    In addition to our own R&D, it is important to recognize 
different collaborative efforts, either with government or with 
others in the private sector. We are a founding member of the 
National Science Foundation RINGS program--that is the 
Resilient and Intelligent Next-Generation Systems program--
which seeks to accelerate research in areas with potentially 
significant impact on next-generation networking and computing. 
So that will be artificial intelligence, quantum computing, 
quantum cryptography, kilohertz spectrum, lots of different 
things that we will need to take advantage of 6G, not just make 
it go faster.
    There is also work we are doing with NSF's platform for an 
advanced wireless research program and the ATIS' Next G 
Alliance. All of these are very important to have private-
public collaborative partnerships to help advance 6G, and 
America is already on that path.
    Mr. Doyle. And, Mr. Boswell, I have to stop you there as my 
time has expired and I want to set a good example for my 
colleagues.
    Mr. Boswell. Thank you, Chairman.
    Mr. Doyle. The Chair now yields to the ranking member, Mr. 
Latta.
    Mr. Latta. Thank you very much, Mr. Chairman.
    And, again, thanks to our witnesses for being here.
    Mr. Brenner, if I could start my questions with you. 
Qualcomm has participated in 3GPP virtually since its inception 
in the late 1990s. A decade later, contributions made in 3GPP 
by the U.S. and like-minded countries helped America lead in 4G 
deployment. Today, Qualcomm and other trusted companies are 
working in 3GPP to continue work on the 5G and now 6G 
standards.
    Would you speak about the role the private sector and the 
role of government in making sure we are ready to lead in the 
6G here in the United States? And it is kind of interesting 
that there is across the witnesses and I think some of the 
questions you are going to hear today is about that private-
public partnership and working together and not having the 
heavy hand of government, I think, out there so you can all get 
out there and do what you need to do.
    Mr. Brenner. Thanks you very much, Ranking Member Latta. 
And, you know, Qualcomm wouldn't exist if there were a heavy 
hand in government. We started our first technology in 2G, and 
there were three 2G technologies and, fortunately, the FCC 
decided that they shouldn't pick the technology; let the market 
decide. And then our technology was able to lead the way into 
3G, 4G, and 5G. So we are very attuned to this question of what 
the proper roles are.
    The FCC--an FCC task force is not going to invent 6G. They 
are not going to design 6G technology. That is what we are 
going to do, not by ourselves, interacting with all of our 
partners all over the world, Ericsson, a zillion other 
companies. But what can government do? Well, our technology, as 
I explained, it can't get into the hands of a customer without 
spectrum. Our technology, we can't make a chip unless the 
Government support the semiconductor industry.
    So, you know, again, for sites, you know, you can have the 
greatest phone in the world, but if there is not a bay station 
that you can connect to, your phone is going to be, you know, 
unusable. Or WiFi access point.
    So government has a clear role. It is in the areas of 
spectrum, siting, and then closely interacting with the private 
sector. We don't want 5G to be a surprise to the FCC. It hasn't 
been. The FCC participates in 3GPP. Other parts of the U.S. 
Government--NTIA, the Department of Transportation, the Defense 
Department--they all need to know what these technologies are 
as they are evolving and being standardized.
    So that is really how I see the differing roles between the 
private sector and the public sector.
    Mr. Latta. Well, thank you.
    Mr. Johnson, you have worked on cybersecurity and supply 
chain issues in the communications industry across an array of 
roles in the Federal Government. There are a few bipartisan 
bills before us today led by Republican Members that seek to 
improve policy coordination and communication with the private 
sector. Do these bills strike the appropriate balance for the 
public-private sector responsibilities?
    Mr. Johnson. Thank you, Congressman. As I said, I think 
this is the central big-picture question of this issue, and I 
do think that the bills before us, not to take three--each 
one--but they all have that partnership and the interagency 
coordination in mind.
    We have grown up quite a bit since, you know, cybersecurity 
policies sort of became an issue in, say, 2006, 2007. It was--
at that point, DHS was brand new. The Commerce Department was 
not engaged in the same things that they are engaged in now, 
and the FCC's authorities were really--let's just put it 
bluntly--the FCC's relationship with the internet was a 
contentious issue.
    Now, we have a much more clear understanding of who can do 
what and how and how--most importantly, how they work together 
to maximize the industry's expertise, as Mr. Brenner said.
    Mr. Latta. Let me follow up. Do you have any suggestions--
in my last 51 seconds here, the chairman might have me drop 
through the floor--that we may consider strengthening public-
private partnership in advancing the U.S. communications 
security--and security?
    Mr. Johnson. I think this committee has--and kudos to you 
for putting these bills forward. I think this committee's 
emphasis on the Commerce Department is very important, and its 
emphasis on the FCC's activities and pulling in industry, for 
instance, through the CSRIC, is critical.
    The Commerce Department is a really interesting agency of 
government, and you think about--you think about an NSC meeting 
where you have 20 or 30 different representatives of all 
agencies of government, mostly security agencies, and then 
there is the guy or gal from the Commerce Department, who is 
the only person there that works for the Department, whose core 
mission is advancing U.S. business and innovation. That is a 
crucial part of securing our networks, and that voice is a very 
important part of the security environment.
    Mr. Latta. Well, thank you very much.
    Mr. Chairman, my time has expired, and I yield back.
    Mr. Doyle. The gentleman yields back.
    The Chair recognizes Mr. McNerney for 5 minutes.
    Mr. McNerney. Well, again, and I thank the chairman.
    I thank the witnesses. Your expertise is appreciated, and 
your willingness to work with us is also deeply appreciated.
    I want to talk about H.R. 4028 that I introduced along with 
Representatives Long and Spanberger. It is called the 
Information and Communication Technology Strategy Act, which 
you are considering today. It would require, among other 
things, the Commerce Secretary to submit a whole-of-government 
strategy to ensure competitiveness of trusted vendors in the 
United States.
    I think this bill is necessary to ensure that we are 
thinking about the future supply chain and what to do about the 
robust marketplace for communication equipment.
    So, Mr. Johnson, given your experience with the Federal 
Communications Commission, at the Commerce Department, within 
the interagency process of the National Security Council, you 
have a very unique perspective into the security capabilities 
of the communication networks. Why is the Commerce Department 
the best agency to take lead on this work?
    Mr. Johnson. Thank you, Congressman. I appreciate that, and 
I would like to acknowledge that one of the people that was 
core in building these foundations is your son, who was 
previously at the Defense Department, now an innovator in 
Silicon Valley. So he is part of this thriving ICT industry.
    Mr. McNerney. Well, thank you.
    Mr. Johnson. To follow up what I was saying before, the 
Commerce Department is unique in the Government. You might say 
the Small Business Administration does similar work. But as a 
Cabinet-level agency, it is the only agency whose core purpose 
and whose employees wake up in the morning trying to promote 
business and innovation, both in the United States and through 
U.S. companies worldwide.
    So it has--and I think Secretary Raimondo has already taken 
this charge. It has a core role in promoting the digital 
economy, which is core to the--obviously, to the cybersecurity, 
promoting digital services through the International Trade 
Administration, of course, spectrum issues and other 
telecommunications and internet policy at NTIA, and NIST is the 
world's experts in standards in technology. The Bureau of 
Industry and Security is playing an increasing role in 
preventing untrusted suppliers from being part of our markets.
    So I think the Commerce Department is crucial as part of 
this team to go along with the FCC and DHS CISA.
    Mr. McNerney. What are the special challenges then with the 
meeting whole-of-government strategy?
    Mr. Johnson. I think the challenges--not to be too glib 
about it, the challenge is that humanity is stovepiped and 
territorial. And so you have to--in order to create true joint 
interagency teams, you have to get past that sort of human 
weakness of people wanting to be in charge of things. Like I 
said----
    Mr. McNerney. Sort of the jurisdictional issues that we 
have here.
    Mr. Johnson. So that is a big challenge, but I will tell--
what I do think has happened is, in real world--and this why I 
go back to the pandemic and also response to SolarWinds, 
response to Colonial Pipeline--real-world necessities drive 
improvements, and we have seen that through WannaCry 4 years 
ago, through the Iranian DDoS attacks on our banks 8 years ago. 
Real-world activities force officials and agencies to get 
things right, and I think we have seen a lot of maturation in 
those recent years.
    Mr. McNerney. Well, I want to ask about CSRIC, but I only 
have 1 minute left. So I want to move on to another question.
    Mr. Srihari, you draw a distinction in your testimony 
between open RAN and open network architecture. Could you 
please elaborate on that a little bit? And I will be sending 
questions for the record.
    Mr. Srihari. Sure. Well, open RAN is a subset of open 
network architectures. Open network architectures refer to the 
concept of taking a traditional network element, like a bay 
station or a router, breaking it apart into its constituent 
pieces, and connecting those pieces through common interfaces. 
RAN is just the radio access network, the part where your 
mobile device connects to the tower. But there is also the 
transport, the backhaul to get the signal from the tower back 
to the core central office, as well as the core. All of those 
things can be open and disaggregated.
    And so when I speak about open network architectures, what 
I really mean is disaggregating and enabling competition by 
breaking apart all of the pieces of the network from end to 
end, not just the radio access network piece on the edge.
    Mr. McNerney. So I appreciate the chairman's discipline on 
time except when it is my turn to talk.
    And I yield back.
    Mr. Doyle. I thank the gentleman.
    The Chair now recognizes Mrs. Rodgers for 5 minutes.
    Mrs. Rodgers. Thank you, Mr. Chairman.
    Mr. Brenner, Qualcomm is a trusted company. Plays a large 
role in international standard-setting bodies like 3GPP. There 
have been efforts by this committee and across Congress to 
enhance participation by U.S. companies in international 
standard-setting processes in order to push back against 
adversarial countries trying to impose their policies on the 
rest of the world.
    Mr. Brenner, what is the role played by Huawei in these 
bodies? And how does their participation impact conversations?
    Mr. Brenner. So thank you for that question. It is actually 
a very complex question because of the fact that, you know, as 
a global leader in the wireless industry, we have interaction 
with every company in the wireless industry, including the 
company that you mentioned. We have those interactions for a 
couple reasons. One is at the end of the process, you know, we 
want to have Qualcomm chips get into smartphones and all those 
other devices I mentioned all over the world, including in 
China and other places where adversarial countries are based. 
We have a large group of employees who work in China too. And 
so we do need to make sure that our phone with a Qualcomm chip 
is going to work with infrastructure, no matter whether it is 
infrastructure made by whoever.
    On the other hand, in the standards process, you know, it 
is usually a meritocracy. The best technical ideas through a 
consensus-driven process are usually the ones that prevail. 
However, the geopolitics does, you know, enter into those 
things. There are, you know, times when, you know, when Huawei, 
when we don't have--you know, it is not like we have conflict 
with them over every single issue. And, in fact, it is a vast 
minority of issues in 5G, for example, where Huawei may have a 
different view than we do.
    And, you know, what we have to do is, you know, we don't 
have the option of just withdrawing and just taking our--you 
know, taking our toys and going home, so we have to interact 
with companies all over the world and convince them that the 
ideas that we have are the best ones to make the technology the 
best.
    Mrs. Rodgers. Right. So important.
    Mr. Boswell, last October, Sweden enacted a 5G equipment 
sales ban against Chinese companies Huawei and ZTE, following 
suit taken by actions in the United States to secure our 
networks from foreign bad actors. Just last week, the Stockholm 
administrative court upheld this action. Over the last several 
months, it has been reported that your CEO lobbied against this 
ban in Sweden, which runs counter to the actions taken by the 
United States to push allied countries to remove this 
equipment.
    Given the topic of today's hearing, I am concerned that 
Ericsson, one of the top trusted vendors in the United States, 
appears to be taking a different position on Huawei than the 
U.S. Government. How does Ericsson engage with Huawei when 
discussing cyber security or developing standards for 
equipment? And do you agree that Huawei equipment poses a 
national security threat in our networks?
    Mr. Boswell. Well, I can't speak for--and I would like to 
point out I figured out the mute button thing, by the way. Yes, 
but I can't speak for any government, foreign or domestic. I am 
not a diplomat. I am an engineer. My job is to secure networks, 
secure our solutions, and to secure U.S. infrastructure, 
frankly. We don't source anything from Huawei or ZTE, so I 
can't speak to specifics on that.
    As far as what Mr. Brenner mentioned about standards 
bodies, of course, we work with dozens or even hundreds of 
companies across different standards organizations, but I am 
afraid that is all I can comment on about that.
    Mrs. Rodgers. This committee has a history of working 
together, especially when it has come to enhancing our network 
security. We worked together to pass the Secure and Trusted 
Communications Network Act to get Huawei out of our networks. 
Just last year, we worked to pass the U.S. Telecommunications 
Act to promote the development of open RAN compatible 
technology. While open RAN shows promise to increase vendor 
diversity, we also recognize it is a new concept.
    So, Mr. Boswell, I just would like you to comment on H.R. 
4032. So that is the legislation before the committee, the Open 
RAN Outreach Act, which would establish a government office to 
provide technical assistance to smaller companies interested in 
deploying open-RAN-compatible technologies. And what role do 
you think the Government should play in the development of open 
RAN?
    Mr. Boswell. Well, I only have about 8 seconds----
    Mrs. Rodgers. Yes.
    Mr. Boswell [continuing]. I see here.
    Mrs. Rodgers. Yes.
    Mr. Boswell. So perhaps I will submit an answer for the 
record for that, or I could continue.
    Mrs. Rodgers. OK.
    Mr. Doyle. That will be fine. You can submit it for the 
record.
    Mr. Boswell. Thank you.
    Mr. Rogers. Thank you very much. I yield back.
    Mr. Doyle. The Chair now recognizes our first remote 
witness. Ms. Clarke, you are recognized for 5 minutes.
    Ms. Clarke. Thank you very much, Mr. Chairman, and let me 
thank our witnesses for participating and lending their 
expertise.
    My question is for Mr. Johnson. In addition to having the 
privilege of serving on this committee, I also serve on the 
Homeland Security Committee as chair of the Cybersecurity 
Infrastructure Protection and Innovation Subcommittee.
    During the decade and a half that I have served in 
Congress, I have observed malicious cyber activity grow more 
sophisticated and more frequent. An effective defense requires 
a full-court press, and there are appropriate roles and 
responsibilities for agencies across the Federal enterprise.
    To defend critical infrastructure, PPD21 directs the 
Secretary of Homeland Security to coordinate the overall 
Federal effort to promote the security and resilience of the 
Nation's critical infrastructure in partnership with sector 
risk management agencies which have more subject matter 
expertise.
    I want to make sure that the legislation we are considering 
today supports that important model because it prevents silos 
and stovepiping.
    Can you weigh in on the value of both DHS as a central 
coordinator for critical infrastructure protection and on the 
importance of sector risk management agencies? How should 
Congress continue to develop those roles and to assure that the 
full capabilities of the Federal enterprise are more 
effectively brought to bear to defend our critical 
infrastructure?
    Mr. Johnson. Thank you, Congresswoman, and that is--and I 
also honor your service on the Homeland Security Committee. You 
have been a great leader on these issues for many years, and I 
think that is a core question.
    Just to lay out the PPD21 process, DHS and now through CISA 
is what is called the sector-specific agency for the 
communications sector. It is also the sector-specific agency 
for the IT sector. And similar to how the Treasury Department 
is a sector-specific agency for financial services, it is not a 
regulator.
    The regulator in the space, in the communications sector 
is, of course, the FCC. There is not really a regulator for the 
IT sector except to the extent that some of the IT sector's 
work feeds into the communication sector through enforcement 
actions at the FTC. So that sector-specific agency, DHS and FCC 
relationship, is absolutely crucial.
    And I know from my time at the FCC that a regulatory agency 
can either be a great enabler of that partnership, both between 
the sector-specific agency and the regulator and between the 
Government and industry, or it can altogether block it. And I 
think to answer Congresswoman Clarke's question directly, it is 
crucial to have that sector-specific agency regulator and then 
contributing agencies like Commerce. I have mentioned NIS and 
NTIA and even ITA and BIS. It is crucial to have those 
relationships crystallized, clear, everybody knows what 
everybody is doing, and maybe as importantly, everybody knows 
what certain folks are not supposed to be doing so that--and it 
is not about lanes. It is about a team.
    So I think--forgive the football metaphor, but football 
season is approaching. Every position needs to know its unique 
role and unique value add and work together. And I think it 
starts with the sector-specific agency, but it also includes 
the FCC and the Commerce Department as well as others like FBI 
and other IC elements.
    Ms. Clarke. Very well. Well, let me be the first to yield 
back major time, Mr. Chairman. I yield back.
    Mr. Doyle. I thank the gentlelady.
    Oh. Mr. Scalise has joined us, and Steve, you are up next. 
You have 5 minutes.
    Mr. Scalise. Well, thank you, Mr. Chairman, and good to be 
back in the committee in person, as well as Ranking Member 
Latta. I appreciate you having today's hearing and bringing up 
the piece of legislation that I drafted along with 
Congresswoman Eshoo, and I know she is here as well. I want to 
thank Congresswoman Eshoo on partnering with me on this 
important piece of legislation.
    Our bill, H.R. 3919, which is the Securing Equipment Act, 
stops the threat of China from infiltrating our networks by 
prohibiting the FCC from issuing equipment licenses to Chinese 
companies that are identified as national security threats--not 
all companies, but companies that have made that distinction 
that the FBI or the FCC has now identified as national security 
threats.
    In 2019, our committee worked in a bipartisan manner to 
help address the threat of China by passing the Secure 
Entrusted Communications Network Act of 2019. That landmark act 
instructed the FCC to do a few things; among those, publish a 
list of telecommunication equipment deemed to be a national 
security threat, prohibit the use of Federal funds for 
purchasing equipment made by those companies, authorize funding 
for U.S. carriers to rip and replace equipment that was made by 
those companies.
    So earlier this year, the FCC did what they were instructed 
to do, and they, in fact, published this list. This is the 
first list that has come out. It lists five different companies 
that are on this national security threat list. Every company 
on this list has ties to the Chinese Communist Party with the 
Chinese Government having ownership in many of them. Clearly, 
you can see why that was a concern that the FCC identified. We 
also know all too well that the CCP wastes no opportunity to 
expose our vulnerabilities and to undermine our national 
security.
    While the 2019 law took a major step in getting compromised 
tech out of U.S. networks, U.S. carriers can still provide 
privately purchased equipment from these listed companies on 
the open market, so these companies can still sell to American 
companies where that data can be controlled by the Chinese 
Communist Party. Since all of those companies are subject to 
Chinese national security laws, at any point the Chinese 
Government can choose to exploit them for espionage, tapping 
into their access in U.S. networks to gain critical information 
on individuals and sensitive government information.
    As we expand our 5G networks and heavy data flows and the 
critical technologies that rely on these networks such as 
driverless cars and the Internet of Things, any existence of 
compromised technology poses a grave threat to our national 
security. Our bill seeks to further improve on the 2019 law. By 
prohibiting the FCC from issuing any equipment license to these 
companies, our bill adds an extra layer of security and puts a 
full stop to Chinese equipment from these threatening companies 
that are threats to our network. I look forward to having a 
full markup on this bill and moving it to the floor so we can 
better protect our networks.
    And I also want to ask, Mr. Chairman. I will start with 
you, Mr. Johnson. As we look at the 2019 law that, among other 
things, directed the FCC to create this list which they now 
have done, these companies have had to do some things that are 
very, very alarming to be included on this national security 
threat list.
    When you look at this proposed legislation by myself and 
Congresswoman Eshoo, do you think this gives an extra layer of 
protection to the FCC as we know lawsuits are going to come, as 
lawsuits have come by companies from other protective measures 
that our committee has passed so that the FCC has the ability 
to back up their actions, to back up this list by then 
following through and saying you are not going to be able to 
sell--companies that are threats are not going to be able to 
sell in the United States these jeopardized products?
    Mr. Johnson. Thank you, Congressman. I really appreciate 
that question, and I think it has been noted the cognitive 
dissonance of the ban on Huawei and ZTE for subsidized U.S. 
networks, but the legal availability of Huawei and ZTE 
everywhere else in the U.S. market has been noted.
    Mr. Scalise. And we see Huawei and ZTE challenging some of 
those laws as well.
    Mr. Johnson. Of course. I will note the Fifth Circuit 
upheld the dismissal of the Huawei suit, I think last week, so 
probably on pretty solid legal ground as of now. Certainly, a 
statute backing up the FCC's authority would bolster that 
authority, and especially for something that is such--this is a 
very profound power that the FCC would have through this.
    I love all my friends in the equipment authorization world, 
but it is a somewhat obscure radio frequency interference-based 
administrative law process. And so the power for the FCC to be 
able to block major companies altogether from the market is 
profound, and I think that underscores the importance of having 
fulsome processes from elsewhere in the Government that feed 
into those designations as has happened with the five companies 
that are mentioned first in the NDAA.
    Mr. Scalise. Thanks. I know we are out of time.
    Mr. Doyle. The gentleman's time has expired.
    Mr. Scalise. So hopefully by passing the Securing Equipment 
Act, we can address this problem and others.
    And, again, thank you, Mr. Chairman, for allowing us to 
come up. I yield back.
    Mr. Doyle. Thank you. The gentleman yields back.
    The Chair recognizes Mr. McEachin, who is joining us 
remotely. Yes. Five minutes.
    Mr. McEachin. Thank you, Mr. Chairman, and thank you for 
your very fine leadership in calling today's hearing.
    Just to jump right onto it, Mr. Srihari, again, thank you 
for your appearance today. We have already had a little bit of 
a conversation about the creation of a 6G task force, which I 
think is crucial to helping the Federal Government meet the 
policy challenges that will come with future generations of 
wireless technology before they create a bottleneck.
    Are there other things that we can do to make sure the U.S. 
leads the way domestically, and potentially, equally as 
important, internationally?
    Mr. Srihari. Thank you very much, Congressman, for the 
question. So my colleagues have talked a little bit about the 
6G issue and the legislation before you today on the 6G task 
force. When we talk about international activities, there is no 
doubt.
    The Europeans have created a consortium, I think it is 
called Hexa-X, that is focused on the creation of 6G that is 
bringing together European industry stakeholders from the 
operator and vendor community, and they don't shy away from 
saying that the purpose there is to make Europe the global 
leader on 6G technology.
    And, meanwhile, in 2019 China came forward with an 
announcement saying that they wanted to start an R&D initiative 
on 6G. And at the time, some people thought that that was 
really hyperbole and that it was too early, but nobody, I 
think, is questioning that now.
    And while we do want industry to take leadership on these 
issues, I think having a coordinated public-private partnership 
effort that puts the U.S. in the game on 6G institutionally 
would be a good thing to do.
    Mr. McEachin. Thank you for that.
    Mr. Boswell, for trusted suppliers, how do we leverage our 
international allies to ensure a diverse global market of 
trusted suppliers?
    Mr. Boswell. I am sorry. Could you repeat that, please? It 
was a little hard----
    Mr. McEachin. I might even say it more succinctly. How do 
we leverage our international allies to ensure the diverse 
global market of trusted suppliers?
    Mr. Boswell. It is important for us to work with U.S. 
allies and other representatives as it is a global marketplace 
that we are selling into in a global economy as well as from a 
technology perspective.
    As we build out technology, it really--the scale that is 
involved there and the need to protect critical infrastructure 
is something that we are all facing. It is a global security 
issue, not just a domestic one. So we do have to continue to 
advance the adoption of different guidelines that enhance the 
protection of end users as well as the privacy of end users by 
deploying networks that rely on secure and trusted suppliers 
and a trusted supply chain, not just individual technologies or 
specific architecture type.
    Being first in 5G for the U.S. is not only an economic 
award that we are striving for, it is also a meaningful step 
forward in national security. We must continue on that path 
with our allies.
    Mr. McEachin. Thank you for that.
    Mr. Chairman, I am going to try to stay on your good side 
and yield back a whole batch of time.
    Mr. Doyle. Thank you, Mr. McEachin. The gentleman yields 
back.
    The Chair recognizes Mr. Guthrie for 5 minutes.
    Mr. Guthrie. Thank you, Mr. Chair. I appreciate the 
recognition.
    And my first question is for Mr. Boswell. In our last 
hearing in April, we discussed the concept of open RAN. And we 
heard from witnesses about the challenge of integrating certain 
network components into their networks, particularly for 
smaller providers.
    So my question is, what steps is Ericsson taking to work 
with small providers? And what role, if any, should Congress 
have in facilitating the deployment of open RAN compatible 
technologies?
    Mr. Boswell. Small providers make up really the backbone of 
everything throughout the country. It is not just three, four, 
or five big carriers, right? It is everybody working together 
to build that connected network.
    Ericsson has had a long history in this space. We serve 
over 150 rural and regional carriers across much of the U.S. 
Eighty percent of our customers in that space have been with us 
for over 10 years, so we have worked with them through that 
transition from 2G to 3G to 4G.
    Some of them are just now getting to 4G and rolling out 
LTE, so moving towards 5G is a big deal for them.
    Mr. Guthrie. What role should Congress have in this?
    Mr. Boswell. Well, it is important to reinforce what groups 
like the CSRIC are able to do. We recently in some work in this 
most recent CSRIC, in working group II, provided guidance 
specifically aimed at some of those smaller carriers that are 
going through a transition from 4G to 5G on what some best 
security practices are.
    Mr. Guthrie. I do have a second part. I just want to make 
sure I get to my--and so it is kind of what our Republican 
leader asked, so maybe you can answer here or provide her the 
information that she asked, I guess.
    But H.R. 432, which is the Open Outreach Act which creates 
the office at NTIA to provide technical assistance to small 
networks--so my question for you and then Mr. Srihari, if you 
will comment as well.
    So first for Mr. Boswell: What guidance would you give to 
NTIA if it were to establish such a program and the scope of 
the legislation that may make the program more successful?
    Mr. Boswell. Well, yes, I think so. There are pros and cons 
to any technology that we are trying to element, in particular, 
when we are talking about critical infrastructure where we 
really have to get it right all of the time. There could be 
increased complexities or life cycle challenges or even 
security issues that some of the smaller operators maybe aren't 
considering or were aware of.
    So I am concerned that as it currently stands in the 
language, the bill focuses mainly on the benefits of open RAN, 
of which there are many. While Ericsson recognizes that these 
small providers may need more assistance than some of the 
larger carriers, government policy should really be technology 
neutral and not focused on any one technology type or 
architecture type.
    Each particular provider should decide which technology is 
best for them without influence from the Government but also 
with the right amount of input and information in context.
    Mr. Guthrie. Can I get Mr. Srihari? I have one got more 
question after this that I want to make sure I get to. So, Mr. 
Srihari.
    Mr. Srihari. Yes. On the operator education, I would tell 
NTIA a few things. First of all, to lift up the stories of an 
operator like Inland Cellular in northwest Idaho and 
Washington, I think, that is already deploying it. I would 
introduce them to operators around the world that are deploying 
open RAN overseas already.
    I would introduce them to systems integrators, including 
American companies, who are leading the way in open RAN network 
deployments around the world. I would do more things like the 
FCC operator showcase that they are holding in 2 weeks.
    I would consider maybe pairing it with the C script program 
that educates small operators on untrusted vendors and getting 
that equipment out, and combine those programs. I think there 
is a lot they could do.
    Mr. Guthrie. All right. Thanks. I want to get one more 
question, hopefully time for an answer. So now that Congress, 
Mr. Boswell, has appropriated funding for secure and trusted 
networks reimbursement programs, small and rural carriers are 
hard at work preparing to rip and replace untrusted gear from 
their networks.
    But to keep these networks running is more of a rip than 
replace--more replace than rip. We have heard some about 
concerns for potential delays caused by permitting processes. I 
have H.R. 1053 to help the permitting process speed up by 
replacing equipment that poses a national security threat.
    Mr. Boswell, would streamlining modifications of the 
existing infrastructure help promote the deployment of 5G and 
secure our networks?
    Mr. Boswell. Yes is the answer.
    Mr. Guthrie. He could have waited for 3 seconds.
    Mr. Boswell. It absolutely would. No. There is many factors 
to consider there, but truly, we have to maintain the pace and 
not forestall deployments. Don't let perfect be the enemy of 
good.
    Mr. Guthrie. It is already permitted. We are just replacing 
the equipment and so going through the permitting process.
    Mr. Boswell. In some cases, that can add an additional 90 
days to an application process. In a lot of different States, 
that process to review a simple antenna installation can be as 
arduous as a developer with a new building of an apartment 
complex.
    Mr. Guthrie. Right.
    Mr. Boswell. So we need some common sense to apply there.
    Mr. Guthrie. Thank you, Mr. Chair.
    Mr. Doyle. The gentleman's time has expired.
    The Chair recognizes the chairman of the full committee, 
Mr. Pallone, for 5 minutes.
    Mr. Pallone. Thank you, Chairman Doyle.
    I wanted to start with Mr. Srihari. As you know, Congress 
has already been very active in supporting ways to make our 
wireless infrastructure and its supply chain more secure 
through the Secure and Trusted Networks Act and the USA 
Telecommunications Act, which still needs funding.
    But in your written testimony, you note that open 
architectures could reduce the global grip of Chinese firms on 
the market and provide other advantages to both large and small 
providers. Could you explain what some of those advantages 
might be, if you will.
    Mr. Srihari. Sure. Thank you for the question, Mr. 
Chairman. I would begin with greater flexibility. You avoid the 
problem of vendor lock in if you are an operator, especially a 
small operator, from being locked into one particular vendor.
    You also get more flexibility in terms of where you house 
network functions out on the edge, on the towers, or in the 
core of your network. Also lower costs.
    We have seen evidence that open RAN deployments can be more 
cost effective than traditional deployments. The gradual 
upgradability over time--software-based upgrading rather than 
hardware rip and replacements--that can lower costs. New 
innovation, new technology through artificial intelligence and 
machine learnings do things like automated threat detection.
    Stronger security, energy efficiency. There are a number of 
these kind of technical benefits as we think about networks not 
just as a box that you deploy every 10 years but switching to a 
software virtualized ecosystem that is going through a cycle of 
constant--continuous improvement and continuous development.
    Mr. Pallone. All right. Thanks.
    Let me go to Mr. Boswell. You refer in your testimony to 
Ericsson's ongoing work in the FCC CSRIC and that Ericsson has 
been engaged across several working groups in the most 
iteration of CSRIC focused on the 5G security, and one of the 
bills we are considering today would make CSRIC permanent.
    So do you have a view on why making CSRIC permanent could 
be good for industry and good for the country as a whole?
    Mr. Boswell. Yes, I do. Actually, I have two comments. 
First, I would like to address Mr. Srihari's comments about 
some of the benefits there and just add some clarification that 
many of those benefits listed are not unique to an open RAN or 
even open system architecture.
    3GPP has long been an open and interoperable system. And, 
furthermore, from a software development or software 
upgradability standpoint, when Ericsson rolled out radios, tens 
of thousands of radios across the U.S. as long as 5 years ago, 
those have been upgradable to 5G with over-the-air software 
updates since we put them in, so much of that is not unique.
    My time on CSRIC has been very well spent and very enjoyed, 
in particular with gentlemen like Faruq at Qualcomm. I very 
much enjoyed working with him in the past. I have firsthand 
knowledge of the importance of the work that CSRIC does. And 
this bill that you have talked about, it recognizes the 
significance of that task.
    And in some cases, it is bleeding-edge or cutting-edge 
things that we are doing for new roles like network slicing or 
5G standalone networks or how to enhance E911, and those are 
great. That is new best practices for cutting-edge things.
    But we also, as I mentioned before, we have taken a look at 
things like, well, how can we help smaller operators that are 
transitioning from 4G to 5G. This is a big leap. It is a 
completely different kind of architecture. It is a software-
based infrastructure.
    For many of them, it is just a brand new world. And so one 
of the working groups specifically this past CSRIC looked at 
how to secure that transition to keep them secure throughout 
that process. So we really look at both ends of it.
    I think it is very important to formally codify and 
recognize the work that CSRIC does.
    Mr. Pallone. Thank you.
    And then, Mr. Brenner, you write in your testimony about 
the Emergency Broadband Benefit, which will provide discounted 
connectivity and equipment to about 3 million low-income 
households, and the Emergency Connectivity Fund, which provides 
devices and connectivity to millions of K through 12 students, 
and I am very proud of that work.
    But in light of what I hope will be millions of devices 
getting to kids and families across the country very shortly, 
can you explain why it is important to make sure that those 
devices come from trusted vendors and describe how the 
Government and industry can work together to make that happen, 
to ensure that?
    Mr. Brenner. Sure. Thanks very much for the question, and I 
am very excited about both the ECF and the EBB programs. In 
addition to giving a shoutout to this subcommittee for the 
programs, Acting Chair Jessica Rosenworcel over at the FCC has 
done a tremendous job of not only meeting the deadlines but 
forging bipartisan consensus on the rules for both of the 
programs and then having this hugely successful rollout.
    The short answer to your question, Chairman Pallone, is, 
you know, devices that have a Qualcomm chip inside, whether it 
is a smart--whether it is, in this case, a laptop, a tablet, a 
fixed wireless device, a modem, or a router, we spend a fortune 
to ensure that our devices that have our chip inside are 
secure, are reliable, can be trusted.
    We work with every device manufacturer in the world to make 
sure that--to constantly test. When there are issues spotted, 
we, you know, pounce on them immediately. So it is obviously 
crucial for these programs to be successful.
    And I think, you know, we would like to see for sure and 
hopefully for these programs, you know, to become permanent, 
that the devices be absolutely reliable and secure, and I have 
every confidence that that is happening.
    Mr. Doyle. The gentleman's time has expired.
    The Chair now recognizes Mr. Kinzinger for 5 minutes.
    Mr. Kinzinger. Thank you, Mr. Chairman. I thank our 
witnesses for being here. Appreciate it.
    Over the past few months, we have seen rampant cyber 
attacks that have disrupted businesses, increased consumer 
cost, and threatened our national security. Cyber attacks are 
on the rise here in the United States, and since the pandemic, 
attacks have increased dramatically. In fact, a cyber attack 
happens every 39 seconds.
    Perhaps an even more shocking statistic is that 95 percent 
of cybersecurity attacks are due to human error. As cyber crime 
becomes a growing threat in a post-pandemic world that is 
becoming increasingly more digitalized, businesses and the 
public alike need to be prepared. That is why I introduced H.R. 
4055, the American Cybersecurity Literacy Act, with multiple 
colleagues on this committee.
    This bipartisan bill would require the NTIA to establish a 
cyber literacy campaign to help promote understanding of how to 
stay safe online and prevent successful cyber attacks. This 
campaign will include lessons on how to identify malicious 
phishing emails, the need to change passwords often and use 
multi-factor authentication on sensitive accounts, and 
highlight cyber risk posed by the use of publicly available 
WiFi hotspots, among other issues.
    I believe commonsense legislation like this bill that 
promotes cyber awareness and education are critical steps as we 
gear up to fight back against cyber crime.
    Mr. Johnson, I want to ask you. Much of the legislation we 
are considering today is focused on cybersecurity. For example, 
H.R. 4046, the NTIA Policy and Cybersecurity Coordination Act, 
introduced by Representatives Duncan and Wild, would codify 
NTIA's cybersecurity office and require it to coordinate and 
develop policy regarding the cybersecurity of our 
communications networks.
    Further, H.R. 4055 introduced by myself, Representative 
Eshoo, Representative Veasey, and Representative Houlahan would 
require NTIA to develop and conduct a cybersecurity literacy 
campaign to educate U.S. individuals and businesses about 
common cybersecurity risks and practices.
    How would these additional tools build on NTIA's existing 
work in cybersecurity, is it an appropriate agency to 
administer these functions, and are there any additional tools 
we should consider?
    Mr. Johnson. Thank you, Congressman. That is a great 
question and a very important issue, I think, especially 
following the Colonial Pipeline attack. Not that any government 
initiative, literacy initiative could have prevented that, but 
just the fact of gas price spikes and cars lined up to get gas, 
for instance, in my home State in Georgia, it brought it home 
to voters and consumers in a way probably no other cyber attack 
ever has. So I think there is a greater awareness among people 
and businesses.
    NTIA certainly has--and Commerce, more broadly, but NTIA in 
particular--certainly has an important role in this. As I was 
saying earlier, the Commerce Department--and often represented 
by NTIA and interagency discussions--is the only agency in 
government that talks about cybersecurity from the standpoint 
of a thriving digital economy. So--and that goes from consumers 
on devices to businesses in e-commerce and really throughout 
the economy.
    And so promoting economic development and business 
innovation is at the core of what NTIA does, so they have a 
value. They have a valuable perspective to add on anything that 
has to do with how consumers and businesses should operate.
    The only thing I would add is that DHS has done quite a bit 
of work on this as well, and so has the FTC. In my view, just 
to hit the drumbeat again, the core--we just need to have a 
coordinated full-court press, I think, as Representative Clarke 
put it. NTIA should be part of that. It should not replicate or 
it should not duplicate, rather, other parallel efforts and 
certainly shouldn't conflict, but NTIA, that is a lean, mean, 
fighting machine, as Dileep mentioned. They have a lot to 
offer, and they have a unique perspective.
    Mr. Kinzinger. Let me ask you too. We have made strides in 
removing untrusted equipment in our networks, but there is a 
lot we need to do to secure 5G, especially with Internet of 
Things and software in the wake of the ransomware attacks, 
SolarWinds, Colonial.
    We need a strategy to protect that infrastructure. What 
should Congress be doing to ensure we stay ahead of our 
adversaries when it comes to preventing those?
    Mr. Johnson. I addressed this in my opening testimony. I 
think the core thing--and Congress has done this and should 
continue to do--it is promote an industry-led partnership with 
government. These network operators and their trusted suppliers 
have been doing this as a core business imperative for decades, 
and they are the core. They are the indispensable element of 
defending our country.
    Mr. Kinzinger. Thank you. I have others I will submit, but 
I will yield back, Mr. Chairman.
    Mr. Doyle. OK. The Chair recognizes Mr. Veasey for 5 
minutes, joining us remotely.
    Mr. Veasey. Mr. Chairman, thank you very much, and I want 
to thank the witnesses for being here today.
    Obviously, security breaches are occurring more and more in 
the United States, and we need to make sure companies and our 
Government are doing everything that we can to protect 
citizens, but it is also important to give America a better 
understanding of how they can properly protect themselves 
online.
    I am proud to have my bipartisan bill, the American 
Cybersecurity Literacy Act, which will provide Federal 
resources to educate constituents on how to do everything from 
properly identifying secure websites to knowing about the 
potential cyber risks of using publicly available WiFi 
networks. Ensuring that all Americans have tools to protect 
themselves against harmful cyber attacks makes all of us safer 
in the long run.
    Mr. Johnson, I know you had a wide array of experience 
here, so I wanted to ask you: Do you have a sense on where the 
public is in general on the cybersecurity awareness?
    Mr. Johnson. As I just spoke with Congressman Kinzinger, I 
think there is a lot more awareness after the Colonial Pipeline 
attack than there was before in terms of cybersecurity being a 
day-to-day consumer and, frankly, voter issue. We have a long 
way to go, and I think the key is to making these steps 
concrete.
    The problem with cybersecurity is it is all abstract, and 
if you are not a computer scientist it is hard to understand 
how these 1's and 0's could affect your life. So I think it is 
a matter of making simple--cyber hygiene is a term that is 
often used.
    These simple steps like multifactor authentication make it 
clear to consumers and citizens what they need to do to secure 
their devices and their networks, and they will learn how to do 
it.
    Mr. Veasey. So, you know, that brings me to the next 
question I want to ask you. What sort of awareness, or not 
awareness, but do you have--do you or anyone else on the panel, 
for that matter, just have a sort of a basic understanding of 
how prepared the public is to protect themselves against cyber 
attacks?
    Are there any statistics out there that shows what 
percentage of Americans are actually, you know, sufficiently 
prepared to truly protect themselves and understand all the 
risks and dangers out there? And, again, anyone on the panel 
can answer.
    Mr. Johnson. I will just say there are a number of polls 
and studies like that. I don't think there is any one single 
answer because of the nature of the questions----
    Mr. Veasey. Yes.
    Mr. Johnson [continuing]. That would need to be asked. 
Maybe a different indicator that might help get us there is the 
role that CEO--that C-suite executives and boards, their 
awareness and their activity on cybersecurity has dramatically 
increased in recent years.
    And so I can get you specific numbers on that, but that may 
be a leading indicator as to how everyday consumers are 
increasingly prepared. But we have a long way to go, I think, 
on both matters.
    Mr. Veasey. No. Absolutely.
    Anyone else have any thoughts on that?
    Mr. Boswell. Sure. This is Jason from Ericsson. I will 
comment on that. As the proud father of a 9-year-old daughter, 
I am sure she would tell you that she is more than capable and 
deserves a cell phone and wants to be online more and more, but 
if she is watching, the answer is still no. It is a mutual 
responsibility to have an awareness of being online and knowing 
how to conduct business.
    These used to be the kinds of things that we would teach 
our children when we taught them how to write a check in a 
checkbook or have responsible fiscal duties at home. That 
extends into now responsible activity online. But, frankly, I'm 
not sure that we have ever faced such a convergence of this 
technology opportunity that we have heard about today with 
potential critical impacts.
    I have been in this business for several decades and was 
around for the Mirai botnet attack, the Target breach, of 
course, SolarWinds which now has brought a lot of visibility to 
it, but those impacts are really measured in terms of loss of 
dollars and lost time and lost information.
    Compromising the future is going to lead to loss of 
essential services or national assets or even loss of life, so 
it is up to companies like ours to get it right for the 
American people.
    Mr. Doyle. OK. The gentleman's time has expired.
    And the Chair now recognizes my fellow Pittsburgh Pirate 
fan--but that only still gets you 5 minutes, Gus. You are 
recognized.
    Mr. Bilirakis. OK. We never give up, and the Bucs are going 
to be good next year. That is for sure.
    Almost since its inception--I want to thank the witnesses 
as well--there have been concerns about the cybersecurity and 
privacy risks associated with the TikTok and other Chinese-
owned apps. A recent article titled ``TikTok insiders say 
social media company is tightly controlled by Chinese parent 
ByteDance.''
    It highlighted stories from former TikTok employees about 
China's control over the company's operations as well as 
information usage. These former employees mentioned that there 
existed a userwide list that detailed likes and hashtag uses.
    Additionally, cybersecurity experts warn that TikTok's 
level of information collection creates risk of propaganda 
spreading to influence American app users as well as potential 
blackmail for young users who will grow up to be America's 
future leaders.
    A foreign power with this much individualized access is a 
scary thing, indeed, in my opinion.
    So, Mr. Johnson, with this backdrop in mind, approximately 
41 percent of TikTok users are between the ages of 16 and 24. 
To your understanding, how knowledgeable are our young people 
that all of their actions as TikTok users are being cataloged 
by China and will potentially be used against them as they 
mature? And I know this is a very serious issue. If you could 
respond, I would appreciate it.
    Mr. Johnson. Thank you, Congressman. Also as a father of an 
11-year-old and an 8-year-old and a 2-year-old who is a long 
way away from this, I am also very concerned about that, about 
data collection from apps in general, but particularly TikTok 
for the reasons that you have outlined.
    In the worst-case scenario, TikTok could be developing not 
just individualized, you know, portfolios of individual people 
but an aggregate big data set of I think 100 million Americans 
that could be used for all sorts of nefarious purposes, 
including--well, I will stay away from the intelligence 
capabilities, but the bottom line, I am also very worried about 
that, very concerned about that as well.
    Mr. Bilirakis. Thank you. These concerns from TikTok 
whistleblowers proves the point we need a literacy campaign to 
educate the public on cybersecurity risks which should include 
the dangers of adversarial countries, their data collection and 
intentions.
    So, H.R. 4055--actually, the main sponsor is my friend, Mr. 
Kinzinger, but I am on there as a colleague along with others, 
Representative Eshoo and others--but it would provide the 
needed public literacy by establishing a consumer-facing 
campaign about common steps that will improve awareness of 
potential risks and hacks. We could spend a lot of time and 
money keeping Chinese equipment out of our communication 
networks, but if users are unwittingly sharing information with 
our adversaries through their devices, we are not closing the 
loopholes, in my opinion.
    So the question again for Mr. Johnson: How would this bill, 
this particular bill--and I know you have reviewed it--help 
improve the security of our networks?
    Mr. Johnson. And just to echo what I said to your 
colleague, I think the biggest value add is having the 
commercial business digital economy perspective that Congress 
and NTIA offers on these issues and recognizing that there are 
a hundred million Americans who want to use apps like this, 
like TikTok and others.
    That is a reality that we have to deal with and have to 
hopefully leverage in order to promote security awareness, 
particularly among these young--our young people.
    Mr. Bilirakis. I want to make a point. I hope my kids are 
listening as well. Thank you, and I yield back the rest of my 
time. Thank you, Mr. Chairman. Appreciate it. Go Bucs.
    Mr. Doyle. The gentleman yields back.
    The Chair recognizes Mr. Soto for 5 minutes.
    Mr. Soto. Thank you so much, Chairman, and what an 
important topic we are talking about today, something that is 
sort of the battlefront of the 21st century when we think about 
SolarWinds, Colonial Pipeline, JBS.
    We keep on seeing stories over and over, right, of breaches 
both in the highest levels of government and in some of the 
most sophisticated companies that we have in the United States, 
and it shows that we have to evolve. And, Chairman, I want to 
applaud you because when I look at the list of bills today, and 
they are very much bipartisan.
    I know we find ourselves debating all these different 
issues, but this is something we are united on, that we have to 
step up our cybersecurity and that we have to protect our 
infrastructure from the threats, primarily abroad, that we're 
seeing.
    Right now, we are debating a bipartisan infrastructure 
package, the American Jobs Plan, and we saw a bipartisan 
breakthrough. And part of building back better, part of the 
American Jobs Plan, is more than just the physical 
infrastructure. It is the technological infrastructure. It is 
making sure that we are bringing certain industries back home 
that are critical to our national security like 
telecommunications.
    In central Florida, we are making microchips and we are 
making semiconductors, and we know with telecommunications 
there is going to be more and more of a push to bring both 
that, pharmaceuticals, personal protective equipment--we have 
always done it for defense--but some of these areas that are 
critical back.
    We also saw the President go to the G7 and to visit with 
our allies at NATO, followed by an anticipated meeting with 
President Putin. And we know Russia continues to harbor a lot 
of these cyber terrorists.
    And while we have to be aggressive on our foreign policy 
side, in a proportionate way, we also can do better to make 
sure our private sector and government is ready back at home. 
And that is what we are talking about here today, making sure 
that we are using best practices, making sure that we get 
notice when folks have ended up getting hacked.
    And I would like to hear from Mr. Johnson. Over the last 
year, we have seen an unprecedented growth with RAN ecosystem 
thanks to open RAN architecture, a technology that will allow 
us to go beyond a lot of the equipment we currently buy from 
China.
    For example, Rakuten Network's announcement in Japan of a 
multivendor open RAN network, one of those vendors in the 
partnership is Airspan Networks, based in my home State of 
Florida. How important is it to develop and fund American-based 
vendors knowing what comes with that is an increase in high-
skill jobs and the flexibility for a wireless network to adapt 
to the growing demands of a 5G network?
    Mr. Johnson. Thank you, Congressman. And another crucial 
question for this moment. And just in full disclosure, one of 
my roles in private practice is I am outside counsel for the 
Open RAN Policy Coalition, and Airspan is a member.
    And I will say that it is crucial to invest in companies 
like Airspan, not just American companies but trusted 
suppliers.
    And here it is--I think the aperture that we should be 
looking through is certainly U.S.-based companies with 
operations and facilities and jobs in the United States but 
also companies that are organized and have operations in allied 
or partner countries.
    And this is something that, to give to your G7 and NATO 
point, the scale of that market is what allows us to compete, 
you know, the free market democracies against authoritarian 
regimes.
    And I think--I am not speaking for Airspan in particular, 
but my guess is they want to have a global market to sell to as 
well.
    And so leveraging the dynamism and notification of U.S. and 
partner--of companies based in the United States and other 
rule-of-law-based market democracies, our allies and partners, 
is, I think, the crucial competitive edge that we have in the 
coming decades.
    Mr. Soto. Well, thank you, Mr. Johnson. We know many of 
these technologies we developed, right. Florida was a big part 
of developing the cell phone.
    Right here in Virginia, they helped develop the rudimentary 
beginnings of the internet, and yet we saw through business 
deals a lot of the technology start being built abroad because 
it was cheaper. But we see now that has set us up for 
vulnerabilities, and today we are taking a huge step in making 
sure we build back better and to secure our networks.
    And I yield back.
    Mr. Doyle. The gentleman yields back.
    The Chair recognizes Mr. Johnson for 5 minutes.
    Mr. Johnson of Ohio. Well, thank you, Mr. Chairman.
    And, Mr. Johnson, for you, starting out, you know, while we 
understand the risk that Huawei possessed to our networks and 
have acted to prevent its use domestically, there are other 
providers that could pose a risk to national security that may 
seek to enter the market as well.
    Currently, the FCC authorizes approvals for foreign-
controlled companies to provide services in the U.S., but they 
defer to executive branch recommendations on their national 
security review of the transaction.
    As I mentioned, my bill would formalize this process while 
preserving the subject matter expertise of national security 
agencies.
    So, in your view, Mr. Johnson, how does NTIA's expertise 
with interagency policy, development, and coordination suit 
them for being a single point of contact between the 
interagency, the FCC, and applicants? How important is it to 
ensure timely review of these applications?
    Mr. Johnson. Thanks, Congressman. Let me just start with 
the caveat that there are many experts on TEAM TELECOM law, and 
that is not my area of particular expertise. But I think that 
the policy that has developed over the past couple of years--I 
get the timing mixed up because of the COVID time warp--but I 
think the Executive order that came out of the Trump 
administration formally organizing TEAM TELECOM and the 
agencies involved did help clarify roles in what had previously 
been more of an opaque process, and so I----
    Mr. Johnson of Ohio. And that is essentially what this bill 
does. It codifies that Executive order.
    Mr. Johnson. Right. Right. And to answer your question 
about NTIA, and I think they are, NTIA and the Commerce 
Department, more broadly, and I know this from being--from 
previously working in the Commerce Department on these issues.
    They are a crucial part of the process because, as I have 
said a couple of times today, they are the only agency whose 
core mission is promoting American business and innovation, 
which underlies American strength and security.
    So you have the other security agencies who also have, 
obviously, a crucial role to play in TEAM TELECOM as well. They 
are coming at it from a purely security-oriented angle, and 
what Commerce adds is understanding the digital economy and the 
telecommunications economy.
    Mr. Johnson of Ohio. OK. Well, thank you.
    For all of our witnesses, I am also pleased to be a colead 
on H.R. 4045, the Future Networks Act, along with my colleague 
Chairman Doyle. As you have heard, this legislation would 
create a 6G task force at the FCC to examine private-sector 
efforts regarding the development of 6G standards.
    If you were a member of this task force--just very quickly, 
each of you--what advice would you have for Congress as we 
review this work? Starting with Mr. Srihari.
    Mr. Srihari. Well, it is time to get started. The Chinese 
are doing it.
    Mr. Johnson of Ohio. Yes.
    Mr. Srihari. The Europeans are doing it. So I think you 
take the approach that we want industry to lead, but we have to 
start looking at, you know, early on what are the new 
technology needs going to be, what are the use cases going to 
be, how can we leverage what American companies are already 
doing in terms of global standards participation.
    Mr. Johnson of Ohio. OK. Mr. Boswell.
    Mr. Boswell. I mentioned earlier about the work that 
Ericsson has been doing with the National Science Foundation's 
RINGS program, which we are a founding member of as well as the 
platform for advanced wireless research. So we have gotten 
started here, but it is also important to make sure that we 
don't leave out the academia segment here. America's 
universities can provide a lot of input.
    We have current partnerships that we have in place with the 
WINLAB at Rutgers, for example, with MIT, U.C. Berkeley, 
Stanford, NYU. I could list dozens more, but the university 
tie-in with some of these different efforts really allows them 
to, A, tap into some government funding, and then, B, also work 
with some of the industry experts that are actually out there 
building the networks. It creates a good cohesion and builds up 
our workforce in a place where we desperately need it.
    Mr. Johnson of Ohio. OK. Mr. Brenner.
    Mr. Brenner. So the private sector, led by Qualcomm, the 
American champion, we are going to invent 6G. We are going to 
drive the 6G technology. But where the Government and the task 
force can come in is, A, we are going to have to identify and 
free up spectrum for 6G. That is always a multiyear effort, 
number one.
    And, number two, we are going to need to put these cell 
sites in places, and so the task force can work through site 
issues. And, by the way, for Mr. Soto, Airspan, fantastic 
partner of Qualcomm's. We make those chips for their small 
cells.
    Mr. Johnson of Ohio. OK. Mr. Johnson.
    Mr. Johnson. I don't have much to add to my colleagues 
here, but I think that is the role of government, and therefore 
the role of Congress setting that up is to corral and harness 
this innovation that is taking place in the private sector and, 
as Mr. Boswell mentioned, in universities.
    Mr. Doyle. The gentleman's time has expired.
    Mr. Johnson of Ohio. Mr. Chairman, I yield back, but I do 
have some additional questions that I will submit for the 
record.
    Mr. Doyle. You can submit them. Yes. Thank you.
    Let's see. Next up is Mr. O'Halleran, joining us remotely. 
Tom, you have 5 minutes.
    Mr. O'Halleran. Thank you Mr. Chairman, Ranking Member 
Latta, for this opportunity.
    You know, first of all, I have been listening to this for a 
while now, and I keep hearing things like, well, the pipeline 
issue brought this cybersecurity issue to a new level. I 
don't--this has been at a level, a high level, for as long as I 
can remember. We have been talking about security for 
businesses, for our Defense Department, and to get these 
networks up and going.
    But here we are, running behind others to get this 
addressed. It is just amazing to me. And I know our chairman 
and our ranking member are trying as hard as they can. Securing 
America's network technology is an important national security 
priority. I am glad this subcommittee remains focused on this 
issue.
    When it comes to expanding our networks, we have a lot of 
work to do, especially in rural areas and on Tribal lands. In 
my district, many households have no at-home internet access. 
This results in poorer health and educational opportunities for 
these families. And we have miles and miles of dead zones where 
our cell phones read ``no service.'' This is a problem when my 
constituents need to contact medical help or emergency services 
in remote areas.
    We need to expand our network capabilities and those of the 
digital divide, and we must ensure that these networks are 
secure. This is not just a problem for large tech companies. 
Any hole in the network security can be exploited by hostile 
actors.
    That is why last week I joined a bipartisan group to 
introduce the Open RAN Outreach Act. Our bill directs NTIA to 
provide outreach and assistance to small network providers to 
educate them on how to secure their networks using open network 
technology.
    By helping small providers buying their components from 
trusted vendors, we can help secure the entire network. Small 
network providers, especially those in rural areas, cannot be 
left behind.
    Mr. Srihari, you mentioned in your testimony the importance 
of raising awareness of open RAN among rural operations. What 
steps would you like to see Congress take to make sure that 
rural areas aren't left behind in the network security?
    Mr. Srihari. Thank you, Congressman, for the question. One 
of the ironies of the rollout of open RAN around the world is 
that rural and smaller operators are in some ways actually 
leading the charge.
    We see this largely outside the United States in smaller, 
unserved areas with new Greenfield deployments where there is 
no service before. You see operators coming in and doing open 
RAN implementations, and we see results with significantly 
lower costs and better performance in these areas.
    So, as I mentioned earlier, I think it is just a question 
of making sure that small and rural operators know what is 
available to them today. There are American systems integrators 
who will bring the hardware and software together for them to 
make sure that they know what is available.
    There is, you know, at least one operator in the United 
States, a small operator, that is already doing it, and a 
larger U.S. company is announcing plans for a nationwide 
network as well. I think it is just a question of making sure 
that these operators are connected with the information that 
they need, and I think the legislation would go a long way 
towards doing that.
    Mr. O'Halleran. Thank you.
    Mr. Brenner, how is Qualcomm supporting open network 
standards? And how would it help speed the development of 5G in 
rural America?
    Mr. Brenner. Oh, thanks very much for that question, 
Congressman.
    We are absolutely pushing as hard as possible to develop 
chips that will go right into the equipment that will make open 
RAN go. We are working in every conceivable standards body to 
push for standardization of open RAN. As I said in my 
testimony, just a couple of days ago we announced a new small--
the world's first 5G small cell open RAN platform that has the 
latest 5G technology in it. We are working with everyone and, 
you know, we think it is great technology.
    And I also want to put a plug in for our fixed wireless 
technology. So while it is true----
    Mr. O'Halleran. Mr. Brenner, I am sorry. I only have 15 
seconds, and I want to make a quick statement.
    Mr. Brenner. OK. Sorry.
    Mr. O'Halleran. No, no, not your fault.
    I just--I don't want America to be behind other countries, 
and we have to do a process here that gets us further ahead, 
not just catching up. We need to get this done.
    And so I yield, Mr. Chairman.
    Mr. Doyle. The gentleman's time has expired.
    The Chair now recognizes Mr. Walberg for 5 minutes.
    Mr. Walberg. Thank you, Mr. Chairman.
    And thanks to the panel for being here. I come in here 
thinking I am starting to understand everything about what we 
are talking about, then I realize, after listening to you, I 
got to keep working.
    This year, the FCC announced its intent to recharter CSRIC 
to provide recommendations to the FCC regarding ways the FCC 
can strive for security, reliability, and interoperability of 
our Nation's communication systems. Last week, Representatives 
Slotkin, Schrader, and I introduced H.R. 4067, the 
Communications Security Advisory Act of 2021, which would 
simply make the council permanent.
    Mr. Johnson, what is the best way to structure the council 
and define its focus, assisting the FCC as much as possible?
    And, Mr. Boswell, I will ask you to follow up on that.
    Mr. Johnson. Great. Thank you, Congressman, and appreciate 
the--your focus on CSRIC. I have to say I have--there is a 
special place in my heart for the CSRIC, despite its being 
possibly the worst acronym in a town of bad acronyms.
    CSRIC is--it is really one of the crown jewels of our 
Government, I think. For those who don't know, it is the 
Communications Security, Reliability, Interoperability Council 
that advises the FCC. It is a collection of experts from 
industry, from government, and really throughout the ecosystem, 
to make sure that our 9-1-1 systems work well, that emergency 
alerts, that cutting-edge issues like 5G security, and I know 
both companies that are represented here today have advanced 
that significantly in recent years. I look forward to what this 
next CSRIC is going to do, focused on 5G issues.
    I think the best way--and I do think there will be some 
value in statutorily backing up CSRIC. I think the--and I don't 
have any particular suggestions for revising your bill. I think 
it could really provide a long-term backing to a committee 
that--or a council that adds tremendous value.
    And the only thing I would advise is to make sure that it 
remains flexible in terms of how each FCC puts it together. 
Because, for instance, there is a--you know, with the two 
attacks that have been so high profile in the past couple of 
months, there are elements of those--of each of those attacks 
that might be grappled with in CSRIC, and I think--so I think 
the flexibility is valuable.
    Mr. Walberg. OK. Flexibility. Mr. Boswell?
    Mr. Boswell. I think from a U.S. perspective, you know, we 
have an obligation or a responsibility to the rest of the world 
to continue leading in 5G. CSRIC is one of the bodies that 
helps us do that. And by codifying it and showing the support 
behind it, I think it supports that on a global stage as well. 
I have been involved in several CSRICs myself. And usually not 
too long after our reports get published, then I have 
colleagues from around the world that end up referencing those 
reports--``Well, the U.S. says that this is best practice, the 
U.S. says that this is best practice''--because they know we 
have the most secure and most reliable networks right here in 
the U.S.
    So this puts kind of the pen to paper from the engineering 
standpoint of saying this is truly best practice, because this 
is what U.S. operators do. I think that is very important.
    Mr. Walberg. Do you think, Mr. Boswell, that 
recommendations of CSRIC should be mandatory, or should each 
company identify how best to incorporate their recommendations?
    Mr. Boswell. I think that each company should identify how 
to best incorporate those recommendations, and we do take that 
into account as we work through each CSRIC on what is a best 
practice and what is a ``this is a must have.'' There are 
certain recommendations in every CSRIC report that kind of 
stipulate, well, ``this is for good security, you really have 
to do these certain things.'' For others, it is really 
dependent. Our operators have a good track record of taking a 
risk-based approach to the different layers that make up their 
network, and what makes sense in one region or architecture 
type may not necessarily make sense and even be a burden on 
them if forced to implement certain things.
    Mr. Walberg. OK. Mr. Brenner, I have a question to ask of 
you, but in the time here and with my chairman sitting behind 
me, I am going to have to direct it to you and get an answer to 
follow up. Thank you so much.
    I yield back.
    Mr. Doyle. I thank the gentleman.
    The Chair recognizes Miss Rice for 5 minutes.
    Miss Rice. Thank you, Mr. Chairman.
    Mr. Srihari, you started your comments by talking about 
NTIA and the FCC and their need to be able to execute all of 
their additional functions. What kind of an investment are we 
talking about from a monetary perspective?
    You know, we can sit up here and say this is what all these 
different agencies are now tasked to do, but if we don't give 
them the resources to actually carry out those 
responsibilities, it is all for naught. So if you could just 
kind of put a--is it a dollar figure? A human capacity? What 
would you say?
    Mr. Srihari. So six of the nine bills today, I think, would 
do something to NTIA or add some functions to NTIA. Most of 
them, I believe, would come under the budget category of--the 
umbrella category of domestic and international programs at 
NTIA. As of fiscal year 2020, there were 27 people who worked 
in that division. I think last year it went up into the 30s. I 
think President Biden is proposing to take it to 52.
    So this is not a very large agency here. The whole agency, 
I think, has about 150 employees. I think the budget proposal 
this year is to add another $4 million, $5 million. And this is 
an agency that also does Federal spectrum transfers that yield 
the Government $100 billion. I mean, there is literally 1,000--
10,000 times payoff for the Federal Government with this 
agency.
    So I think, if this subcommittee rightfully is going to 
bolster NTIA's functions here, I think you need to be 
cheerleaders for the agency in very modest budget increases to 
just help them do these things. Right now, I am working with 
them on a number of different issues, and I see the same 
staffers' email being cc'd on three very different topics 
because they just don't have the people right now. That is the 
reality right now.
    Miss Rice. Yes. Well, thank you for highlighting that.
    Mr. Boswell, you mentioned in your opening remarks that 
Ericsson, even before the pandemic, put in place very tight 
controls on supply chains, and that set you up well. Can you 
just explain? Obviously, that is something that we as a 
Congress have to address, that our entire supply chain system 
just broke down under this pandemic, and we were left--you 
know, States were left playing Hunger Games to try to get PPE, 
et cetera. So can you just give--enlighten us, you know, as to 
how you put that--those controls in place?
    Mr. Boswell. Sure. So, really, when we talk about solutions 
or building a network, there is kind of two categories. There 
is the hardware and the software side of it. Now, everyone 
says, well, all of the networks of the future, it is all 
software, but there is still hardware somewhere. It is not just 
sitting out there in space, right? So the hardware part is 
still very important.
    We build that hardware on top of a trusted chipset where 
certificates, attestability and authenticity verification gets 
loaded at the factory level, at the chipset, so that we know it 
is a legitimate component that is out there in the field. That 
also allows us to, as there is software that is built on top of 
that, one level, attest to and kind of certifies or verifies 
the level above it. That is on the hardware side.
    Software, it is really about good process, good software 
assurance. We have been best in class in this for a long time. 
Some of the recent legislation proposals that we have seen 
around software assurance are kind of heading other parts of 
the industry in the right direction there. But it is about 
doing things in each layer of it, not just saying ``I have got 
a bill of materials'' or ``I have got a secure coding 
practice'' or ``I have got secure rollout.'' It is all of those 
processes.
    So we have an end-to-end framework that starts with the 
developers, of course. They are the ones that write the code. 
But that goes all the way through until we are out there in the 
field, literally with the field tech on the side of a tower, 
connected to a baseband radio. They are still installing 
software there. So our processes cover that end to end from the 
moment it is on somebody's keyboard to the moment that it is up 
on a tower.
    Miss Rice. Thank you, Mr. Boswell.
    Mr. Johnson, you mentioned before the issue of 
territoriality. You know, some could accuse the way Congress is 
set up, these committees, we have--there is too much--too many 
committees that have too much jurisdiction over too many 
Federal agencies, and that really reduces the efficiency of 
those agencies. How can we make everyone work together better?
    I mean, I know we learned a lot after 9/11, but this 
pandemic exposed that there are still those inefficiencies 
within these agencies. What is your best piece of advice for us 
to, you know, to take going forward?
    Mr. Johnson. As a former committee staffer on the Senate 
side, I don't have any answers for the congressional side of 
the jurisdiction. I will let you all work that out. But with 
regard to oversight and the executive branch, including 
independent regulatory agencies, I think simply demanding that 
they are working together and that they are part of the same 
team, as every committee's focus in oversight, will help make 
it happen.
    I also think it has happened through the pandemic, because 
you had a lot of dedicated public servants working with a lot 
of companies to make--to keep us connected. And the FCC had a 
role, DHS had a role, and it--we are better than we were a year 
ago.
    Mr. Doyle. The gentlelady's time has expired.
    Miss Rice. Thank you.
    Mr. Doyle. The Chair now recognizes Mr. Duncan for 5 
minutes.
    Mr. Duncan. Thank you, Mr. Chairman.
    Mr. Boswell, that is a great goatee. I don't know who wears 
it better, you, me, or Gus Bilirakis. It has been a long 
hearing. I appreciate the levity there.
    I want to thank most of you for your opening statements 
where you show some sort of support for H.R. 4046, the 
bipartisan NTIA Policy and Cybersecurity Coordination Act we 
have introduced with Ms. Wild and Mr. Curtis.
    Small communications providers are a critical part of 
securing the domestic supply chain. That is why in the Secure 
and Trusted Communications Network Act, Congress took a 
bipartisan action to help smaller carriers remove untrusted 
equipment, and we have talked about that--I think Steve Scalise 
was big on that earlier--including by instructing NTIA to 
implement a program of--to guide small and rural providers when 
it comes to making better investments in equipment and 
services. This program entitled Communications Supply Chain 
Risk Information Partnership I think was established last 
summer.
    To your knowledge has this program been successful? Any of 
you, all of you.
    Mr. Boswell, you can start.
    Mr. Boswell. I am not sure I can speak to the specific 
program that you are asking about. In regards to 4046, the 
current bill, I do think it makes sense to have an office at 
NTIA that is dedicated to these kinds of issues. We are 
particularly happy to see that this requires that an Associate 
Administrator with focus on market-based policies and promote 
innovation, competition, consumer access, digital inclusion, 
and economic growth--I think we would all agree those are good 
things. But all of that is consistent with the technology-
neutral approach that Ericsson has long supported. We are very 
supportive of the bill also.
    Mr. Srihari. I think they are just getting started with the 
C-SCRIP program, from what I have heard. I think they are 
planning on having some workshops in the near future. I don't 
know if they have actually started the engagement yet. This was 
set up by section 8 of the Secure Networks Act. But I do think 
the policy coordination office that your bill does, that is the 
office that would be handling this program, yes.
    Mr. Brenner?
    Mr. Duncan. Thank you so much.
    Mr. Brenner. Yes. I have the same understanding as Mr. 
Srihari that this is in an early stage. It is being rolled out.
    You know, the only other thing I want to say is--I will 
harken back to something that Mr. Srihari said earlier, which 
is, you know, so spanning the prior administration and this 
one, you know, NTIA has had a lot of change in its leadership 
and we don't have a permanent leader right now, and you have 
all these bills, six of the nine bills, that make all these 
changes to NTIA. Some are minimal: write a report. Others, you 
know, changing the focus of an office and turning NTIA into 
having cyber as one of its core functions, that is a very 
significant change. And it is to going require, you know, a 
permanent Administrator to roll it out. And it would be good to 
get that person's views, I think, before Congress, you know--
before legislation like that is signed into law.
    Mr. Duncan. Mr. Johnson?
    Mr. Johnson. And I will just mention that the present 
director of OPAD, the office here, is actually the Acting 
Administrator of NTIA, Evelyn Remaley. She is a good friend to 
many of us. She is an American treasure, I think. Doing a 
great--a great job with a small group of experts. And so I 
think colleagues are correct, the C-SCRIP program is just 
getting started, but I know from experience it could have a big 
impact.
    A predecessor of it was what was referred to as the--a 
rural road show. In the past couple of years before the 
pandemic, DHS, NTIA, ODNI, and a number of other agencies 
traveled--went around the country to different--for different 
rural focus, small teleco-focused supply chain outreach, and 
it, in many ways, I think it helped pave the path to the rip-
and-replace proceeding and--or transition, I should say.
    And so the same people that were working on that for NTIA 
will be developing this program, and they are--they hit way 
above their weight, small office, but the good news is they can 
do a lot of good with hitting above their weight.
    Mr. Duncan. Yes. Thank you for that.
    Mr. Chairman, before I came to this committee, I was on 
Homeland, worked with Ms. Clarke and Pat Meehan and some others 
on cybersecurity issues. I am glad we are doing this, and I 
appreciate your support.
    With that, I will yield back 12 seconds.
    Mr. Doyle. I thank the gentleman.
    The Chair now yields 5 minutes to Ms. Eshoo remotely.
    Ms. Eshoo. Chairman Doyle and Ranking Member Latta, thank 
you for this very important hearing today.
    And to--I have been listening to the witnesses, what, at 
least 2 hours and 15 minutes, and I think that each one of you 
has done a superb job.
    To Mr. Johnson, all of your background and previous 
experience really shows. But I want to point out something that 
maybe most colleagues don't know, and that is that Mr. Johnson 
is the son of a former colleague, a Member of the House, 
actually a classmate of mine. We entered the Congress together. 
So a warm welcome to you.
    Mr. Johnson, in the last Congress, and it is--Mr. Scalise 
spoke of this--we passed legislation directing the FCC to ban 
telecommunications carriers using Federal funds to purchase 
equipment made by Huawei and other entities that posed a 
national security threat.
    On this particular subject relative to Huawei, I have been 
like a dog with a bone. I served almost a decade on the House 
Intelligence Committee, and going back to 2009, 2010, I have 
been on this issue. I am pleased that we are making progress. 
So I want colleagues to know that this is not a newfound issue 
on my part.
    Now, the legislation that we passed in the last Congress 
left a gap, because companies can still purchase equipment that 
poses national security threats using private funds. So Mr. 
Scalise and I recently introduced the Secure Equipment Act to 
close the gap. Our legislation prohibits the FCC from approving 
any equipment from Huawei [inaudible] international security 
threats, and this includes all privately purchased equipment.
    Can you just briefly tell us about how having any 
vulnerable equipment in our networks poses risks to the entire 
network?
    Mr. Johnson. Thank you, Congresswoman, and another really 
important question. And thanks for your leadership on these 
issues over all these years.
    I think it is a--you know, there are many metaphors or 
analogies that you could use about the weakest--you know, the 
weakest link in the chain, or if one part of the network is 
compromised, it can affect the whole network. But just give two 
answers to that.
    One is that with 5G--and I think Mr. Boswell could probably 
speak to this in some depth--the technical architecture of 5G 
actually can, I think, help us address that problem just as a 
matter of isolating threats. But that--in my personal view, 
that does not mitigate, sufficiently mitigate the risk of 
untrusted equipment like, again, in my opinion, Huawei and ZTE.
    And so, if Congress has passed laws that ban Huawei and ZTE 
from Federal procurement and from being included in universal 
service fund subsidized networks, it does beg the question of 
what about its legal availability in all--in all other areas.
    Ms. Eshoo. Uh-huh.
    Mr. Johnson. So the bill that you and Mr. Scalise have put 
forward would close that gap, as you put it.
    Ms. Eshoo. Great. Let me just get another question in.
    I worry that we are not paying enough attention to threats 
to 2G, 3G, and 4G networks, even though most calls and texts 
and mobile data, you know, traverse these networks. There have 
been a lot of one-off reports. I think we need a comprehensive 
study on what vulnerabilities exist, what has been addressed, 
so that we the policymakers have a whole picture. Mr. Kinzinger 
and I have the Cybersecurity--the Understanding Cybersecurity 
of Mobile Networks Act. That requires the NTIA to study the 
issue.
    As an expert, do you think that we are appropriately 
concerned about risks in the older networks?
    Mr. Johnson. That is a great question. And the good news is 
there has been a lot of work done on that through CSRIC--on 
those issues through CSRIC at DHS. I think you are right that 
the focus in the past couple of years has been forward looking 
to 5G and the transition to 4G--from 4G to 5G. But you are 
right. These 3G and 4G networks, and in some cases even 2G, 
will be--will be there for a while, and it could add some value 
to have a holistic look at those existing networks.
    Mr. Doyle. The gentlelady's time has expired.
    Ms. Eshoo. Thank you.
    Mr. Doyle. The Chair now recognizes Mr. Curtis.
    Mr. Curtis. Thank you, Mr. Chairman.
    Mr. Johnson, we talked about the cyber attacks a lot today. 
I want to go back to those. With the attacks, it is important 
to understand, if our Federal policies are effective and if the 
Federal roles and responsibilities are sufficiently 
coordinated. How do you see policies like the NTIA Policy and 
Cybersecurity Coordination Act better preparing us for these 
types of threats to our national security and boostering our 
influence abroad?
    Mr. Johnson. Thank you, Congressman. I do think what it--
what a bill like that would do is help galvanize the real 
advances that have been made in recent years, and including 
advances that have happened on the battlefield, so to speak, 
during the pandemic and through these recent high-profile 
attacks.
    Mr. Curtis. Another question. The Open RAN Alliance is an 
important step to establishing a global set of standards for 
governments and telecommunication providers to follow as we 
work to secure our networks from the Chinese influence. How 
many O-RAN networks are currently deployed to the United 
States, and what additional steps does the United States need 
to take to strengthen O-RAN standards to increase adoption 
domestically?
    Mr. Johnson. I think--and thank you for that question as 
well. And as I mentioned earlier, I serve as outside counsel to 
the Open RAN Policy Coalition, which is sort of the policy 
counterpart to the O-RAN Alliance technical specifications 
work. There--Dish has announced that it is building a national 
network based on open RAN. As Mr. Srihari mentioned, there is a 
small provider, Inland Cellular, that has an open RAN network 
right now. But I think the--I think the way I would 
characterize it is we are presently, we the United States and 
also the world, are at an inflection point in developing and 
deploying open RAN solutions.
    In my view, the role of the Government here is to do what 
it has been doing in promoting awareness, facilitating 
industries' innovation, and--because this is--the progress 
toward open networks in general and open RAN in particular is 
happening, and I think that is the--the role of the Government 
is to help facilitate that.
    Mr. Curtis. Great. Good. How can we work with our 
international partners to export this innovation and encourage 
our trusted vendors abroad?
    Mr. Johnson. That is a very important question. And just to 
restate something I said earlier, I think the core of this is 
making clear that U.S. policy and U.S. national interests are 
shared among U.S. allies and partners. And so there is 
critically--you know, there is always a critical need for U.S.-
based manufacturing and U.S. jobs, and also there is a core 
interest in trusted suppliers who are based in allies and 
partners, and also the ability for U.S.-based companies to 
sell, to export to those.
    Mr. Curtis. I wish I could give you more time. I am going 
to keep moving on.
    Mr. Brenner, Mr. Boswell, your two companies are the 
largest 5G equipment manufacturers worldwide. Based on your 
industry experience, how do you anticipate China would respond 
to a policy like the Secure Equipment Act becoming law?
    Mr. Brenner first.
    Mr. Brenner. Well, so I want to be clear on one thing which 
I don't think has been brought out yet, which is, you know, in 
parallel with your legislation, 2 weeks ago, the FCC issued the 
notice of proposed rulemaking that the legislation would 
require. So, you know, Congress, of course, is fully within 
their prerogatives to adopt the law, but the FCC is moving 
forward. You know, your law--your bill would set a 1-year 
deadline. FCC notices of proposed rulemakings don't have a 
deadline like that, but they are moving ahead.
    As to, you know, how China writ large would react, the only 
thing I can say about that is, you know, China is 
extraordinarily important to Qualcomm. We are an American 
company. Every time someone in China buys a cell phone with a 
Qualcomm chip inside, that is real-life American leadership, 
and that is happening very, very much.
    Mr. Curtis. I am going to give Mr. Boswell a chance to 
respond.
    I do want to point out, though, that what--congressional 
action means it can't be changed.
    Mr. Brenner. Right.
    Mr. Curtis. Right. So, Mr. Boswell.
    Mr. Boswell. Well, I certainly can't speak for any 
government, foreign or domestic, and especially not the Chinese 
Government on what their prerogative would be. But from an 
outside layman's perspective, I would guess they may not be 
happy. But I am not a diplomat. I am an engineer. I build 
networks, I secure networks. That is what our mission is at 
Ericsson. So I will stick to that in my lane.
    Mr. Curtis. And, unfortunately, we are out of time. So we 
are going to have to rest on that.
    Thank you, Mr. Chairman. I yield my time.
    Mr. Doyle. Thank you, Mr. Curtis. The gentleman yields 
back.
    The Chair recognizes Ms. Matsui for 5 minutes. She is 
joining us remotely.
    Ms. Matsui. Thank you very much, Mr. Chairman, and thank 
you very much for this wonderful hearing. And I want to thank 
the witnesses for providing their expertise.
    You know, I joined with Congressman McCaul to introduce the 
CHIPS Act, which would help address the semiconductor shortage 
by increasing American manufacturing capacity. And I included 
the CHIPS Act as an amendment to last years' NDAA and recently 
met with President Biden and NASA Security Advisor Sullivan 
about the urgent need to fund the programs authorized by this 
bill.
    Now, given the meteoric rise of Chinese semiconductor 
manufacturing, I believe fully funding the semiconductor 
programs in the NDAA should be a top national security priority 
for this Congress. The Chinese are making significant 
investments, and the United States cannot afford to fall 
behind.
    Mr. Brenner, is Qualcomm supportive of fully funding the 
CHIPS Act? And how would the bill help reestablish American 
leadership in this crucial 21st century supply chain?
    Mr. Brenner? Hello?
    Mr. Doyle. Mr. Brenner, is your microphone on?
    Mr. Brenner. Yes. Sorry.
    Mr. Doyle. Thank you.
    Mr. Brenner. I am sorry about that.
    Thank you for that question, Congresswoman Matsui. Qualcomm 
wholeheartedly supports the $52 billion in the CHIPS Act. And 
it is important to note that I think there is a lot of focus 
just on fabs for chips, on funding for that, but, you know, to 
build a domestic supply chain requires fabs, assembly, testing, 
advanced packaging, R&D. And all of that requires massive 
investment, and having the $52 billion weight of the Federal 
Government behind all of that would be a very good thing.
    In addition, we are not waiting for it, though. One thing 
we can do is actually, through the standards process, we are 
working on supply chain security. That is another step that can 
be done, and Qualcomm has been a leader in that as well.
    Ms. Matsui. Well, that is great. Thank you.
    To help secure telecommunication supply chains, we must 
work to ensure they are as diverse and reliable as possible. As 
an original cosponsor of the USA Telecommunications Act, I 
believe we need to fund the programs included in last year's 
defense bill to support the development and deployment for open 
RAN. The Senate-passed USICA appropriates $1.5 billion for the 
NTIA grant program and $500 million for the multilateral 
program. These are bipartisan figures, and I hope the House can 
keep pace.
    Mr. Srihari, do you believe the funding authorized on the 
bill should serve as a floor rather than a ceiling, and how 
could additional funding help support American leadership in 
open RAN?
    Mr. Srihari. Congresswoman, absolutely I think it should be 
viewed as a floor and not a ceiling. I think there is so much 
opportunity for the U.S. Government to be supporting the 
development of open RAN technologies, and not just open RAN, 
open network architectures, including Open Packet, Open 
Transport, Open Core, and the like. I think there is a big 
paradigm shift, as my colleagues here have talked about, that 
is coming in the next few years, and the more that Congress can 
do, I think the faster this transition will happen.
    Ms. Matsui. OK. Thank you.
    Earlier this year, I wrote to President Biden urging him to 
develop a unified approach to spectrum policy, promoting 
cooperation, and establish a clear process for resolving 
interagency disputes. Moving forward, it is critical that NTIA 
resumes its role as manager of the Federal Government's use of 
spectrum and that agencies have transparent and consultative 
processes for freeing up needed spectrum.
    As a case in point, I recently wrote to Acting 
Administrator Remaley, urging NTIA to work closely with DoD to 
facilitate a timely auction of the 3.45 gigahertz band.
    Mr. Brenner, how do breakdowns in interagency process 
hinder our ability to meet our spectrum goals, and what role 
can the Biden administration play in facilitating a more cogent 
spectrum strategy?
    Mr. Brenner. Well, thanks so much, Congresswoman Matsui. 
That is absolutely crucial. NTIA has that role, and they need 
to be given, you know, full authority from the administration. 
The administration so far has put a lot of emphasis on wireline 
broadband, which has certainly a role but, you know, everyone 
needs connectivity wherever they are, wherever they are going, 
and, you know, they need to do that. We need mobile 
connectivity. And the only way to resolve these spectrum issues 
is through close collaboration by NTIA as the single focal 
point for the Federal Government on the U.S. Government side 
and the FCC.
    Ms. Matsui. OK. Well, thank you very much.
    And I yield back 1 second.
    Mr. Doyle. I thank the gentlelady.
    The chairman recognizes Ms. Kelly for 5 minutes.
    Ms. Kelly. Thank you, Mr. Chair, for holding this 
legislative hearing. And thank to you the witnesses.
    The Colonial Pipeline attack, which occurred due to cyber 
criminals gaining access to Colonial's operational technology 
network, reflects a fundamental paradox which has been exposed 
and magnified during the pandemic. On one hand, in the past 
year the increased use of online services has been invaluable 
in retaining personal connections and continuing business 
operations. But on the other hand, the increased use has 
exposed individuals and businesses to an unprecedented variety 
and volume of digital threats.
    Mr. Johnson, can you tell how good network security and 
design practices can prevent cyber criminals from gaining or 
exploiting access to an organization's systems?
    Mr. Johnson. Yes. Thank you, Congresswoman. And I think 
that is the--this is--the best way to look at this is that the 
sophisticated threats that we face, particularly from nation-
state actors and intelligence services, but also from criminal 
groups that in many cases are affiliated with those nation-
states, they are--they have the capacity to attack and affect 
most networks, most enterprises. And so the issue is making it 
harder for them and more costly for them to do so.
    I am not expert on what Colonial Pipeline, how they were--
how they were prepared, but it--I will just say I think that 
all of industry in most sectors need to step up their game. 
What I will--let's just go back to what I opened with, and I 
think this is really important. The communications and IT 
sectors, you know, that are the subject of your jurisdiction, 
they--their interests in--their private interests in network 
security reliability, cybersecurity, is essentially completely 
aligned with the U.S. Government's interests. That is not the 
same in other sectors. So if their network goes down, their 
business goes down, and this is what they--they provide, 
secure, reliable connectivity.
    So I think there is a lot to learn. There is some other 
parallels in other sectors, like the financial sector, but 
there is a lot to learn from how the communications and IT 
sectors approach their work. And I think that there is a lot to 
build on there.
    Ms. Kelly. OK. In Colonial's case, I know a single leaked 
password for an active account to the network allowed access to 
Colonial's network. So while implemented networks and network 
security can block cyber criminals from accessing or 
alternating secure information, I am also concerned that when 
people think about cybersecurity, they get overwhelmed and 
confused by the amount of information and different approaches 
to cybersecurity. And, you know, I am going to say I am a 
little like that too. I am not an expert.
    Mr. Boswell, how do you believe a cybersecurity literacy 
campaign like the one proposed in H.R. 4055 would help?
    Mr. Boswell. I do think it is very important to increase, 
as I mentioned before, about the awareness of the American 
people of the impact that being online can have on their lives, 
that it is not just potentially a lost credit card or an 
inconvenience; that as technology pervades more and more into 
our society, that that impact itself could be a lot larger.
    When cyber criminals are looking to exploit and attack, 
there's usually three things they are trying to do. It is 
either to get money, to get information, or to disrupt service, 
or, in some cases, all three. Those are generally their 
motivations. And so, when we think about it from a protecting-
the-network perspective, it is easy to fall into the trap of 
you just say, ``Well, f it is money they want, if I can just 
make it not profitable for an attacker, then I will be OK.'' Or 
if it is information, ``Well, if I just protect my data while 
it is at rest and while it is moving across the network or 
while it is in storage, then I will be OK.'' Or if they want to 
disrupt services, ``Well, if I just build out a cloud-based 
architecture, redundant services, high resiliency, then I will 
be OK.''
    The truth is we have to do all of those things all of the 
time to have a truly resilient network, and I think that 
holistic view is where we could increase education the most.
    Ms. Kelly. I am going to get to Mr. Brenner. How do you 
monitor, map out the security of your supply chain, given your 
significance to the mobile industry? And I don't have a lot of 
time, so----
    Mr. Brenner. Yes. Well, constantly requires constant 
efforts, because, you know, it means the whole chain from 
beginning to end. So we have a team of people that works on our 
supply chain that are constantly, you know, monitoring and 
making--you know, taking every conceivable step to make sure 
that our supply chain is secure. And I am very happy to say 
that it is.
    Mr. Doyle. The gentlelady's time has expired.
    Seeing no more Democrats, Mr. Joyce is waiving on. And we 
are pleased to have him here in the committee.
    And you are recognized for 5 minutes.
    Mr. Joyce. Thank you, Chair Doyle and Ranking Member Latta, 
for allowing me to waive on to today's Communication and 
Technology Subcommittee hearing.
    And to our witnesses, for a long morning, thank you, Mr. 
Srihari, Mr. Boswell, Mr. Brenner, Mr. Johnson, for being with 
us on this incredibly important discussion.
    Today's conversation has been insightful. It is clear that 
we must empower the private sector to innovate at a rate 
necessary to stay ahead of cyber threats. The Federal 
Government must partner with these innovators to ensure that 
our Nation's networks and that our data are secure.
    The human element is critical to this discussion as well. 
Efforts like those envisioned in H.R. 4055 and existing efforts 
by the private sector to increase cyber literacy and cyber 
awareness are also critical in defending our systems.
    In fact, within my district, Gettysburg College and the 
cybersecurity company Fortinet established a partnership to 
modernize campus cybersecurity. Defending the network from 
nefarious actors, this partnership could serve as a potential 
model for cybersecurity throughout our country's ecosystem. 
Cybersecurity needs to be present in all areas: in education, 
business, in energy, in healthcare, in communications, and in 
national defense.
    Mr. Johnson, do you believe that we need to extend an all-
of the-above approach with strong public-private partnerships 
that innovate cyber solutions and make a cyber-aware 
population?
    Mr. Johnson. Absolutely. It is crucial to our future. And I 
like your all-of-the-above. It needs to be a coordinated full-
court press.
    Mr. Joyce. Mr. Brenner, do you see additional possibilities 
in this all-of-above approach? Do you see additional 
opportunities specifically in public-private partnerships?
    Mr. Brenner. Absolutely. I mean, we all the time engage 
with governments, all in the United States and all over the 
world, and we are always open to that kind of thing.
    Mr. Joyce. Mr. Boswell, can you add to this conversation?
    Mr. Boswell. Yes. You know, we were talking earlier about 
some of the early 6G work that is going on with the National 
Science Foundation and PAWR which--forgive me--the Platforms 
for Advanced Wireless Research program. One of the things they 
are working on is working with industry experts like Ericsson 
and Qualcomm and many others, as well as Government agencies, 
so tie-ins from the NSF, from DoD, from other spaces, but then 
the academic spaces as well.
    So they are working with NYU, Rutgers, Columbia, Salt Lake 
City, Utah, University of Utah, and Rice, NCSU, Mississippi 
State, Purdue, Iowa State. Sorry if I left out a university. 
There's a lot of them that this group is working with.
    And I think that is really important, not only to make it 
that it is not just a conversation between those of us that 
have done this for a few decades on the policy side, on the 
protecting national infrastructure side, on the building 
equipment side, but also those that are coming in the next 
decade.
    So working with these universities, we are identifying that 
is the next generation of the people that are going to be 
sitting here 20 years from now or--I don't know, maybe they 
will take our seats here sooner. Who knows, you know? But that 
kind of collaboration with the university system I think is 
really important to reestablishing American innovation.
    Mr. Joyce. Mr. Srihari, can you add to this conversation?
    Mr. Srihari. I think your talk about public-private 
partnerships is an important one. Your Gettysburg example, for 
example, in your district.
    I know the bill before us today talks about creating a 
national program at NTIA for cyber education, but the reality 
of the situation is that good cyber hygiene and best practices 
is about teaching kids in high school. It is about the local 
college working with the students, or an employer teaching its 
new hires the basics about good cybersecurity. It is these 
basic sort of private-sector partnerships maybe with the local 
government, the State government, the local mayor's office. 
That is where the first line of defense is on cybersecurity, 
and I think you are right to call it out.
    Mr. Joyce. Mr. Johnson, in the few seconds that I have 
left, are you aware of a model of public-private partnership 
that can lay the groundwork in the future of our Nation's 
cybersecurity?
    Mr. Johnson. Yes, sir. I mentioned this in my opening. 
CSRIC, back in 2015, recommended to the FCC a model of 
partnership between the FCC and DHS to engage network operators 
in particular in a--in a trusted, confidential partnership 
environment for security. In some ways, it was prescient 
because this is what they ended up doing during the COVID 
pandemic. But I think formalizing that, basically picking up 
those CSRIC recommendations and seeing how they apply to the 
present, is an important model.
    Mr. Doyle. The gentleman's time has expired.
    Mr. Joyce. Thank you, Chair.
    Mr. Doyle. The Chair sees Mr. Cardenas is joining us 
remotely.
    Tony, you are recognized for 5 minutes.
    Mr. Cardenas. Thank you, Coach--I mean Chairman. And by the 
way, I am working on Senator Padilla to join us on the field.
    Thank you, Mr. Chairman and Ranking Member, for having this 
very important issue, which is, unfortunately, going over most 
American's heads, but it is in their hands every single day and 
it is in their lives. And I hope that we can pass this critical 
legislation that my good colleagues on both sides of the aisle 
have introduced [inaudible].
    I want to take a point of personal--one of the witnesses 
mentioned that he is an engineer. I am proud to be an engineer 
myself. But kind of made it very clear--politician reminded me 
of my mother. When I went off to college, she gave me a hug and 
said she was very proud of me. When I told her I was going to 
run for office, she gave me a hug and said she would pray for 
me. When I got my degree, she hugged me again and said she was 
very proud of me. When I got elected, she hugged me again and 
said she will pray for me. So you brought back some memories 
from a long time ago.
    So on a serious note, I think it is important that we all 
understand how important the supply chain security is. Wireless 
security and innovation are very technical, and I wanted to 
talk about these important issues here so we can get it on the 
record. As part of this legislative process, I think it is 
critical that we have these very important issues and that we 
hopefully get our public, our constituents to understand how 
important they are.
    First, it is vital to understand and identify any problems 
in our current systems under our increasingly digital lives. 
That is why bills like Rep. Eshoo and Kinzinger's Understanding 
Cybersecurity of Mobile Networks Act is so critical. It gives 
us insight into the vulnerabilities of our networks so 
providers can address them.
    Our communications networks are built from materials and 
components from all over the world. It is also important to 
identify where these come from and that all of these components 
are secure. That is where the Information and Communications 
Technology Strategy Act comes in.
    Second, it is important to prepare for the future, which is 
why we need legislation like the FUTURE Networks Act, to make 
sure that, while the U.S. continues to be the leader in 
technological innovation, we get ahead of any security issues 
and ensure we are doing what we can to help all Americans use 
new technologies to make our lives better.
    The third piece of the puzzle that we need to talk more 
about and what I want to focus on today is the safety of the 
American people. While on a national level we need to make sure 
our networks and supply chain are protected, it is in the homes 
and the small businesses and businesses across America that 
people are subject to hackers, and they can do tremendous 
damage. We need to work together to do our part. That includes 
companies, government, and every single one of us.
    One way to play our part as citizens is by being empowered 
with simple, high-impact methods we can use to increase 
cybersecurity of our devices and networks. That is why I am 
proud to support the American Cybersecurity Literacy Act.
    I have a question for you, Mr. Srihari. We know that 
technology is critical to everyday life. It is how we stay 
connected with loved ones, work, get an education, among other 
things. It is how we get to see my grandchildren in Los Angeles 
when I am in Washington, DC.
    While this technology can expand our quality of life 
infinitely, we also know it is growing more and more complex. 
We need to make sure our communities have the tools to use tech 
safely.
    Can you talk about some of the common threats consumers are 
facing today?
    Mr. Srihari. Sure. I mean, when we are talking about 
cybersecurity, we are talking about malware being installed, we 
are talking about phishing attacks, social engineering 
exploits. If you look at the statistics on this, although the 
numbers vary, everyone agrees that at least a majority and some 
say even 80, 90 percent of cyber attacks are because of things 
as common as basic password problems or basic user error. These 
are not complicated, technical exploits here. And the effects 
can be very harmful, either to businesses or personally, 
causing billions and billions of dollars in economic damages 
every year.
    So I think at a very basic level, educating the public at 
large on these issues would have a huge beneficial effect for 
the economy overall, but also make a real difference in 
people's lives to prevent these kinds of problems from 
happening.
    Mr. Cardenas. So literacy is something that we can all 
practice on a daily basis: individuals, small businesses, large 
businesses, et cetera.
    Mr. Srihari. Absolutely. And that is where it starts. And a 
lot of the problems that we see in very large organizations are 
because one individual made a mistake somewhere deep down the 
line and it trickled all the way up and caused a major outage. 
So, yes, I think you are right.
    Mr. Doyle. The gentleman's time has expired.
    Mr. Cardenas. Thank you very much. My time has expired.
    I yield back. Thank you, Mr. Chairman.
    Mr. Doyle. The Chair sees that Mrs. Fletcher has joined us, 
So we are going to recognize her for 5 minutes. She is joining 
us remotely.
    Mrs. Fletcher. Well, thank you so much, Chairman Doyle. And 
thanks to you and Ranking Member Latta for holding this 
important hearing today and to all of our witnesses for taking 
the time to testify.
    American businesses, consumers, and innovators, and the 
economy will benefit if the United States maintains our 
leadership on 5G, 6G, and future generations of wireless 
networks and devices. Security of these systems is of paramount 
importance. We have been discussing that all morning, the cyber 
attacks that we have seen across a variety of sectors just this 
year. And in response to what my colleague Mr. O'Halleran said, 
you know, issues that we have been talking about for a long 
time, and it is important now for Congress to pass sound policy 
that will protect users and networks as the world continues to 
become more interconnected.
    So, Mr. Brenner, how will the bills that we are considering 
today, like the FUTURE Networks Act, help us maintain our 
leadership on wireless connectivity?
    Mr. Doyle. Mr. Brenner, turn your microphone on.
    Mr. Brenner. Thanks so much for the question. I am going to 
repeat what I said previously, because there are two key things 
that that bill can do.
    One, it will start the multiyear process of working with 
the FCC and other parts of the Government to identify the 
spectrum that 6G will ultimately need to be rolled out in. And 
it is completely a great idea to start on that as early as 
possible.
    And then the second thing it can do is create a forum to 
work on the siting issues, because we are going to need lots of 
sites to put the towers on in order to ensure a universal 
connectivity with the next generation of wireless.
    Mrs. Fletcher. Well, thank you for that. And that is an 
issue that we have been focused on in my district in Houston, 
where, of course, we have a large effort underway across the 
city to have 5G connectivity and, of course, a lot of the 
infrastructure pieces in place, and so this has been a real 
focus in our community. And I think it is important that, you 
know, we help share some of those--some of those lessons that 
we have learned about how we can facilitate that.
    I want to turn to another question or two with the time I 
have left, but really thinking about these threats that we have 
been talking about today.
    Mr. Johnson, as you noted in your testimony, you know, 
COVID really put a spotlight on the critical role that our 
communications networks play in our lives. We are seeing it 
right now as we continue to be connected here in Congress and 
as people across the country are connected digitally following 
this difficult year. But we also know how important it is that 
we stay vigilant to protect these networks from cyber attacks 
and these unwanted intrusions by adversaries.
    So we talked about this a little bit, but I would love just 
a sort of a summary of how the Government can stay on top of 
these threats and vulnerabilities while at the same time 
ensuring that manufacturers and others can innovate, as several 
people have mentioned today. But, you know, maybe if you could 
address that, Mr. Johnson, and then if there is any time left, 
Mr. Boswell or Brenner, if you wanted to add anything from the 
industry perspective, that would be helpful.
    Mr. Johnson. Great. Thank you, Congresswoman. I will try to 
leave some time for my colleagues here.
    I think the best way for the Government to stay on top of 
these threats is to work in partnership with the companies that 
are addressing these threats every day. The network operators, 
trusted suppliers, other parts of the ecosystem, this is their 
core business. This is what they do. And they have, frankly--
and, you know, the U.S. intelligence services may know some 
foreign adversary intentions in different ways than the 
companies do, but, frankly, the collective expertise and 
resources of the ICT industry has a much better finger on the 
pulse than any other institution. So we need to leverage that 
expertise through partnerships that they can trust.
    Mr. Boswell. Thank you, Mr. Johnson.
    Yes. If I could follow on with that, it is why I get up in 
the morning, right. That is why my whole team goes to work 
every day is to ensure the security of Ericsson Solutions but 
also the networks of our customers, and ultimately that means 
that it is U.S. critical infrastructure.
    And in some of the different groups that you have heard 
mentioned today, whether it is CSRIC or the NSTAC or even some 
of the work that DHS has done across different supply chain 
task force, there are three key things that kind of come up as 
patterns. First is that we must secure the communications 
itself end to end. Secondly, we must ensure the resilience of 
the network. And third, we must protect the integrity of the 
supply chain.
    Those patterns come up again and again, and we worked hand-
in-hand with different government agencies really to put those 
into best practice policies that others can follow with.
    Mr. Doyle. The gentlewoman's time has expired.
    Mrs. Fletcher. Well, thank you so much, Mr. Boswell. My 
time has expired.
    Thank you, Mr. Chairman.
    Mr. Doyle. OK. I see we have no more Members for questions, 
so we are going to close this hearing.
    We want to thank the witnesses for their participation in 
today's hearing.
    I see we have nothing to insert into the record. So I would 
remind Members that, pursuant to committee rules, they have 10 
business days to submit additional questions for the record to 
be answered by the witnesses who have appeared. I would ask 
each witness to respond promptly to any such questions that you 
may receive. So we want to thank all our witnesses for 
attending today.
    And, with that, the committee is adjourned.
    [Whereupon, at 1:22 p.m., the subcommittee was adjourned.]
    [Material submitted for inclusion in the record follows:]
    
    [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]