This resolution expresses the sense of the House of Representatives that (1) all stakeholders in the deployment of fifth-generation (5G) communications infrastructure should consider adherence to the Prague Proposals (wireless technology recommendations from the Prague 5G Security Conference) in procuring products and services, and (2) the President and federal agencies should promote global trade and security policies consistent with the Prague Proposals and urge our allies to embrace the proposals for their 5G infrastructure.
[Congressional Bills 116th Congress]
[From the U.S. Government Publishing Office]
[H. Res. 575 Introduced in House (IH)]
<DOC>
116th CONGRESS
1st Session
H. RES. 575
Expressing the sense of the House of Representatives that all
stakeholders in the deployment of 5G communications infrastructure
should carefully consider and adhere to the recommendations of ``The
Prague Proposals''.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
September 24, 2019
Mr. Flores (for himself and Mr. Soto) submitted the following
resolution; which was referred to the Committee on Energy and Commerce,
and in addition to the Committee on Foreign Affairs, for a period to be
subsequently determined by the Speaker, in each case for consideration
of such provisions as fall within the jurisdiction of the committee
concerned
_______________________________________________________________________
RESOLUTION
Expressing the sense of the House of Representatives that all
stakeholders in the deployment of 5G communications infrastructure
should carefully consider and adhere to the recommendations of ``The
Prague Proposals''.
Whereas 5G, the next generation (5th generation) in wireless technology,
promises the next evolution of communications and information technology
services, applications, and capabilities across every sector of
business, government, entertainment, and communications;
Whereas the United States, Europe, China, and others are racing toward 5G
adoption and upgrading existing networks, which will drive subsequent
advances in artificial intelligence, machine learning, smart homes,
smart cities, robotics, autonomous vehicles, and quantum computers;
Whereas 5G will make possible the automatization of everyday activities and the
use of the full potential of the Internet of Things;
Whereas these developments, while evolutionary, could include risks to important
public interests, including privacy, data security, public safety, and
national security;
Whereas in a highly connected world, disruption of the integrity,
confidentiality, or availability of communications or even the
disruption of the communications service itself can seriously hamper
everyday life, societal functions, the economy, and national security;
Whereas the security of 5G networks is crucial for national security, economic
security, and other United States national interests and global
stability;
Whereas operators of communications infrastructure depend on a complex supply
chain of technology from a global market of suppliers and service
providers;
Whereas government security officials and experts from 32 countries came
together in Prague in May of 2019 to work out guidelines for the
deployment and security of 5G networks;
Whereas representatives agreed that ``[m]ajor security risks emanate from the
cross-border complexities of an increasingly global supply chain which
provides ICT equipment. These risks should be considered as part of the
risk assessment based on relevant information and should seek to prevent
proliferation of compromised devices and the use of malicious code and
functions.''; and
Whereas the Prague 5G Security Conference adopted security recommendations,
which have come to be known as ``The Prague Proposals'': Now, therefore,
be it
Resolved,
SECTION 1. SENSE OF THE HOUSE OF REPRESENTATIVES.
The House of Representatives--
(1) urges all stakeholders in the deployment of 5G
communications infrastructure to carefully consider adherence
to the recommendations of ``The Prague Principles'' (as
described in section 2) as they procure products and services
across their supply chain; and
(2) encourages the President and Federal agencies to
promote global trade and security policies that are consistent
with ``The Prague Proposals'' and urge our allies to embrace
the recommendations of ``The Prague Proposals'' for their
public 5G infrastructure.
SEC. 2. PRAGUE PROPOSALS.
The text of ``The Prague Proposals'' is as follows:
(1) ``Policy''.--
(A) ``Communication networks and services should be
designed with resilience and security in mind. They
should be built and maintained using international,
open, consensus-based standards and risk-informed
cybersecurity best practices. Clear globally
interoperable cyber security guidance that would
support cyber security products and services in
increasing resilience of all stakeholders should be
promoted.''.
(B) ``Every country is free, in accordance with
international law, to set its own national security and
law enforcement requirements, which should respect
privacy and adhere to laws protecting information from
improper collection and misuse.''.
(C) ``Laws and policies governing networks and
connectivity services should be guided by the
principles of transparency and equitability, taking
into account the global economy and interoperable
rules, with sufficient oversight and respect for the
rule of law.''.
(D) ``The overall risk of influence on a supplier
by a third country should be taken into account,
notably in relation to its model of governance, the
absence of cooperation agreements on security, or
similar arrangements, such as adequacy decisions, as
regards data protection, or whether this country is a
party to multilateral, international or bilateral
agreements on cybersecurity, the fight against
cybercrime, or data protection.''.
(2) ``Technology''.--
(A) ``Stakeholders should regularly conduct
vulnerability assessments and risk mitigation within
all components and network systems, prior to product
release and during system operation, and promote a
culture of find/fix/patch to mitigate identified
vulnerabilities and rapidly deploy fixes or patches.''.
(B) ``Risk assessments of supplier's products
should take into account all relevant factors,
including applicable legal environment and other
aspects of supplier's ecosystem, as these factors may
be relevant to stakeholders' efforts to maintain the
highest possible level of cyber security.''.
(C) ``When building up resilience and security, it
should be taken into consideration that malicious cyber
activities do not always require the exploitation of a
technical vulnerability, e.g. in the event of insider
attack.''.
(D) ``In order to increase the benefits of global
communication, States should adopt policies to enable
efficient and secure network data flows.''.
(E) ``Stakeholders should take into consideration
technological changes accompanying 5G networks roll
out, e.g. use of edge computing and software defined
network/network function virtualization, and its impact
on overall security of communication channels.''.
(F) ``Customer--whether the government, operator,
or manufacturer--must be able to be informed about the
origin and pedigree of components and software that
affect the security level of the product or service,
according to state of art and relevant commercial and
technical practices, including transparency of
maintenance, updates, and remediation of the products
and services.''.
(3) ``Economy''.--
(A) ``A diverse and vibrant communications
equipment market and supply chain are essential for
security and economic resilience.''.
(B) ``Robust investment in research and development
benefits the global economy and technological
advancement and is a way to potentially increase
diversity of technological solutions with positive
effects on security of communication networks.''.
(C) ``Communication networks and network services
should be financed openly and transparently using
standard best practices in procurement, investment, and
contracting.''.
(D) ``State-sponsored incentives, subsidies, or
financing of 5G communication networks and service
providers should respect principles of fairness, be
commercially reasonable, conducted openly and
transparently, based on open market competitive
principles, while taking into account trade
obligations.''.
(E) ``Effective oversight on key financial and
investment instruments influencing telecommunication
network development is critical.''.
(F) ``Communication networks and network service
providers should have transparent ownership,
partnerships, and corporate governance structures.''.
(4) ``Security, privacy, and resilience''.--
(A) ``All stakeholders including industry should
work together to promote security and resilience of
national critical infrastructure networks, systems, and
connected devices.''.
(B) ``Sharing experience and best practices,
including assistance, as appropriate, with mitigation,
investigation, response, and recovery from network
attacks, compromises, or disruptions should be
promoted.''.
(C) ``Security and risk assessments of vendors and
network technologies should take into account rule of
law, security environment, vendor malfeasance, and
compliance with open, interoperable, secure standards,
and industry best practices to promote a vibrant and
robust cyber security supply of products and services
to deal with the rising challenges.''.
(D) ``Risk management framework in a manner that
respects data protection principles to ensure privacy
of citizens using network equipment and services should
be implemented.''.
<all>
Introduced in House
Referred to the Committee on Energy and Commerce, and in addition to the Committee on Foreign Affairs, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Referred to the Committee on Energy and Commerce, and in addition to the Committee on Foreign Affairs, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Referred to the Subcommittee on Communications and Technology.
Subcommittee Hearings Held.
Subcommittee Consideration and Mark-up Session Held.
Forwarded by Subcommittee to Full Committee (Amended) by Voice Vote .
Committee Consideration and Mark-up Session Held.
Ordered to be Reported (Amended) by Voice Vote.
Reported (Amended) by the Committee on Energy and Commerce. H. Rept. 116-368, Part I.
Reported (Amended) by the Committee on Energy and Commerce. H. Rept. 116-368, Part I.
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line
Committee on Foreign Affairs discharged.
Committee on Foreign Affairs discharged.
Placed on the House Calendar, Calendar No. 67.
Mr. Doyle, Michael F. moved to suspend the rules and agree to the resolution, as amended.
Considered under suspension of the rules. (consideration: CR H41-43)
DEBATE - The House proceeded with forty minutes of debate on H. Res. 575.
Passed/agreed to in House: On motion to suspend the rules and agree to the resolution, as amended Agreed to by voice vote.(text: CR H41)
On motion to suspend the rules and agree to the resolution, as amended Agreed to by voice vote. (text: CR H41)
The title of the measure was amended. Agreed to without objection.