{"id":1121,"date":"2024-12-06T10:48:34","date_gmt":"2024-12-06T10:48:34","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=1121"},"modified":"2024-12-06T10:48:34","modified_gmt":"2024-12-06T10:48:34","slug":"fcc-calls-for-urgent-cybersecurity-overhaul-amid-salt-typhoon-espionage-case","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=1121","title":{"rendered":"FCC calls for urgent cybersecurity overhaul amid Salt Typhoon espionage case"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>In the wake of the Salt Typhoon cyberespionage campaign allegedly linked to China, Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel has proposed immediate measures to strengthen the cybersecurity of US telecommunications infrastructure.<\/p>\n<p>The FCC\u2019s action came a day after top <a href=\"https:\/\/www.csoonline.com\/article\/3617907\/us-may-plan-legislation-to-contain-chinese-cyber-espionage.html\">US security agencies briefed senators<\/a> and the Commission on the scope of Salt Typhoon\u2019s espionage campaign, which involved infiltrating major telecommunications networks to steal sensitive data and intercept phone communications.<\/p>\n<p>The initiative includes a draft Declaratory Ruling that mandates telecom carriers to secure networks against unauthorized access under section 105 of the Communications Assistance for Law Enforcement Act (CALEA).<\/p>\n<p>The proposal, if adopted, would require service providers to submit annual certifications to the FCC, ensuring they \u201chave created, updated, and implemented a cybersecurity risk management plan, which would strengthen communications from future cyberattacks.\u201d<\/p>\n<p>\u201cAs technology continues to advance, so does the capabilities of adversaries, which means the US must adapt and reinforce our defenses,\u201d <a href=\"https:\/\/www.fcc.gov\/document\/rosenworcel-proposed-requiring-telecom-carriers-secure-their-networks\">Rosenworcel said<\/a>. \u201cWhile the Commission\u2019s counterparts in the intelligence community are determining the scope and impact of the Salt Typhoon attack, we need to put in place a modern framework to help companies secure their networks and better prevent and respond to cyberattacks in the future.\u201d<\/p>\n<p>The Commission further added that it will \u201censure telecommunication companies are required to secure their networks.\u201d<\/p>\n<p>\u201cBy requiring communications service providers to submit annual certifications of their cybersecurity plans, the FCC aims to establish a robust framework for network security and threat response, aligning with the evolving cyber threat landscape,\u201d said Dheeraj Maken, Practice Director at Everest Group.<\/p>\n<p>The FCC will also seek public input on expanding risk management requirements across a broad spectrum of communications providers.<\/p>\n<p>\u201cHowever, smaller providers may face resource constraints, and broader coordination with federal and private initiatives is essential to enhance effectiveness,\u201d Maken pointed out. \u201cAddressing vulnerabilities in critical systems, such as submarine cables and Emergency Alert Networks, will require steps like enhanced monitoring, redundancy planning, encrypted communications, and decentralized architectures.\u201d<\/p>\n<h2 class=\"wp-block-heading\">Salt Typhoon breach raises alarm<\/h2>\n<p>The proposals come after revelations of Salt Typhoon\u2019s extensive cyber intrusions, targeting US telecommunications networks and stealing vast quantities of metadata and call records. FBI and CISA officials briefed reporters earlier, acknowledging the breach\u2019s scope remains unclear.<\/p>\n<p>A day before, top security agencies including the FBI, CISA, and NSA briefed senators behind closed doors on the magnanimity of the Salt Typhoon campaign in the US.<\/p>\n<p>Participants in the briefing included high-ranking officials like FBI agents, Director of National Intelligence Avril Haines, and FCC Chair Jessica Rosenworcel.<\/p>\n<p>US senators, including Ron Wyden and Bob Casey, have called for legislative action, citing gaps in cybersecurity readiness.<\/p>\n<p>Meanwhile, telecom giants like Verizon and AT&amp;T have collaborated with federal agencies to assess and remediate network vulnerabilities.<\/p>\n<h2 class=\"wp-block-heading\">Broader national security implications<\/h2>\n<p>Salt Typhoon has reignited concerns about Chinese cyber activities and their implications for US security and commerce. The attack targeted not only major telecom operators but also submarine cable systems and emergency alert systems.<\/p>\n<p>Chairwoman Rosenworcel\u2019s latest proposal builds on earlier measures to safeguard critical infrastructure, including requiring submarine cable operators and alert system participants to develop robust cybersecurity plans.<\/p>\n<p>With bipartisan scrutiny on Salt Typhoon, the FCC\u2019s initiative signals a heightened effort to counter evolving cyber threats. However, experts warn that addressing vulnerabilities may take years, emphasizing the need for swift yet comprehensive action to secure America\u2019s digital infrastructure.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>In the wake of the Salt Typhoon cyberespionage campaign allegedly linked to China, Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel has proposed immediate measures to strengthen the cybersecurity of US telecommunications infrastructure. The FCC\u2019s action came a day after top US security agencies briefed senators and the Commission on the scope of Salt Typhoon\u2019s espionage [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":1122,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1121","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1121"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1121"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/1121\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/1122"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}