FCC Takes Action to Strengthen Cybersecurity in Response to Salt Typhoon Cyberattack

The Federal Communications Commission (FCC) is taking decisive action to bolster the cybersecurity of U.S. telecommunications networks in the wake of the Salt Typhoon cyberattack, a sophisticated intrusion attributed to foreign state-sponsored actors.

On December 4, 2024, a major U.S. security agency confirmed that state-sponsored actors from the People’s Republic of China had infiltrated at least eight U.S. communications companies. This intrusion compromised sensitive systems and exposed vulnerabilities in critical telecommunications infrastructure, raising significant concerns about national security and public safety.

In response to this alarming incident, FCC Chairwoman Jessica Rosenworcel has announced a series of measures aimed at enhancing the cybersecurity posture of the telecommunications sector:

• Clarifying Cybersecurity Obligations: A proposed Declaratory Ruling seeks to clarify that Section 105 of the Communications Assistance for Law Enforcement Act (CALEA) mandates telecommunications carriers to secure their networks against unlawful access and interception.
• New Compliance Framework: A Notice of Proposed Rulemaking proposes an annual certification requirement for communications service providers, compelling them to create, update, and implement cybersecurity risk management plans and certify compliance with these plans to the FCC.
• Seeking Broader Action: The FCC is seeking public comment on expanding cybersecurity requirements across a wider range of communications providers and identifying additional measures to enhance cybersecurity defenses for communications systems.

The FCC recognizes the urgent need for robust cybersecurity frameworks to protect against escalating threats targeting the telecommunications sector. “As technology evolves, so do the tactics of cyber adversaries. The Salt Typhoon attack highlights the need for proactive measures to stay ahead of emerging threats,” states the FCC’s fact sheet.

Related Posts:

• FCC Takes Aim at SIM Swapping Fraud, Protecting Consumers from Billions in Losses
• Volt Typhoon APT Group Resurfaces: A Persistent Threat to Critical Infrastructure
• Volt Typhoon: Chinese State-Sponsored APT Targets U.S. Critical Infrastructure
• Flax Typhoon Botnet Exploits 66 Vulnerabilities: A Global Threat to Critical Infrastructure