Page:2020-06-09 PSI Staff Report - Threats to U.S. Communications Networks.pdf/97

This page has been proofread, but needs to be validated.

copies of ComNet's physical and logical technical security architecture, security policies, and IT governance controls, noting that Team Telecom was in the process of "updat[ing] [its] files."^[1] After receiving the requested documents, a Team Telecom official asked to visit ComNet's offices sometime in "early-mid March . . . [to] meet with a few people to discuss on-going compliance with the [security agreement]."^[2]

The requested site visit occurred on March 22, 2018.^[3] According to one Team Telecom member's memo summarizing the site visit, the purpose was to, in part, "evaluate the efficacy of a [security agreement] governing the operations of a foreign state-owned company providing telecommunications services within the United States."^[4] The meeting lasted two and a half hours and again focused on ComNet's "corporate structure, ownership and management, products and services, telecommunications infrastructure, security policies and procedures, procedures regarding the handling of legal process, and compliance with CALEA."^[5] Among the updates provided to Team Telecom were ComNet's recent office change—from Los Angeles to West Covina, California—and its introduction of Voice over Internet Protocol ("VoIP") and basic enterprise IT services.^[6]

Team Telecom concluded that ComNet was "responsive to [all] comments and questions."^[7] However, Team Telecom noted:

New services (VoIP, IT, etc.) were not contemplated when the USG parties negotiated the [security agreement] in 2009. Accordingly, the reporting requirements under the [security agreement] do little to address any new risks that may arise as ComNet expands its service offerings into new markets and grows its customer base.^[8]

The Team Telecom officials attending the site visit recommended that:

USG parties should . . . continue to monitor compliance under the [2009 security agreement] as ComNet expands its new services. This situational awareness will help inform the USG Parties [sic] on-going discussions concerning the [agreement's] ability to address potential

↑ Id. at TT-DOJ-397.
↑ Id. at TT-DOJ-396.
↑ See TT-DOJ-400-03; TT-DOJ-521-23.
↑ TT-DOJ-521-23, at TT-DOJ-521.
↑ Id. See also DHS00466PSI-71.
↑ TT-DOJ-521-23, at TT-DOJ-522; DHS00466PSI-71, at DHS00467PSI. ComNet reported that the revenue associated with the recently introduced services was "insignificant." At the time of the meeting, ComNet reported having only one VoIP customer. See TT-DOJ-521-23, at TT-DOJ-522; DHS00466PSI-71, at DHS00467PSI.
↑ TT-DOJ-521-23, at TT-DOJ-522.
↑ Id.

93

[1] Id. at TT-DOJ-397.

[2] Id. at TT-DOJ-396.

[3] See TT-DOJ-400-03; TT-DOJ-521-23.

[4] TT-DOJ-521-23, at TT-DOJ-521.

[5] Id. See also DHS00466PSI-71.

[6] TT-DOJ-521-23, at TT-DOJ-522; DHS00466PSI-71, at DHS00467PSI. ComNet reported that the revenue associated with the recently introduced services was "insignificant." At the time of the meeting, ComNet reported having only one VoIP customer. See TT-DOJ-521-23, at TT-DOJ-522; DHS00466PSI-71, at DHS00467PSI.

[7] TT-DOJ-521-23, at TT-DOJ-522.

[8] Id.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

Page:2020-06-09 PSI Staff Report - Threats to U.S. Communications Networks.pdf/97

Navigation menu

Search