New US bill would force telcos to fortify defences after Salt Typhoon attacks
Free Trial

Capacity Media is part of techoraco, techoraco Limited, 4 Bouverie Street, London, EC4Y 8AX, Registered in England & Wales, Company number 15236387.

Copyright © techoraco and its affiliated companies 2024

Accessibility | Terms of Use | Privacy Policy | Modern Slavery Statement

Cookies Settings
News

New US bill would force telcos to fortify defences after Salt Typhoon attacks

Ben Wodecki
December 11, 2024 09:15 AM
Digital image of the Chinese flag concept for digital espionage

A US Senator has introduced a draft bill in response to Chinese-linked hacks on US telcos that would force the Federal Communications Commission to introduce cybersecurity rules for telcos.

The Communications Assistance for Law Enforcement Act (CALEA) of 1994 mandates that the FCC ensure operators secure their systems from unauthorised interceptions — something it never fully implemented.

Ron Wyden’s new Secure American Communications Act introduced earlier this week would demand the FCC to issue cybersecurity regulations required under the CALEA, with US telcos required to submit annual security tests and audits to the FCC.

Subscribe today for free

The connectivity news and insights that matter - straight to your inbox

“It was inevitable that foreign hackers would burrow deep into the American communications system the moment the FCC decided to let phone companies write their own cybersecurity rules,” Senator Wyden said.

“Telecom companies and federal regulators were asleep on the job and as a result, Americans’ calls, messages, and phone records have been accessed by foreign spies intent on undermining our national security.”

Mobile devices belonging to President-Elect Donald Trump, VP-elect JD Vance, and Vice President Kamala Harris were targeted by Salt Typhoon, a group of Chinese-linked hackers as part of what the FBI described as a “cyber espionage campaign”.

Verizon, AT&T, and Lumen were targeted by hackers, while T-Mobile’s cybersecurity chief denied that the operator’s defences were compromised by Salt Typhoon.

In response to the hacks, Senator Wyden’s legislation would force US operators to conduct annual testing on whether systems can be breached.

Telcos would have to conduct tests that are set by the FCC, documenting all findings and corrective measures taken in response.

An operator’s CEO, CISO, or equivalent would then have to sign a written statement saying it is in compliance with the FCC’s cybersecurity rules.

The FCC’s cybersecurity tests, as mandated under the CALEA, would need to be created with the Director of the US Cybersecurity and Infrastructure Security Agency as well as the US Director of National Intelligence.

Independent auditors would then be tasked with conducting annual compliance assessments, documenting all failures that could lead to potential breaches.

“Congress needs to step up and pass mandatory security rules to finally secure our telecom system against an infestation of hackers and spies,” Senator Wyden added.

RELATED STORIES

T-Mobile defends its cyber defences as Chinese hackers continue to target telcos

FBI warns Chinese hackers are targeting telcos in major espionage campaign

T-Mobile hit by alleged Chinese cyber attack in major data breach

Iranian cyber actors target critical infrastructure: FBI, CISA, and NSA warn

Topics

NewsGovernanceFraud and SecurityCyber Security
Ben Wodecki
Ben Wodecki
Senior Reporter Capacity Media
Contact
More from across our site
Load More
Gift this article
capacitymedia-logo-white.png

Never miss a story again

Subscribe to Capacity today to receive daily insights into the developments and ideas shaping the global connectivity industry.
Subscribe