The News: The U.S. government is once again sounding alarms about the potential for Chinese cellular modules to track and potentially control devices on the Internet of Things (IoT). Read the full article here.
U.S. Increasingly Focused on China’s Potential to Infiltrate Connected Devices
Analyst Take: Earlier this month, members of the House Select Committee on the Strategic Competition asked FCC Chairwoman Jessica Rosenworcel for information about the potential threat of cellular modules made by Chinese companies Quecetel and Fibocom to track and infiltrate U.S. intelligence via connected devices on the IoT. Alarmingly, China’s sweeping national security laws mandates its technology firms share any data they have anywhere in the world if requested by the country’s intelligence service. The issue came to a head when it was found that Chinese-made components in devices certified for use on federally managed public safety networks were designed to send information back to Chinese servers. Other concerns were raised for farm equipment, vehicles, and other medical equipment. According to reports, engineers associated with the project were not clear how effective their security measures were in preventing the potential issues—a clear national security risk.
How these Devices Pose a Security Risk
For IoT devices to usefully connect to the Internet, they need to have cellular modules. The national security implications are immense as there were 202 million cellular IoT connections in the US in 2022 and are projected to increase to 450 million over the ensuing five years (according to IoT Analytics). What’s concerning is that the cellular modules are typically controlled remotely, sending or receiving specific data requests without the host knowing. This includes in-band communications on traditional cellular networks as well as out-of-band communications using unlicensed spectrum for back-channel interactions. Members of Congress raised concerns because the Chinese companies could access sensitive data, control the devices, or even shut them down. With potentially millions of devices utilizing Chinese-made technology, the data could be a treasure trove of information on US citizens or even the government. Or going a step further, if Chinese-made modules are being used in critical infrastructure like energy pipelines, power grids, water systems, or emergency communication systems, we could be destabilized quickly — and potentially with lasting impacts.
The FCC is Acting – But is it Enough?
This month the FCC issued a Notice of Proposed Rulemaking to create a labeling program for IoT devices in accordance with National Institute of Standards and Technology (NIST) standards. The program would be voluntary for manufacturers but would provide information to consumers to help them understand which products are safer. With a voluntary program, there is no incentive for a company to disclose its use of Chinese technologies nor are incentives enacted to dissuade use in the first place — both of which would call into question the efficacy of the program.
So, is it enough? Congress doesn’t think so. Members of the House Select Committee are urging the FCC to take additional measures like what it did to keep Huawei out of 5G infrastructure. Currently there is no indication that the FCC will follow through with that course of action, but it would not be surprising if more information about what potential devices the Chinese could access comes to light. The FCC needs to more directly address the national security concerns of Congress and consider developing a program that requires manufacturers to provide supply sourcing information for IoT devices to users as well as disincentivize the use of China-originated components across the supply chain.
Disclosure: The Futurum Group is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of The Futurum Group as a whole.
Other insights from The Futurum Group:
The U.S. Hints at Tighter Restrictions on China, but Not Without Pushback
China Plays Offense with Precious Metals
Author Information
Daniel is the CEO of The Futurum Group. Living his life at the intersection of people and technology, Daniel works with the world’s largest technology brands exploring Digital Transformation and how it is influencing the enterprise.
From the leading edge of AI to global technology policy, Daniel makes the connections between business, people and tech that are required for companies to benefit most from their technology investments. Daniel is a top 5 globally ranked industry analyst and his ideas are regularly cited or shared in television appearances by CNBC, Bloomberg, Wall Street Journal and hundreds of other sites around the world.
A 7x Best-Selling Author including his most recent book “Human/Machine.” Daniel is also a Forbes and MarketWatch (Dow Jones) contributor.
An MBA and Former Graduate Adjunct Faculty, Daniel is an Austin Texas transplant after 40 years in Chicago. His speaking takes him around the world each year as he shares his vision of the role technology will play in our future.