Global Networks at Risk: How TIA is Securing the Future of Communications Infrastructure

David Stehlin, CEO of the Telecommunications Industry Association (TIA), will testify before the Subcommittee on Communications and Technology on Wednesday, April 30, 2025, at 10:00 a.m. (ET) in Room 2322 of the Rayburn House Office Building. The hearing is titled “Global Networks at Risk: Securing the Future of Communications Infrastructure.” 

Stehlin’s testimony will focus on the increasing risks to subsea cable systems, which transmit most of the world’s internet traffic and financial transactions. He also plans to highlight the growing complexity of global telecommunications networks, driven by the rapid expansion of cloud-based data centers and edge IoT devices. 

In addition, Stehlin plans to highlight threats from untrusted software, hardware, and suppliers—and the urgent need for public-private partnerships and supply chain security to ensure networks are built with trusted, resilient components. Lastly, he plans to spotlight TIA’s SCS 9001 supply chain security standard and the importance of working with partners to build secure, globally connected networks.

This blog is based on Stehlin’s submitted written testimony to the subcommittee. 

TIA: A Legacy of Trust and Resilience
The technology-agnostic TIA supports trusted wireline, wireless, and satellite technologies across the communications ecosystem. With nearly a century of experience, we’ve helped ensure networks are built efficiently, resiliently, and with trusted suppliers at their core. 

I have served as CEO of TIA for the past five years. Over my 40-year career, I’ve also led both publicly traded and venture-backed telecom technology companies, witnessing tremendous technological change and advancement, while observing how security improvements consistently lag behind innovation. I’ve experienced firsthand how state-owned entities like Huawei operate on the global stage, undermining competitive markets for trusted Information and Communications Technology (ICT) vendors.

As a graduate of the U.S. Naval Academy and a former Marine officer, I take the national security threats posed by adversary-controlled entities seriously, especially given the growing criticality of communications networks.

Protecting Critical Infrastructure Beneath the Sea
Subsea cable systems are an area of particular concern for both TIA and the telecommunications industry. From the Red Sea to the Taiwan Strait, to the Baltic Sea and beyond, nefarious actors are increasingly disrupting global networks by cutting cables and damaging cable landing points. These subsea cables form the irreplaceable backbone of the global internet, carrying 99% of internet traffic across continents and supporting more than $10 trillion in financial transactions. 

While satellite communications play an integral role in global connectivity, the data capacity of subsea cables cannot be overstated. Estimates suggest that by 2026, total global satellite capacity will amount to just half a percent of global subsea cable capacity. Without the resilience and security of subsea cables, smartphones, financial networks, and government communications will struggle to function reliably in the event of an attack—threatening U.S. national and economic security.

Strengthening the Subsea Cable Supply Chain
Physical threats are only part of the challenge. TIA has raised concerns about risks from untrusted vendors within the subsea cable supply chain. Companies linked to foreign adversaries could exploit vulnerabilities by inserting compromised hardware, installing fiber optic taps, or introducing flaws that weaken cables against external attacks. As adversaries become more sophisticated, protecting subsea cable systems requires more than physical safeguards, it demands trusted suppliers and rigorous standards. 

TIA continues to advocate for the application of brightline rules to remove untrusted vendors from the subsea cable ecosystem, strengthening both market stability and national security. At the same time, TIA supports efforts to streamline the regulatory process for trusted applicants, ensuring that redundant, resilient subsea cable infrastructure can be deployed quickly without compromising security. By adopting common-sense measures that balance economic needs with national security priorities, the U.S. can more effectively protect global communications infrastructure. 

The Expanding Complexity and Risk of Modern Networks
Protecting subsea infrastructure is just one piece of a much larger challenge. Global telecommunications networks are expanding and diversifying as cloud computing, IoT devices, and artificial intelligence (AI) applications continue to evolve. These technologies drive complexity and introduce new vulnerabilities across the ecosystem. For example, the number of connected IoT devices alone already numbers in the billions and is projected to surpass 30 billion within the next five years. 

Most networks today are cloud-based, with data centers at their hub. These data centers increasingly rely on graphics processing units (GPUs), which are crucial to powering artificial intelligence (AI) applications. Ensuring data center security is essential to keeping the U.S. safe and forward-leaning in a globally connected world. If we want our tree of prosperity to flourish, we must ensure all connected roots are healthy. 

Every type of critical infrastructure—from the electric grid to water systems, emergency responders, and the internet—relies on ICT systems. Because of the foundational role communications networks play in national infrastructure, vulnerabilities in these systems can have a broad impact. Notably, every one of the Cybersecurity and Infrastructure Security Agency’s (CISA) 16 designated critical infrastructure sectors is driven by ICT networks.

Network attacks can originate from many sources, including state-sponsored enemies, criminals, and terrorists. While attack vectors are endless, our defense must start with supply chain security, ensuring the products and services used to build our networks come from trusted suppliers who design security into their infrastructure. We must verify before we trust, recognizing that security is a subset of quality. 

As network architectures advance and grow more complex, the attack surface expands, giving bad actors—including those state-sponsored by foreign adversaries such as the Chinese Communist Party—more opportunities to infiltrate critical systems. Recent attacks like Salt Typhoon highlight the urgent need for a layered defense approach focused on trusted components, resilient design, and continual verification.

Securing the ICT Supply Chain Through SCS 9001
With strong bipartisan support, the U.S. government has long recognized that supply chain vulnerabilities pose a serious threat to national infrastructure. To address this threat, TIA initiated and developed SCS 9001, the ICT industry’s first supply chain security standard, in 2022. Developed with input from our members and both U.S. and allied governments, SCS 9001 aligns with and operationalizes the NIST Cybersecurity Framework, the Prague Principles, and other key guidelines. 

SCS 9001 is a supply chain security management system that defines and measures requirements and controls across the design, development, production, operations, and service of ICT products and services. By aligning with the standard, suppliers demonstrate and verify their products and services can be trusted.

Building Trust Beyond Borders
Our initiatives extend beyond domestic infrastructure. We’ve been working with the Departments of Commerce and State to help allied countries build trusted networks by embedding security into their wireless, wireline, satellite, and critical infrastructures. 

Many past high-profile attacks—including Salt Typhoon, the hacking of U.S. presidential campaigns, the CrowdStrike vulnerability, and the SolarWinds hack—clearly highlight the urgent need to address vulnerabilities within the ICT supply chain and mitigate them wherever possible. The growing number and sophistication of these attacks should concern us all. 

A public-private partnership that embeds the elements needed to verify trust and drive continuous improvement can reduce the impact of bad actors across our critical networks.

Watch the Live Testimony: David Stehlin’s live testimony before the Subcommittee on Communications and Technology is available to stream here on Wednesday, April 30, 2025, at 10:00 a.m. (ET).