Page:2020-06-09 PSI Staff Report - Threats to U.S. Communications Networks.pdf/49

From Wikisource
Jump to navigation Jump to search
This page has been proofread, but needs to be validated.

with the specific terms of the security agreement.[1] Team Telecom officials, however, recognized the limited enforcement mechanism this provides.[2] Although security agreements have become more robust over time, older agreements contained few provisions, were broad in scope, and provided little for Team Telecom to verify.[3] Another reason that monitoring agreements proved difficult is that Team Telecom had to rely heavily on the carrier's forthrightness:

Although [Team Telecom] . . . monitors [a company's] compliance with [its security] agreements on an ongoing basis, [Team Telecom] can never have full visibility into all of a company's activities. Therefore, [Team Telecom] necessarily relies on the other party to adhere rigorously and scrupulously to [security] agreement provisions and to self-report any problems or issues of non-compliance.[4]

Team Telecom retained oversight authority through the security agreements; however, its exercise of that authority was sporadic.[5] Team Telecom did not establish a process by which to ensure compliance with security agreements until 2010 or 2011, even though it entered into agreements years prior.[6] Team Telecom developed no formal protocol, policy, or guidance document detailing how it monitored compliance with security agreements.[7] Team Telecom officials stated it relied heavily on written correspondence and requests for information from the foreign carriers.[8] Team Telecom provided no evidence or explanation demonstrating how it evaluated written representations for accuracy.

Team Telecom also conducted site visits to the carriers' U.S.-based facilities. It used these visits to physically visit domestic sites, look for violations of a security agreement, and speak to employees.[9] As with written correspondence, the frequency of site visits varied.[10] Further, even if Team Telecom identified violations of the security agreement or issues to suggest the security agreement was inadequate, Team Telecom did not have strong enforcement mechanisms.[11] It


  1. Id.
  2. Briefing with the Dep't of Homeland Sec. (Feb. 7, 2020).
  3. Id.
  4. Executive Branch Recommendation re China Mobile USA, supra note 56, at 16.
  5. Although never formally documenting its compliance monitoring procedures, the Department of Justice noted that it has always dedicated personnel to compliance monitoring. Historical knowledge about these compliance efforts, however, has been "weakened" due to employee attrition. See Email from the Dep't of Justice to the Subcommittee (June 3, 2020) (on file with the Subcommittee).
  6. Briefing with the Dep't of Homeland Sec. (Feb. 7, 2020). Around 2010, the Department of Homeland Security created an internal interagency system of record to track Team Telecom compliance deliverables, which is still used today. Id.
  7. Briefing with the Dep't of Justice (Aug. 1, 2019).
  8. Id.
  9. Briefing with the Dep't of Homeland Sec. (Feb. 7, 2020).
  10. Briefing with the Dep't of Justice (Aug. 1, 2019).
  11. Briefing with the Dep't of Homeland Sec. (Feb. 7, 2020).

45