- The National Defense Authorization Act includes funds to fulfill the rip and replace mandate
- It’s not done until it’s signed, sealed and delivered, but it’s close enough for some to declare victory
- Operators will use the funds to replace gear from Chinese vendors Huawei and ZTE
A lot of people are breathing a sigh of relief after hearing that the National Defense Authorization Act (NDAA) includes $3 billion to cover expenses incurred by operators that need to rip out Chinese equipment and replace it with gear that’s deemed secure.
Count John Nettles, president of Alabama-based Pine Belt Wireless, among them. “To put it bluntly, this is the best news we’ve received as it relates to this issue in the last several years,” he told Fierce.
Despite being ordered to remove Chinese network equipment, Pine Belt still relies on a significant amount of ZTE equipment because it doesn’t have the funds to replace it. Pine Belt’s LTE core uses ZTE gear, and the carrier has ZTE radio access network (RAN) equipment running at nine of its 67 tower sites.
All of that ZTE gear needs to be removed as part of a mandate from the 2019 Secure and Trusted Communications Networks Program, informally known as the rip-and-replace program. The program calls for removal of Chinese gear from all U.S. communications networks, which mainly affects smaller U.S. carriers like Pine Belt that bought and installed gear from Huawei and ZTE because the equipment worked and the price was right. That was before the gear was deemed a national security risk.
In total, 126 carriers are facing shortfalls in the funding of their rip and replace endeavors. The U.S. government allocated funds for the program, but it fell short by about $3 billion, which is what a section of the 1,800-page NDAA is now looking to provide.
“Other than turning the clock back 18 months or so and changing history, this could not have come at a better time,” Nettles said. “Hopefully with the passage of the bill as currently written, we can avoid the disruptions such activities would have created.”
Assuming the funds are approved and allocated early in 2025, Pine Belt should have all of its network up to snuff, so to speak, by this time next year. Nettles said he doesn’t anticipate any further uncertainties. The company is using equipment from Nokia to replace ZTE.
NDAA is 'must-pass' bill
Of course, nothing is final until it’s enacted into law, and carriers waiting for rip and replace monies have seen other Congressional funding attempts fall by the wayside. But the NDAA is considered a "must-pass" bill, and Competitive Carriers Association (CCA) President and CEO Tim Donovan seems confident this one will stick.
He released a statement over the weekend thanking the House and Senate lawmakers and congressional staff who championed the effort.
“This funding is desperately needed to fulfill the mandate to remove and replace covered equipment and services while maintaining connectivity for tens of millions of Americans,” Donovan said.
CCA has been sounding the alarm for years and turned up the volume in recent days and months.
Last week, Donovan reiterated his concerns, saying the lack of necessary funding was alarming and far-reaching. Some participants in the rip and replace program already shut down portions of their networks, depriving communities of 911 and emergency services, he said.
FCC has China in its sights
His comments came in response to outgoing FCC Chairwoman Jessica Rosenworcel’s November 26 letter to Congress, where she updated her calls on lawmakers to fully fund the rip and replace program, noting that the funding shortfall puts the country’s national security and rural connectivity at risk.
While the rip and replace program targets smaller operators that installed Chinese equipment, the FCC last week drafted a Declaratory Ruling, triggered by the Salt Typhoon cyberattack, that calls for all U.S. telecom networks to secure their networks from unlawful access or interception of communications. AT&T, T-Mobile and Verizon were identified as victims of Salt Typhoon.
Rosenworcel said the Communications Assistance for Law Enforcement Act (CALEA) requires telecom carriers to secure their networks from unlawful access or interception, and she’s proposing that communications service provides submit an annual certification showing they’re implementing adequate cybersecurity risk management plans.