The Federal Communications Commission (FCC) is moving to tighten cybersecurity requirements for telecommunications carriers following the Salt Typhoon cyberattack, which compromised at least eight U.S. networks, according to recent media reports. Salt Typhoon, attributed to state-sponsored actors from the People’s Republic of China, reportedly infiltrated critical infrastructure, exploiting vulnerabilities in telecom systems to intercept communications and disrupt operations.
The proposed actions aim to modernize cybersecurity frameworks, requiring carriers to secure their networks under Section 105 of the Communications Assistance for Law Enforcement Act (CALEA). Additionally, providers must annually certify that they have implemented comprehensive cybersecurity risk management plans. “While the Commission’s counterparts in the intelligence community are determining the scope and impact of the Salt Typhoon attack, we need to put in place a modern framework to help companies secure their networks and better prevent and respond to cyberattacks in the future,” said Rosenworcel.
• Key Points:
• Salt Typhoon attack reportedly compromised eight U.S. telecom networks.
• FCC proposes a Declaratory Ruling mandating telecom providers secure their networks under CALEA.
• Annual certification of cybersecurity risk management plans required from providers.
• New rulemaking seeks public input on cybersecurity requirements for various communications systems.
• Builds on prior FCC proposals targeting submarine cables, Emergency Alert Systems, and Wireless Emergency Alerts.
In response, outgoing FCC Chairwoman Jessica Rosenworcel proposed a Declaratory Ruling and new rulemaking measures to require telecom carriers strengthen their defenses and comply with stricter security standards.
“The cybersecurity of our nation’s communications critical infrastructure is essential to promoting national security, public safety, and economic security,” said Chairwoman Jessica Rosenworcel.
”
