Lawfare Daily: FCC’s New Submarine Cable Rules with Adam Chan

[Intro]

Adam Chan: So, so what our rule does is we apply kind of the same presumption of denial, same clear and convincing evidence standard for any cable that wants to connect directly from the United States to a foreign adversary country. So that would be, you know, if I wanna land a cable in Virginia and connect it directly to Iran, for example, that would be prohibited.

Justin Sherman: It's the Lawfare Podcast. I'm Justin Sherman, contributing editor at Lawfare and CEO of Global Cyber Strategies with Adam Chan, national Security Council at the Federal Communications Commission, an inaugural director of the FCC’s new Council on National Security.

Adam Chan: I think the idea here really is to kind of incentivize industry to do the right thing where, you know, okay, if you, if you really go all the way and, and sort of do all the kind of national security things, we want to make sure these cables are safe and secure for, from foreign adversaries, then you're gonna have a a, a real streamlined process that's gonna save a lot of costs and, and kind of promote kind of certainty and investment.

Justin Sherman: Today we're talking about the FCC’s new summary cable rules, what role submarine cables play in the internet and in the data and AI era, and how to confront the dynamic national security risks.

[Main Podcast]

So why don't you start by telling us more about yourself, including about your current job. As I noted in the introduction, you are among other things, not only advising the chair of the FCC, the Federal Communications Commission, on a wide range of, of national security issues, but you're also leading a new group within the FCC spearheading work on national security as well. So why don't you introduce yourself a little bit and maybe tell us more about those couple positions?

Adam Chan: Thanks for that. So, I'm Adam, national security lawyer. Probably most relevant prior experience was on the House China Committee, Select Committee on Strategic Competition with the Chinese Communist Party working on sort of a variety of national security issues involving the econ and and tech competition with the CCP, worked on a bunch of sort of legislation and oversight matters there. Did a clerkship with a judge, brief stint in the private sector, that kind of thing.

As for my current job, basically what happened is when Chairman Carr was announced as the FCC Chairman, he asked me to come on board to head up the FCC’s national security portfolio. I saw this as kind of a real sign of sort of his broader prioritization of the national security area as a policy matter, given that he sort of wanted someone for the first time to be a direct report to him, focused exclusively on national security.

As for the new group, you're right. One action we did take early on was to set up his new Council on National Security which is sort of internal to the FCC, but really meant to kind of elevate the FCC’s general national security role, both within the interagency and, and to the broader public.

But it's made up of a bunch of different staff from all the different bureaus and offices within the FCC where it's historically, a lot of these functions have been like more siloed within the agency. And so we see this, it's really helping to, you know, encourage information sharing, build sort of institutional leadership and memory on the national security issues and drive the centralized agenda.

I, I, I think you see this on the submarine cable rule we're talking about today, where a lot of different bureaus and offices helped out, even if the Office of International Affairs sort of took the, the lead there. And, yeah, I, I mean, just a final sort of point I, I, I make that, I, I think, helpful that national security has been such a sort of bipartisan endeavor that you, you know, for all the things I've worked on, that the council's worked on have been very bipartisan that all the different, you know, FCC commissioners, both Democrats and Republicans have supported.

Justin Sherman: That's helpful, ground setting, and we'll, we'll circle back to pieces of that. So, so as you alluded to, we're gonna talk today about the new submarine cable rules out from the FCC, how the FCC is approaching telecom infrastructure and national security issues in an era of not just a lot of AI research and development, but also strategic competition with China and, and, and a dynamic threat space.

But before we get into all of that, start by framing this for us. So what are submarine cables? How many of them are there, you know, in the us we'll say in quotes and in the world, and how do they impact our daily lives and the country?

Adam Chan: Submarine cables have a long history here, but they really have been for a long time and are increasingly so the unsung heroes of global international communication. So the first submarine cable was laid in, I think it's 1866. This was for a telegraph wire that was transatlantic connecting Europe to the United States. Now they're really critical for modern forms of communication. Basically 99% of global high speed internet traffic travels along submarine cables.

So that's, you know, the vast majority of, of modern communication. I, I think it's something like $10 trillion each day in financial transactions are, are routed across submarine cables. So you know, this is, we're, we're really talking sort of all the kind of data that the internet uses traverses these cables underneath the ocean.

I, I, I think they've gotten some more attention recently because of some incidents that, you know, maybe we'll get into later. But, but around the, you know, Baltic or around Taiwan, where certain cables in strategic locations have been, have been cut, which has potential to disrupt communications networks.

As your question, how many? I think there are about 600 cables in service globally with about 90 that connect directly to the United States with which, when you think about it, is actually sort of a tiny number given how important they are to total communication. You know, if, if you think compared with something like terrestrial telecom cables or other major communications networks. There are a lot more than than 90 of those. There are even a lot more than 90 satellites in space.

And, and, and we're seeing, I, I think, sort of relevant to this discussion, the sort of changing commercial landscape within the submarine cable space. Obviously not just vital to sort of ordinary communication or even sort of military communication. Now it's increasingly relevant for AI and the AI data center build out and, and, and that kind of thing.

Traditionally, it was more the major telecommunications companies that were the leading builders and operators and owners of these submarine cables. Now it's really primarily the hyperscalers like Amazon, Google, Meta, Alphabet Microsoft, that are really the leading players in, in laying new cables, and they're really building like crazy to keep up with the, you know, data center boom, because cables are the interconnection from, you know, data center in one country to data center in another country.

I think Meta alone recently announced $10 billion in submarine cable investment. So it's sort of a, a, a booming industry in the sort of AI future.

Justin Sherman: You know, the a, the a AI point is important. I, I'm sort of thinking as you say, it's, it's a smaller number compared to their significance. If this was a webinar, we had video here, I would, I think to your point under, to underscore it, hold up an actual piece of a cable, which of course is about the width of a, a small garden hose, which sort of always gets people, but in any event, so, so that's, that's useful context.

What is then the FCC’s role broadly in regulating submarine cables? And you alluded to some of the recent national security concerns around cables. So related to that, what role does the FCC play in mitigating those kinds of, of risks to this internet infrastructure?

Adam Chan: Right, so. The FCC's role kind of goes back to the Cable Landing License Act of 1921, which shows sort of how long cables have been regulated directly by the government. Cable Landing License Act of 1921 sets out a sort of general public interest review of cables landing directly in the United States.

So basically that connects to the United States and then goes to another point, either from the continental United States to a U.S. territory or you know, Alaska and Hawaii, or you know, between Hawaiian Islands or Hawaii to Alaska or, or something like that? Basically, any, any core, you know, U.S. to Europe, U.S. to Asia, basically any point that's not continental U.S. to continental us, you, you need a license to land in the United States.

In the Cable Landing License Act, it actually gives that authority to the president to review submarine cables. In executive order, I think it was ten five thirty that was in I think 1954. The president delegated. That authority to the FCC. And so since then, basically all cables that connect to the U.S. have been licensed by the FCC, which means also we have the power to condition those licenses on licensees, adopting certain, you know, rules, measures, standards, et cetera.

So that kind of makes the FCC the main licenser and regulator of the submarine cable infrastructure insofar as it connects to the United States. Often these are in consortia of companies that apply for, you know, to build a cable whereby, you know, anyone who owns more than 5% of the cable has to become a licensee and get a license from the FCC.

In in, in terms of evaluating risks, traditionally, the FCC does not itself take a leading role in identifying what specifically the risks are. The FCC relies on a group of national security agencies, colloquially known as Team Telecom which is kind of a junior cousin to CFIUS, if, if, if folks know about that.

It consists of DOJ, DOD, and DHS. It reviews a whole bunch of telecom and, and, and tech licenses for, you know, concerns around mostly foreign ownership, national security and law enforcement threats, that kind of thing. As part of that team, Team Telecom, we give every application for a submarine cable to team telecom to review for national security risks, that kind of thing.

Usually that results in a sort of mitigation or national security agreement between Team Telecom and the licensee, which then the FCC makes a condition upon the grant of a license. So, so yeah, that, that, that's sort of the current state of play as I'm sure we'll discuss Thursday, August 7th, we adopted like a major rule that's sort of the biggest revamp of submarine cable regulation for several decades that, that may sort of change up that process to some extent. But, but that's kind of how we're, we're thinking about things.

Justin Sherman: Let's turn to that rule. And, and CFIUS of course, I'm sure most listeners to this episode know, but CFIUS being the as you referenced the Committee on Foreign Investment in the United States.

So as you just said, there's a new rule from the FCC out a solid I'll note, 207 pages for how the FCC handles the licensing of submarine cables, including as you were describing because of the national security risks that. Are at play. So this rule ranges from updating important regulatory definitions, such as what constitutes a quote unquote submarine cable system to account for technological changes; goes all the way to other kinds of things, such as modifying the submarine cable license application requirements for national security reasons.

So, at a high level, what are some of the major changes in the rule? And what is the reasoning behind some of those changes, perhaps to include some of the recent threats that, that national security threats that have motivated the changes?

Adam Chan: High level, I think the way we're approaching this is through. A document known as NSPM three which is also known as the America First Investment Policy Memorandum.

And, and we sort of try to hue closely to the principles there. Now this NSPM three focus mostly on inbound and outbound investments, such as, as CFIUS like you mentioned, but really starts from the premise that economic security is national security and so therefore like while welcoming new investment from our friends, partners, from from U.S. companies that have good intentions and, and can drive innovation, prosperity, and national security.

There are also some substantial national security threats from foreign adversaries like China at, you know, targeting American technology, going after U.S. critical infrastructure, that kind of thing. So, so, so that's sort of high level theory of what we're doing, a sort of streamlined approach for the good guys with a hard line against foreign adversaries.

I, I think we're kind of motivated by looking at a wide variety of threats to submarine cable infrastructure. I think they're the kind of day-to-day threats. And, and some of this, you know, you've seen in the news with these cuts of submarine cables Justin you alluded to how like small these cables are and, and so how easily they're cut often by accident, by a, you know, dropped anchor or something like that. But you, you know, could be potential for more malicious cable cuts.

I, I think there are cyber and physical security risks. So, you know, hacking into the cables, getting access to all the data and key, you know, strategic communications, including military communications that traverse submarine cables, physical security risks, which include not just like cuts of the submarine cable but perhaps even more vulnerable are the landing stations on land.

Because, you know, rather than sort of dive, you know, two miles under the ocean to cut a cable, you know, if you go to an unguarded landing site, it's pretty easy to either blow it up or stick some equipment on it to get access, et cetera, et cetera.

I think there are other issues around access that, where foreign adversaries can get access to the cable, either through just owning and operating the cable having equipment and services on the cable leasing capacity agreements on the cable. There are concerns around how quickly we can repair, like repair and maintenance ships. So, so, so I think that's sort of a, a survey of the kind of day-to-day risks. There's also more generally like the sort of risks in a crisis, which I think is what really keeps me and, and others up at night.

Like what, what, what happens if we get into a war with a foreign adversary where, you know, submarine cables will be crucial for communicating to our allies, to our military bases overseas to the theater where military operations are happening, and we can't rely on a lot of cables where foreign adversaries have access. What if foreign adversaries start damaging a whole bunch of cables, which could seriously disrupt our, you know, just ability to communicate for basic, you know, the economy of the internet.

Either slowing communication or, or potentially stalling it to, to, to, to crucial. You know, say to, you know, an island that only has one or two cables or in an extreme scenario to, to the U.S. I, I think we have something like two American repair ships, which would take, you know, many years to actually repair all our submarine cables if they were damaged in a, in a sort of simultaneous action.

And, and, and so thinking through some of that is, is particularly concerning. And, and so given how kind of critical the infrastructure is and given the numerous threats from foreign adversaries, we really see it as important to decouple the submarine cable industry from foreign adversaries.

At the same time, we wanna make it as easy and welcoming as possible for investment by the good guys which can, you know, promote U.S. AI leadership and prosperity, even as it also like build resilience against disruption. So I, I guess I kind of brief, very brief, kind of high level overview of what we're actually doing in this rule.

We have a kind of protect and promote side of things. So on the protect side we have restrictions on foreign adversaries being licensees on landing in foreign adversary countries on, you know, certain leasing capacity agreements with foreign adversary entities, on what equipment and services you can use on submarine cables. We have reporting about the landing stations and the detailed physical location reporting.

And then on the promote side, had sort of more generally kind of in line with Chairman Carr’s recently announced Build America agenda, which promotes U.S. infrastructure build out in, in, in these sort of critical sectors were, you know, you know, looking at how, how can we or, or we did in, in, in the rule codify certain definitions and scope of jurisdiction to give certainty. We streamline a lot of the licensing rules and, and reporting requirements in, in this final rule.

And then we have that, you know, we'll probably get into, but a further notice of repose rule making where we tee up a lot of other reforms that can hopefully sort of streamline things for, for the good guys as it were.

Justin Sherman: This is an excellent segue because as you said, certainly for instance, most cable breaks year to year are accidents, but there's also a considerable threat space. And as you noted, how a nation state might act vis-a-vis anything including a cable during relative peace time might be very different in, in something like a war.

So with that in mind part of the new rule is to get at very specifically some of these national security risks you laid out to include requiring applicants for a summarying cable license to make certifications in those applications about their physical security measures and their cyber security measures.

So talk to us about this. What are the, what do these certifications entail? Are companies making them already or not making them adequately already? And what are the potential benefits of these certifications? And are there any risks, for instance, you know, are these self certified? Are they done through auditing and, and you know, how do we ensure these security protections are sufficient for our national security?

Adam Chan: So currently the FCC does not require any certifications with regard to cybersecurity and physical security. So this is a new measure we're implementing right now. Oftentimes in mitigation agreements reach with team telecom entities will have to agree to certain cyber and physical security rules, but that those are often sort of ad hoc conditions agreed to by Team Telecom.

This is the first time that, that we're putting a kind of standard certifications for all applicants going in, in sort of both the initial application and in renewal applications and modification applications modifications. I, I think the way we see it is there is a risk in self-certification only, although.

We do also have a provision where we can request access to the plans at any time. Making sure that you, you know, entities are actually implementing. We also have some pretty big sticks when it comes to submarine cable licensees because we can, at any time if there are violations of the self certifications, issue penalties, engage in enforcement actions up to and including revocation of the license and, you know, potential restrictions on future licenses which is you, you know, obviously sort of what would, would be catastrophic for any of the entities operating submarine tables.

So we're sort of confident in that sense we can make them comply without some of the, you know, more substantial kind of reporting obligations that might, you know, sort of be more burdensome than necessary. I guess the sort of base level certifications when it comes to cybersecurity and physical security, in addition to a lot of the reporting on just like the location of where the cable is, where the landing stations are, that kind of thing.

We also require all applicants to certify that they created and will implement an update cybersecurity and physical security risk management plan and take reasonable measures to protect their systems and services from threats that could, you know, hinder the communication services offered through the submarine cable system.

And so the plan has to, you know, describe reasonable measures they'll take to address cyber risks and like risks that come from logical or physical access. It needs to be, you know, signed off by a senior officer at, at the company that, that holds the license. And, and, and so that's sort of how we're thinking about that. We, we have some more sort of proposed rules in the further notice that we can talk about later, but, but, but that's sort of baseline of, of, of the certifications.

Justin Sherman: Part of the logic, as you mentioned this with with your high level overview and, and the FCC of course gets into this in detail in the rules, is to do two things at once, right?

Make it more difficult for foreign adversaries to exploit elements of the cable supply chain. At the same time, is making it easier for allies and partners to work with U.S. companies on submarine cable projects. So let's take these in turn. When we say foreign adversary here, what countries are we talking about and why does the FCC rule presumptively deny applications from companies perhaps in those foreign adversary countries who were already designated by the FCC as as a potential national security risk?

Adam Chan: So there are two big categories of entities that we're concerned with here that we impose a presumption of denial for granting a license. Where whereby we, you know, in general wouldn't even refer these licenses to Team Telecom. We just, you know, have a presumption of denial. These entities would be entities that are identified on our covered list.

So the FCC maintains a covered list of certain equipment and services that have been found by the executive branch or Congress to pose an unacceptable risk to the national security of the United States. So this includes, for example, telecommunications equipment produced by Huawei. Or, you know, hike vision which makes surveillance cameras and, and so if Huawei or Hikvision or any of their affiliates or subsidiaries tried to get a license, they, they would fall under this category.

The other category that that is most significant is any person owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary, and, and that phrase is, is lifted from a Commerce Department rule. Their ICTS office which was an office set up in the first Trump administration to deal with threats to the information communications telecommunications sector.

And, and so what we're really looking at there is, is, is six foreign adversary countries, so that's China, Russia, Iran, North Korea, Cuba, Venezuela, and then. We're, we're looking at basically any entity owned by, controlled by, or subject to the jurisdiction of those entities.

So it's not just, you know, the government themselves or, or state owned enterprises, but really sort of treating this like it is often said that there are no private companies in countries like China or Russia that these countries like, like, like a sort of western distinction between the government and private companies doesn't really apply when, you know, a country like China will have, you know, numerous laws that require cooperation by nominally private companies with the government that have programs like military civil fusion or that kind of thing where, you know, private companies really are arms of the Chinese Communist Party, so, so the way this will work is. If an entity you, you know, that's owned by, controlled by subject to jurisdiction or direction of a foreign adversary or identified on our covered list comes to get a license, there'll be a presumption of denial which can only be overcome with clear and convincing evidence.

This is the standard laid out in the Uyghur Force Labor Prevention Act actually, which applies that standard to any goods made in Xinjiang China and, and so we sort of take a similar standard here and, and then we have a kind of similar restriction, not, not just on being a licensee, but also entering into certain leasing capacity agreements for submarine cable.

We have a prohibition on doing that with any entity owned by, controlled by subject to the jurisdiction or direction of foreign adversary. Again, if the leasing capacity agreement gives that entity the ability to, you know, install own, manage the actual equipment on the submarine cable. Within the United States because we sort of see, and we see kind of all of those as limiting or, or preventing foreign adversary entities ability to access the submarine cable and, and, and therefore potentially disrupt communication or gain access to the data from a kind of surveillance espionage standpoint.

Justin Sherman: Another related part of the rule limiting foreign adversary reach into the, the U.S. cable supply chain is presumptively precluding applicants from building or adding a landing point. You mentioned this earlier in a foreign adversary country. So how common is this that a U.S. company is involved with a group or, or is solo sort of proposing to have a cable network where there's a connection to both the U.S. and China. And then you mentioned decoupling over time, is the thinking that we should be cutting off more of these direct, or I shouldn't say cutting off, I guess in this context, but not, not shopping an existing one, but limiting the extent of, of cable connectivity to China, and if so, you know, how, how is that impacting risk and what are the, the implications?

Adam Chan: Right. No, it's a, it's a good question. And, and so, so, so what our rule does is we apply kind of the same presumption of denial. Like we are just talking about the same clear and convincing evidence standard for a cable that wants to connect directly from the United States to a foreign adversary country.

So that would be, you know, if I wanna land a cable in. Virginia and connect it directly to Iran, for example, that would be prohibited. You know, California to Hong Kong. Same idea or presumptively prohibited. This probably used to happen more frequently. I think in the last few years, Team Telecom and their reviews have really been pushing back against this.

I think most entities kind of recognize that they're unlikely to get a license if they're connecting directly to say, China. Because like, like because of all the concerns we were talking about where that could give sort of clear access to the cable by a foreign adversary, you know, easy potential for disruption there.

And, and so this is more of a codification of kind of existing practice. I, I think the way we see this also is kind of not just could, you know, on table landing in China, obviously give China sort of access to the, the data or potential to disrupt, but also. You know, on these big sort of trans-specific or trans-Atlantic routes, they're often sort of main cables that then kind of branch off to, to other, you know, connections.

And so maybe, you know, a cable between the U.S. and China, if, if that gets disrupted, that could affect communication to, you know, allies in the region like Korea or Taiwan or, or the Philippines. You, you know, to your point, we, we do have to recognize that, you know, there is a balance here. And so. Arguably this does give us some leverage over foreign countries, just in the same way that they have potential leverage over us.

But ultimately we see the risks as kind of as greater than the benefits we get from these cables. And, and you know, so notably, I think none of the commentators on our, in our rule. Actually push back against this. I think there were a lot of the security requirements that some of the industry players were not fans of.

But, but, but on this one at least I, I think they recognize that the U.S. government's position here is, is reasonable given the concerns.

Justin Sherman: So that's on the protection against threats side. As was mentioned, there's also the part of the rule to make it easier for allies and partners to work with American companies on sub cable projects. So how is the FCC approaching this allies and partners idea in the new rule? And if you wanna elaborate perhaps on some of the thinking behind it.

Adam Chan: Right. So I think this. May, may maybe useful to start, like, a few years ago the FCC was pretty deeply involved, as was the rest of the government in a kind of broader international counter Huawei, counter ZTE push that was both in US networks, but also abroad.

And I think there we recognize that. Like a lot of the actual telecommunications equipment, un unfortunately, there weren't major U.S. players that could compete with companies like Huawei or ZTE, so we really had to rely on Nokia and Ericsson which are Scandinavian companies that still are, are sort of leaders and, and competitors both in, in, in the U.S. and, and and now globally with the Chinese companies.

And, and, and so we adopted this standard, you know, the trusted vendor idea rather than just saying, you know, it must be American, you know, ideally it's American as much as possible built in America but also reliant on allied companies that we can you, you know, our, our potential military allies and don't pose the same risks as some of our adversaries.

And now I, I think we see in, in, in, in this space, in the summary cable space, we're in a much better place than we were in some of the terrestrial equipment sectors. That there are major American leaders in this area. I, I mentioned the hiker. Scalers is the owners and operators. They're also leading American companies that kind of dominate a lot of the actual fiscal infrastructure itself.

Like, you know, Corning makes, makes a lot of the fiber sub comm. Builds the cables, but they're also, you know, critical kinda allies. They're, you know, Japanese companies, for example play a major role in building out the cables. I think one, one place where. Allies and partners actually play a pretty critical role is, as I mentioned in the kind of ship repair and maintenance side of things where, where the U.S. really isn't a significant player and China's is, is perhaps the leading player as they are in shipbuilding more generally.

But, but luckily the sort of number two and three players in, in, in shipbuilding are, are Japan and Korea, which are two. You know, U.S. treaty allies and, and so I think, you know, in order to have a thriving cable ecosystem, we need, at least for the foreseeable future to rely on trusted vendors, which could include these Japanese and Korean counterparts.

And so in, in this rule, we start, we, we have in the rule we adopted yesterday an absolute prohibition on using, you know, equipment on our covered list or services on our covered list. For submarine cable licensees for their summarying cables. But then we have, in the further notice, we propose to go substantially further and basically say you can't use equipment or services produced or supplied by any entity owned by, controlled by, or subject to the jurisdiction or direction of a foreign adversary, which to your point really would be a sort of total supply chain decoupling there. And again while we would want sort of, as much as possible to be American having sort of close allies as partners especially for, you know, what is a sort of necessarily international industry like the submarine cable industry.

I, I, I think that's, that that's important to ensure there's sort of no supply chain disruptions there.

Justin Sherman: I appreciate the clarification on the decoupling point. I am gonna just editorialize for a minute here and say I completely agree with you, especially on the ship point. 'cause it just is not sufficient that we have a country that's digitally connected and lacks such, have such, you know, little independent ability to repair infrastructure that keeps that all going.

Adam Chan: No, exactly. And, and I mean, I think I, I, I think therefore we're sort of seeing a lot of, I mean, for those who are interested in ship building, I mean, I think we're seeing things one on the sort of naval ship building, but also USTR has been pushing and, and Department of Transportation DHS have all been pushing Congress is, is interested.

I know there's a bipartisan, I think ships for America there. There're various. Builds on this. I think everyone kind of recognizes that like us shipbuilding is, is such a critical like in industry for, you know, both the economy and, and, and military wise, that it is, it is pretty essential and I, I think the Japanese and Koreans will be probably key partners to, to, to, to that effort. Certainly.

Justin Sherman: Yeah. Let's, so now let's look ahead, as you referenced earlier, the FCC in addition to the, the lengthy rule that has just been published is also pursuing future rulemaking. One of those components to, to talk a little bit more about as we love here at Lawfare, the, the wonky process of it is that the upcoming rules propose potentially excluding some summary cable applications from National Security Review if the executive branch does not meet certain standards of streamlining that review process.

So, so talk to us a little bit more about this. Are there ways from your perspective if you had to give, you know, one or two top priority ones that how we could, you know, streamline the review process right now and why is that important? That we have a process that's, that's streamlined when we're dealing with really complex risks.

Adam Chan: Yeah, so this is this kind of super interesting, especially for the kind of legal nerds that work in the foreign investment review, kind of CFIUS team, telecom, that kind of space. I, I, I, I think we see it an important piece of the puzzle and very much in line with the NSPM three document I mentioned earlier.

This numeric first investment policy memo that talks about kind of streamlining the investment from, from you, you know, certain American or ally companies. There's definitely the piece of our rulemaking effort that I think the industry is most excited about. The basic idea is kind of like we talked about earlier.

We have these sort of presumptive blacklist for the bad guys. We, we'll also have a presumptive whitelist for the good guys. And so we, we kind of almost or are, are proposing to adopt a kind of frequent flyer program. Whereby for an entity that already has gone through a team telecom review at least once that has operated a you, you know, at least one submarine cable license without major issue.

That they would effectively, rather than go through Team Telecom review each time they wanna build able a new cable, which is, you know, often a long process industry definitely does not like, enjoy the team telecom process. You know, you know, they have to do a lot of reporting, negotiate a mitigation agreement, that kind of thing.

That we would basically have a presumption of grant for those cables where they wouldn't be referred to Team Telecom, where they would just be granted. I think the sort of paradigmatic example of this is, is perhaps, you know, a couple of hyperscalers that, that are building just a lot of cables and have real incentives to meet kind of high standards.

And so the idea here is, is we wouldn't be sort of weakening the national security rules. We'd, in fact, if anyone wants to take advantage of this kind of frequent flyer program. They would have to certify upfront to a, a very high level of national security standards. We, we see, comment on exactly what that should be.

And likely there will be a lot of comments from industry saying they should be lower and, and maybe some national security experts saying higher. But the basic idea is that even more than some of the baseline requirements we talked about earlier, but a, a sort of even greater. Kind of limiting a foreign adversary involvement, whether that's investment or, or board seats a sort of greater kind of physical security and cybersecurity rules, that kind of thing.

But if they, if they agreed all that, then they get this really big carrot. And so I think the idea here really is to kind of incentivize industry to do the right thing where, you know, okay, if you, if you really go all the way and, and sort of do all the kind of national security things. We want to make sure these cables are safe and secure from, from foreign adversaries.

Then you're gonna have a, a, a real streamlined process that's gonna save a lot of costs and, and, and kind of promote kind of certainty and investment and, and that kind of thing.

Justin Sherman: So, stepping back further as has now come up, you know, many, many times on this episode, the U.S. faces a range of risks too.

The telecom supply chain, they really are not going away. And obviously submarine cables and especially adversaries like Beijing are part of the threat picture as you've, as you've said many times now. So how do you see the national security risk space evolving vis-a-vis our telecom and submarine cable networks and where are places where the FCC can act or can even do more to mitigate these complex risks in the coming years?

Adam Chan: I, I think these risks will only grow over the near term as submarine cables are ever more critical, and as AI becomes ever more critical to the U.S. and, and global economy, to national security, et cetera. Additionally, you, you know, we see often there kind of tenuous connections to certain of our Asian allies to many of the Pacific Island states, to Taiwan, that kind of thing.

And so I, I think we see these risks as growing, at least in the near term, especially as tensions, you know, potentially, potentially are high with, with certain countries. But over time I, I think. We, we have a real opportunity to substantially reduce the risks by building in resiliency within the cable system overall that, you know, you know, the more cables that are built that we can say confidently are secure, the safer we are. Because the harder it is to disrupt cables if they're, you know, if one gets damaged or two get damaged or three get damaged, you know, if they're 10 backups that, that, that, that's not as as significant threat, obviously in the kind of telecom sector more generally, there are a range of risks as, as you mentioned.

I think we see summary cable infrastructure as particularly critical node in the sort of telecom sector more generally. But there are other critical sectors. I mean obviously you, you know, we're also thinking about kind of new forms of communication. Like, you know, you know, space industry is a big one with obvious national security implications to it.

Additionally, the FCC regulates devices that emit radio frequency which is most every tech device and their potential, you know, supply chain and cyber vulnerabilities there. I I, I think one that definitely keeps me up at night is, is, is drones. We've seen. In the sort of military applications of of, of even small commercial drones in say, Ukraine or, or the Middle East that you, you know, most of the drones in the United States are, are produced by, you know, a Chinese military company called DJI.

Like, like obviously that poses some substantial, substantial risks that we're sort of concerned with. But I think in the submarine cable space, at at least we're hopeful this is a good kind of step in the right direction to make things more secure.

Justin Sherman: Lastly, but certainly not least a lot of what we're discussing today pertains to how the U.S. government designs and implements and enforces regulations.

On the private sector to protect national security, as with both the cable rules that just came out as well as the upcoming ones you were talking about. So how do you see the future of U.S. government engagement with companies about these issues evolving? And how is the FCC currently thinking about all those trade offs around engaging with industry or the public on issues that.

Are important and impactful, and as we've said, have, you know, transparency and other considerations yet also deal with really complex, you know, plenty of times secretive you know, fast moving national security threats.

Adam Chan: No, I, I, I think this is, this is really a great question and, and I think Chairman Carr really see this sort of public engagement as kind of critical in our role and, and in the sort of this new council on national security that the FCC has set up. I, I think traditionally a lot of the national security agencies, be it DOD or the intelligence community, or the FBI or Department of Justice.

That do a lot of great work in the national security space. Like o obviously industry is just gonna be a lot more e either industry can't engage at all for the most part, like the intelligence community or are gonna be a lot more cautious with certain entities than they would with the FCC, which is more of a traditional economic regulator.

And so that allows us, I think. A real opportunity to interface with industry. I think in this, in this rulemaking, you know, I had a lot of meetings with, with my various industry groups, coalitions, companies, industry, filed a lot of comments in our record. I'm sure they're gonna file a lot of comments in our record for the further notice of proposed rulemaking especially on this frequent flyer program, we.

We discussed. I think ultimately we see like American industry is obviously critical to like innovation to infrastructure building in the United States and, and like their success is ultimately critical to America's success and the broader strategic competition. That said, I, I think we also need industry to do more on the national security front especially in like critical industries.

Technology, telecom that we really need to see them like rise to the challenge when it comes to foreign adversaries like China, you know, mitigate their risk exposure, ultimately decouple. I, I think we're starting with the submarine cable sector to maybe help bend the curve in that direction such that, you know, industry has substantial carrots and sticks to adopt national security when it comes to foreign adversaries.

And, you know, if we can incentivize them to, you know, adopt good standards, y you know, and provide kind of clear rules, clear guidelines of kinda what something like this would be. And if they do it, then they would really have the support from us and, and from the government to, you know, innovate, build and, and support, you know, a growing American economy and strengthening U.S. national security

Justin Sherman: That's all the time we have. Adam, thanks very much for joining us.

Adam Chan: Thanks so much for having me, Justin.

Justin Sherman: The Lawfare Podcast is produced in cooperation with the Brookings Institution. You can get ad-free versions of this and other Lawfare podcasts by becoming a Lawfare material supporter at our website, lawfaremedia.org/support. You'll also get access to special events and other content available only to our supporters.

Please rate and review us wherever you get your podcasts. Look out for our other podcasts, including Rational Security, Allies, the Aftermath, and Escalation, our latest Lawfare Presents podcast series about the war in Ukraine. Check out our written work at lawfaremedia.org. The podcast is edited by Goat Rodeo. The theme song is from Alibi Music. As always, thanks for listening.