Governance, Risk and Compliance, Breach, Government Regulations
FCC to telecoms: Secure your networks from hacks like China’s Salt Typhoon

(Adobe Stock)
The Federal Communications Commission (FCC) on Dec. 5 responded to recent reports that the Chinese group Salt Typhoon infiltrated at least eight U.S. telecom companies by proposing that carriers create, update and implement cybersecurity risk management plans annually to the FCC, or face stiff penalties.FCC Chairwoman Jessica Rosenworcel said the agency had this authority under Section 105 of the Communications Assistance for Law Enforcement Act (CALEA), which created a legal obligation for the telecoms to secure their networks against unlawful access and interception.The recent proposed “Declaratory Ruling” was made available to the five members of the FCC and, if adopted, would reportedly be the first time the FCC has assumed such powers under the existing CALEA wiretapping law first enacted in 1994.“As technology continues to advance, so does the capabilities of adversaries, which means the U.S. must adapt and reinforce our defenses,” said Rosenworcel. “While the commission’s counterparts in the intelligence community are determining the scope and impact of the Salt Typhoon attack, we need to put in place a modern framework to help companies secure their networks and better prevent and respond to cyberattacks in the future.” The Salt Typhoon campaign is serious, so much so that Deputy National Security Adviser Anne Neuberger on Dec. 4 briefed reporters on the breadth of the Chinese government-sponsored hacking campaign that reportedly gave officials in China access to private texts and phone conversations of an unknown number of Americans.While the specific nature of what information the Salt Typhoon attackers accessed is still unknown, former NSA cybersecurity expert Evan Dornbush said the attackers could have potentially seen who is under law enforcement surveillance. "This would allow the attackers to know if any of their agents are compromised, generate a list of blackmail targets, or a list of individuals to cease communications with," Dornbush speculated. "The attackers could have also enabled surveillance on specific subscribers. Perhaps the attackers had a list of people they wanted to get copies of text messages or phone calls from."
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds