Rip and Replace: Where We Stand and What is Next for U.S. Telecom Security
1202
wp-singular,post-template-default,single,single-post,postid-1202,single-format-standard,wp-theme-bridge,bridge-core-3.3.3,qode-optimizer-1.0.4,qode-page-transition-enabled,ajax_fade,page_not_loaded,,qode-title-hidden,qode_enable_button_white_space,qode-smooth-scroll-enabled,qode-theme-ver-30.8.5,qode-theme-bridge,disabled_footer_bottom,qode_advanced_footer_responsive_1024,wpb-js-composer js-comp-ver-8.1,vc_responsive

30 May Rip and Replace: Where We Stand and What is Next for U.S. Telecom Security

Posted at 21:26h in Analysis, Spanish by

By,

Luis O. Noguerol, Co-Founder & Senior Fellow, MSI²

Introduction: Let us be honest: Most Americans do not consider what kind of equipment powers their phone calls, texts, or internet connections. However, behind the scenes, the gear that keeps us connected has become a major national security issue.

For years, many small and rural U.S. telecom companies used equipment from Chinese manufacturers like Huawei and ZTE. It was affordable and reliable, and, for a long time, nobody thought twice about it (except for people like me).

That all changed when the U.S. government started worrying that this equipment could be used for spying or sabotage. Suddenly, “Rip and Replace” became the buzzword in Washington. The idea: rip out the risky Chinese-made gear and replace it with safer alternatives. Sounds straightforward, right? Not so much. Between funding headaches, technical challenges, and a parade of new cyber threats, the road to a secure telecom network has been anything but smooth.

In this article, I will discuss what has happened so far, what is working, what is not, and what needs to happen next. I will also examine how new threats, like state-sponsored hackers and AI-powered attacks, keep everyone on their toes.

How Did We Get Here? The Backstory

In 2019, the Federal Communications Commission (FCC) officially labeled Huawei and ZTE threats to national security (FCC, 2019). Why? Because Chinese law says these companies have to help the government if asked, which raised alarms about possible backdoors and surveillance (Congressional Research Service, 2023). This requirement from the Chinese government applies to all companies and products related to China, including TikTok, which continues to do damage without clear actions from the government, even when the Supreme Court banned the application under current conditions in the US.

To tackle this, Congress created the “Rip and Replace” program in 2020, setting aside $1.9 billion to help smaller telecom providers swap out the risky gear (FCC, 2020). However, as you might guess, that amount was way too low. The real cost? Over $5 billion, according to government audits (GAO, 2023). That left many companies in limbo, waiting for more funding to finish the job.

The Numbers: Progress, Delays, and Dollars

  • Who is Involved? Currently, 126 carriers are part of the program, mostly in rural America. About 70% say the initial funding was insufficient to get the job done (FCC, 2024a; Broadband Breakfast, 2025).
  • More Money at Last: After much back-and-forth, Congress approved another $3.08 billion in late 2024 (RCR Wireless, 2024; Lummis, 2025). This new funding is finally helping carriers speed up their replacement work (Broadband Breakfast, 2025).
  • How Much Has Been Done? By the end of 2024, about 62% of the most critical equipment, like network cores and backhaul systems, had been replaced (FCC, 2024b). A few carriers have finished and sent in their final paperwork (FCC, 2024c).
  • Delays and Extensions: Because of the funding gap and other issues, the FCC has handed out 139 deadline extensions, most of which are tied to money problems (FCC Chair, 2024). Some companies now have until mid-2025 to finish (FCC, 2024a).

What is Slowing Things Down?

  • Supply Chain Nightmares: Remember the global chip shortage? It hit telecom hard. Getting new, secure equipment delivered on time has been a significant challenge (FCC, 2024c). Add in shipping delays, and you have a recipe for frustration.
  • Not Enough Skilled Workers: Insufficiently trained technicians are needed to handle all the removals and installations, especially in remote or rural areas (FCC, 2024c). Finding people to do the work can be tough, even when the equipment arrives.
  • Weather and Geography: Some towers are in remote, austere locations. Bad weather and rough terrain can turn a simple job into a logistical nightmare (FCC, 2024c).
  • New Certification Rules: The FCC recently banned Chinese labs from certifying telecom equipment for the U.S. market, closing a loophole that could have let risky gear sneak in through the back door (South China Morning Post, 2025).

It is Not Just About the Hardware: The New Threats

Even if you swap out all the old gear, the threats do not stop there. Here is what is keeping security experts awake at night in 2025:

  • Zombie Devices: Some equipment has been turned off but not physically removed. That means it could be switched back on, by accident or on purpose. In Texas, 15 towers with dormant Huawei gear caused network problems when reactivated (CISA, 2024).
  • Shady Supply Chains: About 35% of the new “safe” equipment parts still come from China, just routed through third countries (Supply Chain Resilience Initiative, 2024). That makes it hard to be sure everything is truly secure.
  • Sneaky AI: Chinese-made network management systems use artificial intelligence to hide suspicious activity from auditors. These AI systems can mask malware or unauthorized access, making it much harder to spot problems (MIT Technology Review, 2025).
  • Quantum Threats: Some of the new gear already has chips that can resist quantum-level cyberattacks, which shows China is thinking way ahead about how to break into networks in the future (MIT Lincoln Laboratory, 2025).
  • State-Sponsored Cyberattacks: Groups like “Salt Typhoon” (linked to China) have been caught hacking into U.S. telecom networks, stealing data, and even intercepting calls (Mandiant, 2025; DHS, 2024). These hackers are getting more sophisticated, using “living off the land” techniques to blend in with regular network traffic and avoid detection (DHS, 2024).

The Bigger Picture: Why This Matters

It is not just about keeping your Netflix stream running smoothly. Telecom networks are the backbone of everything from emergency services to national defense. If these networks get hacked or sabotaged, the impact could be massive, think power outages, disrupted 911 calls, or even threats to military operations (DHS, 2024).

Moreover, it is not just China. Russia and other adversaries are also looking for ways to sneak into U.S. critical infrastructure (DHS, 2024). The stakes are high, and the threats are constantly evolving.

Credit: Adobe Stock- Standard license on file.

What is the Government Doing About It?

  • FCC’s New Security Push: The FCC is not just sitting back. In January 2025, the agency rolled out new rules requiring telecom companies to beef up their cybersecurity and submit annual risk management plans (FCC, 2025; Industrial Cyber, 2025). The goal is to ensure everyone is taking real steps, not just checking boxes, to keep networks safe.
  • National Security Council for Telecom: In March 2025, the FCC launched a special council focused on national security in telecom. This group brings together experts from across the government to tackle threats from foreign adversaries, especially China (Cybersecurity Dive, 2025). Their job:
  • Reduce America’s reliance on foreign suppliers for critical tech.
  • Find and fix vulnerabilities that could be exploited for spying or sabotage.
  • Help the U.S. stay ahead in the race for next-gen tech like 5G, quantum computing, and AI (Cybersecurity Dive, 2025).
  • International Teamwork: The U.S. is teaming up with Europe and Indo-Pacific allies to share threat intelligence, set common equipment standards, and train engineers in network security (U.S.-EU Trade and Technology Council, 2025; Indo-Pacific Economic Framework, 2025). This global approach is key, since cyber threats do not stop at national borders.
  • Training the Workforce: There is a big push to train 5,000 new technicians by 2027, ensuring enough skilled workers to keep up with the demand for secure network installations (National Telecommunications Training Institute, 2025).

The Cybersecurity Wild West: What is Happening in 2025?

If you think things are getting safer, think again. Cybersecurity is a moving target, and the bad guys are getting smarter.

  • More Attacks, More Sophistication: Telecom companies are seeing a significant spike in cyberattacks, especially those backed by foreign governments (RSM, 2025). Hackers are after sensitive data and sometimes want to cause chaos by taking down networks.
  • AI – Friend and Foe: Artificial intelligence is a double-edged sword. On one hand, it helps companies spot and stop threats faster. On the other hand, hackers are using AI to find weak spots and launch smarter attacks (Forbes, 2025; EY, 2025). A recent survey found that 87% of security experts have seen AI-driven cyberattacks in the past year (Forbes, 2025).
  • DDoS Attacks on the Rise: Denial-of-service (DDoS) attacks—where hackers flood a network to knock it offline—are becoming more common and powerful. Nearly nine million incidents were reported in the second half of 2024 alone (Forbes, 2025).
  • Quantum Computing – the Next Big Threat: Quantum computers could one day break today’s encryption, making it easier for hackers to crack into networks. Some telecom equipment makers are adding “quantum-resistant” chips, but this race is just starting (MIT Lincoln Laboratory, 2025).

What Needs to Happen Next? (My Recommendations)

So, what is the game plan to finish the job and stay ahead of the threats? Here are some ideas:

  • Focus on the Most Critical Parts of the Network: Put the most effort (and money) into replacing the riskiest equipment, like the network core and 5G authentication systems, since hackers target these first (FCC Security Audit, 2024).
  • Build More U.S. Testing Labs: Spend $450 million to establish more American labs for testing and certifying telecom gear. That way, we will not have to rely on foreign labs that might not have our best interests at heart (CHIPS Act Implementation Plan, 2025).
  • Team Up with Allies: Work closely with countries like Japan, India, and Australia to set shared standards, swap threat intelligence, and coordinate on new tech (Indo-Pacific Economic Framework, 2025).
  • Keep the Money Flowing: Look into creative ways to fund these efforts, like national security bonds, so we do not have to wait for Congress to approve more money every time there is a shortfall (FCC Chair, 2024).
  • Audit Everything, All the Time: Make regular, thorough audits of all equipment and supply chains mandatory. If something looks suspicious, it gets pulled and checked, no exceptions (Supply Chain Resilience Initiative, 2024).
  • Train, Train, Train: Expand technical training programs and offer incentives to get more skilled workers into the field, especially in rural areas often left behind (National Telecommunications Training Institute, 2025).

The Road Ahead: Why This Matters for Everyone

The “Rip and Replace” program is not just a government project; it is about protecting the digital backbone of American life. Secure telecom networks are critical for everything from emergency services to online banking, from national defense to your next Zoom call.

The good news? With more funding, smarter rules, and better teamwork at home and with international allies, the U.S. can finish the job and stay ahead of threats. However, it will take ongoing vigilance, innovation, and a willingness to adapt as the landscape changes.

The Miami Strategic Institute is committed to leading the way, offering expertise, analysis, and policy recommendations to ensure America’s digital future is as safe and secure as possible.

Conclusions

The “Rip and Replace” initiative is a pivotal crossroads for U.S. national security and technological resilience. While significant progress has been made in removing high-risk Chinese telecom equipment, the journey has exposed deep vulnerabilities in supply chains, funding mechanisms, and workforce readiness. 

The evolving landscape of cyber threats, from sophisticated state-sponsored attacks to emerging risks posed by artificial intelligence and quantum computing, demands that the U.S. remain vigilant, adaptive, and proactive. It is clear that success requires more than just replacing hardware; it calls for sustained investment, rigorous supply chain audits, robust domestic certification, and international collaboration on standards and intelligence sharing. 

Only through a comprehensive, forward-looking strategy can the United States ensure the integrity of its communications infrastructure and safeguard its digital future. The Miami Strategic Intelligence Institute supports this mission, fosters dialogue, and drives innovation to secure America’s networks in an increasingly complex and interconnected world.

References

Broadband Breakfast. (2025, April 16). Rip and replace funding that is available, FCC says. https://broadbandbreakfast.com/rip-and-replace-funding-available-fcc-says/ 

CHIPS Act Implementation Plan. (2025). Domestic semiconductor and telecom testing expansion.

Congressional Research Service. (2023). The Secure and Trusted Communications Networks Act: Overview and implications (Report No. R46785).

CISA. (2024). Annual threat report. Cybersecurity and Infrastructure Security Agency.

Cybersecurity Dive. (2025, March 13). FCC launches national security unit to counter state-linked threats to telecom.

DHS. (2024, September 30). Homeland Threat Assessment 2025 (Publication No. 24-320).

EY. (2025, January 22). Top 10 risks for telecommunications in 2025.

FCC. (2019). Designation of Huawei and ZTE as national security threats (Docket 19-121). Federal Communications Commission. https://www.fcc.gov/supplychain/reimbursement 

FCC. (2020). Secure and Trusted Communications Networks Reimbursement Program. https://www.fcc.gov/supplychain/reimbursement 

FCC. (2024a). Supply Chain Reimbursement Program status update (Report to Congress, Dec. 30, 2024). https://www.fcc.gov/supplychain/reimbursement 

FCC. (2024b). Progress dashboard and spending reports.

FCC. (2024c). Third report to Congress on Reimbursement Program implementation.

FCC Chair. (2024, December 4). Call to Congress to fully fund Rip and Replace program. https://www.meritalk.com/articles/fcc-chair-calls-on-congress-to-fully-fund-rip-and-replace-program/ 

FCC Security Audit. (2024). Telecom network vulnerability assessment.

Forbes. (2025, April 5). Key cybersecurity challenges in 2025—trends and observations.

GAO. (2023). Telecommunications: Cost challenges in the Rip and Replace program (Report No. GAO-24-567).

Industrial Cyber. (2025, January 20). FCC requires telecoms to secure networks, suggests steps to secure US communications from cyberattacks.

Indo-Pacific Economic Framework. (2025). Technology cooperation and standards.

Lummis, C. (2025, February 10). Letter on Rip and Replace funding. https://www.lummis.senate.gov/wp-content/uploads/Rip-and-Replace-Feb13-2025.pdf 

Mandiant. (2025). APT41 (Salt Typhoon) activity analysis.

MIT Lincoln Laboratory. (2025). Quantum-resistant hardware in telecommunications.

MIT Technology Review. (2025). Adversarial AI in network management systems.

National Telecommunications Training Institute. (2025). Workforce development programs.

RCR Wireless. (2024, December 18). Rip and replace funding passes as part of defense bill. https://www.rcrwireless.com/20241218/policy/rip-and-replace-funding 

RSM. (2025, April 15). 2025 Cybersecurity MMBI telecom snapshot.

South China Morning Post. (2025, May 22). FCC bars Chinese labs from U.S. tech certification.

Supply Chain Resilience Initiative. (2024). Third-party component risks in telecommunications.

U.S.-EU Trade and Technology Council. (2025). Joint statement on equipment forensics sharing.

The opinions expressed in this article are those of the author and do not necessarily reflect the views of the Miami Strategic Intelligence Institute (MSI²). 

Tags:
, ,