in

Optus wants clarification in TSSR regime after having significant effect from it

Image: Asha Barbaschow/ZDNet

Optus is looking for a cleaner delineation on when it needs to send a notice under Australia’s Telecommunications Sector Security Reforms (TSSR) after noting it accounted for half the notices sent so far under the regime.

Under the TSSR, carriers need to “do their best” to protect their networks from unauthorised access or interference for the purpose of security, with carriers to notify the government of any changes to their services, systems, or equipment that could have a “material adverse effect” on their ability to comply with this duty.

In a submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) which is reviewing the TSSR, Optus noted that over the two-year period to June 30, the Critical Infrastructure Centre received 66 notifications in total, which meant it completed half the notices.

“Optus has reviewed the TSSR status of well over 150 projects and proposed changes over the last two years and submitted formal TSSR notifications for 36 of them,” it said.

“The time for the resolution of these notifications has varied between 30 days to eight months.”

The telco said this meant the regime was not operating as intended due to telcos each coming up with their own notification thresholds and interpretations. Consequently, the TSSR is simultaneously at risk of under-notification and over-notification.

“This uncertainty means that it is highly unlikely that providers are implementing the rules in the same way within their organisations, creating an unequal playing field for providers,” it said.

“Due to the confidential nature of the TSSR notifications, it is difficult for providers to engage in detailed industry discussions on this topic to ensure a consistent application of the rules.

“If the TSSR notification provisions are retained, Optus recommends that a clearer notification threshold be developed and adopted to remove ambiguity, limit compliance risk, and create an easy ‘bright line’ to guide decision-making for providers.”

Optus said the TSSR has created “substantial uncertainty and regulatory risk” for its investments over the past two years, as well as cost added time, cost, and complexity. This is despite the telco shifting the time of notification to different times during the lifecycle of projects and, instead of resolving the risks, merely exchanging different types of risk.

“It is unclear if security outcomes have been improved commensurately,” the telco said.

The telco added that with the government introducing its recent critical infrastructure Bill — new legislation that introduces a positive security obligation, cybersecurity requirements such as mandatory incident reporting and vulnerability testing on operators of critical infrastructure — which could have possible overlap with TSSR obligations, it has asked for companies deemed to run critical telco infrastructure operators to be exempt from TSSR notifications.

The main result of the TSSR thus far has been the banning of Huawei from 5G deployments in Australia. It was a decision that Optus said changed its market position, investment strategy, customer outcomes, and network design and capability.

“Decisions made by government and the Critical Infrastructure Centre under the regime have had a significant effect on Optus,” it said.

Also providing a submission to the PJCIS was the subject of the ban, Huawei, which repeated many of the arguments the vendor has previously made.

“The politicisation of the TSSR legislation has isolated Australia from the world’s best technology and innovation, it will delay the rollout of future networks and curb competition forcing price hikes of 20-40% for operators and Australian consumers,” Huawei said.

“This extra 5G deployment cost has already been confirmed by comments from executives at TPG, Vodafone and Optus.

“One Australian carrier has advised Huawei it now costs 50% more to build out a mobile base station site, forcing them to scale back their 5G targets.”

Much of the submission questioned why Huawei was banned due to being a Chinese vendor, while Ericsson and Nokia were left untouched despite having manufacturing capacity in the Middle Kingdom.

“If the ‘risk’ is China, then how is it that Ericsson and Nokia can still manufacture, compile software, and work in partnership with the Chinese government for building 5G technology and then deliver those products into the Australian 5G networks with no independent testing?” it said.

“In fact the TSSR legislation permits Telstra and Optus to install 5G equipment made in China by the Ericsson/Panda Electronics joint venture, while the US Department of Defense has listed Panda Electronics as a company that is either owned by or controlled by the People’s Liberation Army.”

Huawei said the Australian government either did not know its competitors were manufacturing in China, or it did not believe they were subject to requests from Beijing, even though the communist government ran the factories.

“Nokia co-owns its Chinese subsidiary, Nokia Shanghai Bell, together with a Chinese state-owned enterprise, China Huaxin, which holds just over 49% of the venture and has the right to nominate its CEO,” Huawei said.

“From 2002 to 2017, the unit’s chairman also acted as the Secretary of the Chinese Communist Party committee within the company (every company of a certain size that does business in China is required to have a Party committee).”

Huawei did not mention its own party committee secretary.

The company also said the Australian ban on it has led to 900 direct job losses, over 1500 subcontractor job losses, and the forgoing of AU$100 million in research.

Elsewhere on Wednesday, China continued to crackdown on Australian trade, this time increasing bans on local timber and meat. Beijing previously clamped down on Australian wine by spiking tariffs and putting import bans on lobsters.

On Tuesday, The Washington Post reported Huawei was testing automated “Uyghur alarms” that send alerts to Chinese authorities when Uyghurs are detected via its camera systems.

The Washington Post said a document it saw from Huawei’s website was removed by the company after comment was sought. Huawei reportedly said it was “simply a test” and not a product.

Last week, The Wall Street Journal reported the US was discussing a deal with Huawei to allow its CFO Meng Wanzhou to leave Canada and return to China if she admitted to wrongdoing.

The Canadian ambassador to China reportedly said on Tuesday that two Canadians imprisoned by Beijing soon after Meng was detained in Vancouver were showing resilience.

Last week, Huawei continued to end its sponsorship of Australasian sporting teams, parting ways with the Wellington Phoenix.

Related Coverage


Source: Information Technologies - zdnet.com

Four sentenced to prison for planting malware on 20 million Gionee smartphones

Christchurch terrorist's radicalisation shows the limits of surveillance and censorship