Common Defense Quarterly | The Journal for International Defense Cooperation

Telecom as a Strategic Industry: Building a Framework

By Samuel S. Visner and Mark Lees

Tower

To what extent does the ownership and management of a nation’s information infrastructure represent a question of national security? This question is all the more important because of recent changes in the models by which IT infrastructures are currently deployed, owned, and used. In general, we use the term “protected industry” to refer to an industry or economic segment protected from external competition or influences (e.g., ownership likely to export production and jobs). Barriers to importation are raised to protect domestic industry from foreign competition, while foreign investment and ownership are blocked or restricted in some instances, both to protect domestic production and to preserve the economic benefits associated with a specific industry for domestic players.

National security interests may also drive perceptions of whether an industry must be “protected,” even as changes in functional and economic models challenge the mechanisms available to provide this protection. A case in point was the 2006 debate over ownership of U.S. ports by Dubai Ports World, which gave rise to heated, though not necessarily well-thought-out discussion regarding whether or not port services represent a “protected industry.” At the time, the Nuclear Threat Initiative (NTI) pointed out that “the U.S. does not have sufficient knowledge to perform a risk assessment on foreign operators already operating at U.S. ports.” Dubai Ports further assured the U.S. that it would comply with the government’s Container Security Initiative and employ “to the extent possible” a U.S. management structure. Nevertheless, the company ultimately ended its bid for U.S. port ownership -- not because of a regulatory outcome, but because U.S. public opinion and political rhetoric around the issue became too highly charged.

Protecting Telecom: The Historical Context

Underpinning all IT infrastructures is telecommunications, which provides the interconnectivity that enables IT to contribute so much to the economy and society. The question therefore arises: How do telecommunications technologies and policies drive international relations, economic development and investment, as well as national security considerations?

This is not a new question. AT&T was implicitly protected by the federal government beginning with the Kingsbury Commitment¹ in 1913. During World War I, this protection became explicit, with AT&T’s nationalization from June 1918 to July 1919, and was formalized in 1934, when the company became a regulated monopoly under the jurisdiction of the Federal Communications Commission. This protected state stayed in place until the dismantling of the Bell system in 1982.

This historical pattern is not unique to the U.S. The United Kingdom maintained its far-flung, pre-1945 empire in part through the extensive use of telecommunications. When its private providers ran into economic trouble, either through macro-economic factors or the introduction of new technologies, the British government engineered solutions that maintained the strategic viability of its global networks. A case in point is the creation in 1934 of Cable & Wireless from a combination of the Great Eastern Telegraph Company and Marconi’s Wireless Telegraph Company.

Historically, the U.S. has protected its telecommunications providers as a national security asset. With its emergence as a Great Power during and after World War I, the United States recognized the strategic importance of a national telecommunications infrastructure, especially in the gathering of intelligence. This led to the creation of a peacetime intelligence operation², later termed the “Black Chamber,” that was the forerunner of the NSA. The Wilson administration was so concerned that American firms were collaborating with foreign powers, mainly British, that they used a warship to block the landing of a cable at Miami. World War I marked the official recognition of the commercial and strategic importance of cable and radio communications, to a great extent setting the foundation for America’s economic, political, and military pre-eminence today. As Allan Winkler notes, prior to 1914, the United States’ prerogatives were inhibited due to its lack of control of its own telecommunications infrastructure.

Where We Stand Today

The evolution of the public communication infrastructure in recent years, however, has complicated considerably the situation faced by policymakers and program managers concerned with the national security connection between the government and the telecommunication industry. Recent developments have not only changed the way governments can communicate and control information, they have also changed the expectations of those who are governed. The 24-hour news cycle and the up-to-the-minute information it delivers are now taken for granted, but both are dependent on modern telecommunications. In 1984, it took weeks before the general public became aware of the famine in Ethiopia as well as its impact and spread. In contrast, knowledge of recent earthquakes in Haiti and Chile, and the associated responses by the international community, took mere hours to spread worldwide. As a result of this dramatic shift, the populace now expects to be fully and instantaneously informed.

Business, too, expects access to open telecommunications networks. As Locke, Levine, Searls and Weinberger point out in “The Cluetrain Manifesto,”³ “Through the Internet, people are discovering and inventing new ways to share relevant knowledge with blinding speed. As a direct result, markets are getting smarter -- and getting smarter faster than most companies.” America and other developed economies are all open and influenced by their interdependence with each other, as has become apparent quite clearly over the past 18 months. Ironically, it was national security considerations and the risk inherent in the “hub and spoke” network model of the public switched telecommunication network (PSTN) that led DARPA to create what has become the Internet as a means to maintain military and emergency communications in the event of a nuclear attack.

These expectations have been accelerated with the widespread adoption of cellular phones. Business people expect to be mobile and constantly in touch. Families expect to be able to contact loved ones in the event of natural or man-made disasters or emergencies. In fact, the increasing adoption of mobile phones provides an opportunity to communicate instantly with the general population that was not available in previous generations. As a result, there is a case to be made for augmenting the Emergency Alert System, which was designed to enable the president of the United States to speak to the country within 10 minutes, with cell-phone texts.

The Internet Protocol Challenge

Since the 1960s, the U.S. government has made extensive provisions for the availability of communication during times of national and natural emergency. These programs, provided through the National Communications Services (NCS), ensure that the public communication infrastructure can support vital government functions during an emergency -- even one that damages the infrastructure itself. Programs such as the Government Emergency Telecommunications Service⁴ (GETS) enhance the ability of the public switched telecommunication network to ensure that the phone calls of key government officials navigate whatever connectivity remains during an emergency. During an emergency, the Wireless Priority System⁵ (WPS) provides key government officials -- and potentially others, including key private industry executives -- priority access to networks that may be congested during, and damaged by, an emergency.

The evolution of these programs alone is illustrative of the issues that challenge national security policymakers. During the Cold War -- and prior to the break-up of AT&T with the 1982 Modification of Final Judgment, or MFJ -- the government could deal principally with a single telecommunication carrier, since AT&T and its local affiliates owned the bulk of the telecommunication infrastructure of the United States. AT&T operated as a regulated monopoly, a status that relied on two principles: that the economic structure of the telecommunication market represented a natural monopoly, and that AT&T would exert itself strenuously to provide universal access, thus empowering the U.S. economy. This market structure also provided the U.S. government with a straightforward relationship by which priority telecommunication service could be obtained during an emergency, extending even to pre-emption of use of parts of the PSTN.

The 1982 MFJ considerably complicated the situation faced by the government in gaining emergency access to the domestic PSTN. Rather than dealing with a single carrier and its more or less captive affiliates, the government was compelled to deal with several long-distance, or InterExchange Carriers (IECs), as well as the Regional Bell Operating Companies (RBOCs), each a spinoff of AT&T. As a result, the NCS needed to build relationships with all significant carriers and ensure that hardware and software enhancement to the PSTN were supported by the full range of IECs and RBOCs. As the wireless market has evolved, the government has needed to further establish cooperative relationships with the nation’s various wireless carriers.

In both domains, the government pays for software enhancements to the public network, while users -- generally government officials -- pay monthly and incremental tariffs to use the GETS and WPS capabilities. Nonetheless, the structure of the PSTN remained more or less unchanged, at least in terms of voice communication. As long as acceptable models could be found to embed emergency communication enhancements into the PSTN and wireless networks, and acceptable business models put in place to handle the costs of these enhancements, emergency communications could proceed smoothly.

The rise of the Internet: a “convergence” context . . .

Now, the rise of the Internet and the increasingly universal use of the Internet Protocol (IP) means that voice, video, data, and media are treated in a “convergence” context: All are served by Internet Service Providers (ISPs), some of which are related only tangentially to the IECs and RBOCs with which the government has made the bulk of its emergency communication arrangements. Today, the U.S. government and, presumably, governments of other countries need to develop functional and economic models to ensure that the bandwidth and routers deployed by ISPs, as well as companies providing Voice over Internet Protocol (VoIP) services, can support emergency communication. Among other things, this means ensuring that various Internet infrastructure segments on which the government would depend are sufficiently robust and diverse as to provide emergency communications. And while in the past, one or a few telecommunication carriers could be treated as a , de facto protected industry, the wide range of today’s ISPs, as well as the hardware and software they deploy, challenge any traditional conception of a protected industry.

It should also be noted that the rise of telecommunication competition in the United States and the resulting increase in the number of carriers has been mirrored worldwide. The global rise in telecommunication competition has also witnessed the investment of U.S. firms in the infrastructures of other nations, even as U.S. firms continue to predominate in the ownership of the U.S. infrastructure. However, some foreign carriers, such as Vodafone, which owns a substantial portion of Verizon Wireless, have made investments in the U.S., setting a precedent for foreign ownership -- a phenomenon that may grow in the absence of firm policy guidelines.

Cybersecurity: Raising the Stakes

The rise of the issue of cybersecurity as a question to which government administrations must pay attention has likely raised the stakes regarding the extent to which telecommunications can and should be considered a protected industry. In 2008, the White House developed a Comprehensive National Cybersecurity Initiative (CNCI), a declassified version of which⁶ lays out a series of initiatives to secure the information infrastructure on which the U.S. depends from a wide range of cyberthreats -- including foreign states, terrorists, hackers, vandals, and criminals.

Illustrating the emphasis given to cybersecurity by the current administration, and reflecting the importance of cybersecurity to both national security and the nation’s economic prospects, the president has recently appointed a White House Cybersecurity Coordinator, who reports to the president’s National Security Adviser while also supporting the National Economic Council, led by the president’s Chief Economic Adviser.

Despite the importance of cybersecurity, CNCI is largely silent on the question of the ownership of the U.S. information infrastructure or whether that infrastructure represents a protected industry. There are at least two possible reasons for this apparent oversight, and both are likely true to some extent.

First, the difficulty of disaggregating the U.S. information infrastructure from that of the rest of the world makes any strict concept of infrastructure ownership challenging, at the very least. While the bulk of the Internet continues to flow through the United States, the ubiquitous nature of the Internet and its associated infrastructure means that IP data routed offshore is likely to grow. Underscoring the challenge, Europe and other parts of the world have occasionally accused the United States of trying to “dominate” the Internet. The 1998 creation of ICANN⁷ to oversee a number of Internet-related tasks previously performed directly on behalf of the U.S. government is one result of this concern.

Second, while the CNCI lays out a number of specific initiatives related to cybersecurity, it does so in the absence of a clear, visible definition of U.S. interests both in cyberspace and in the application of cybersecurity, as well as policies intended to pursue those interests, or even a process capable of building and refining these policies over time. In other words, the new White House Cybersecurity Coordinator, billed as “owning policy,” has a tall order on his hands if he is to help put in place policies that support the U.S. national interest in cyberspace.

While cybersecurity and questions relating to governance and security of the Internet have been seen principally through the lens of national security, the private sector is now finding its own voice and is working to promote cybersecurity for reasons of its own. Companies such as Google, which is interested in promoting its own “cloud” and other information services, see cybersecurity as competitive discriminators in their contests with other companies, and are likely to view cybersecurity as market “table stakes.” Google’s recent moves in China⁸, intended to protect it from alleged Chinese government penetration of Gmail accounts, are also likely to enhance the company’s competitive position, flagging it as a company that takes the cybersecurity of its offerings and clients seriously.

Not surprisingly, the private sector is now demanding more government support for effective cybersecurity, and governments are starting to respond. In response to the Google incident, U.S. Secretary of State Hilary Clinton noted in late January 2010 that the U.S. is working to address the cybersecurity challenge multilaterally to “put cyber-security on the world’s agenda.”

What to Do Now

The issue of the “protected status” of the telecommunications industry has been debated for nearly a century. The developments of Internet and wireless-based services have only complicated that debate. The absence of a conception of national interest in cyberspace makes it more difficult to address questions such as whether or not telecommunications should be a protected industry, even as the distributed nature and boundless environment of the global information infrastructure may make such a discussion moot. Adding a layer of complexity is the consumerization of IT through the exponentially increasing innovation in new devices that connect to the network. Even if a government was able to impose controls and restrictions on the network, every smart device that connects to it presents a potential risk. Indeed, the only compelling approach currently available is to ensure specialized government access to those portions of the global information infrastructure necessary for law enforcement, emergency communications, or other national security needs. It can certainly be argued that this access is easier to gain via companies with domestic ownership.

While the recreation of a natural protected monopoly would certainly create more harm than good, historic parallels provide a model to inform today’s policymakers. Nearly a century ago, Great Britain literally “hacked” Germany’s undersea cables⁹ by chopping them with hatchets. Today, the solutions we need are not so simple. Policymakers need to think in terms of the boundless cyberworld, and include some measure of security protection for those industries at the heart of our economic, political, and defense environments. They also need to consider collective, multilateral approaches to protecting those telecommunication infrastructures on which the U.S. and its allies and partners depend.

How can we move in this direction? How can we go beyond intuition to determine if telecommunications should be a protected industry in the context of national security, doing so in a manner that reflects the boundless nature of the environment in which our telecommunication infrastructure exists? To answer that question, we as a country must develop a clear conception of our nation’s interests in cyberspace. This is something our allies and partners must do as well, hopefully in concert with us and with each other.

Understanding and stating that interest more explicitly can guide our policies, and can provide structure and consistency to our decisions.

Foreign ownership of a domestic infrastructure is neither intrinsically good nor bad. Instead, the extent to which that ownership jeopardizes our interests should be the test of the extent to which an infrastructure should be treated as a protected industry in the context of national security. At the same time, such judgments of national interest need to be made alongside sound technical judgments. The migration of switched networks to those involving IP traffic means that we need to understand ownership from the perspective of how the devices that process and route such traffic are designed and built.

Who will lead this process, which combines an understanding of the national interest, sound technical judgments, and policy? This is a task the president’s cybersecurity coordinator, or others, may be asked to undertake. Regardless of whether or not this effort is engaged, the market forces shaping the structure and ownership of the global information infrastructure, as well as those of our nation and its allies, and partners, will remain fast-paced and inexorable. For policymakers, catching up will be hard, and harder still the longer they wait to begin this necessary work.

Samuel S. Visner is vice president for strategy and business development at CSC, is also in charge of CSC’s cybersecurity strategy, and is an adjunct professor of science and technology in international affairs at Georgetown University’s Edmund A. Walsh School of Foreign Service. He served previously as chief of signals intelligence programs at the National Security Agency.

Mark Lees is director of Marketing for Managed Services at CSC. He served previously as a senior manager at Cable & Wireless.

The views and opinions expressed are those of the authors and do not reflect those of NSA/CSS.

Note: This article was originally published on World Politics Review (www.worldpoliticsreview.com) on April 6, 2010.

References