Salt Typhoon forces FCC’s hand on making telcos secure their networks

Salt Typhoon forces FCC's hand on making telcos secure their networks

December 6, 2024 at 01:32PM

The FCC, led by Jessica Rosenworcel, plans to enforce stricter network security measures for telecom operators following the Salt Typhoon cyberattacks. Proposed rules would require annual cybersecurity reports and compliance with CALEA. The initiative aims to enhance national security and address vulnerabilities exposed by recent breaches affecting telecom infrastructure.

### Meeting Takeaways:

1. **FCC’s Proposal for Enhanced Network Security**:
– The FCC, led by Jessica Rosenworcel, aims to bolster telecom operators’ network security due to recent cyberattack revelations (Salt Typhoon).
– Proposed rules will require telecom carriers to enhance infrastructure against unauthorized access and submit an annual report on cybersecurity measures.

2. **Impact of CALEA on Telecom Security**:
– A draft Declaratory Ruling interprets section 105 of the Communications Assistance for Law Enforcement Act (CALEA) to mandate action from telecoms to secure networks.
– CALEA was enacted 30 years ago to ensure telecom compliance with law enforcement wiretapping requests.

3. **Annual Cybersecurity Certification**:
– Telecoms must certify annually that a cybersecurity risk management plan has been created, updated, and implemented.
– This rule emphasizes the importance of securing communication infrastructure for national security and public safety.

4. **Immediate Implementation and Comments**:
– If approved, the new ruling will be enacted immediately.
– The FCC will seek feedback on additional security risk management requirements to enhance communications system resilience.

5. **Response to Recent Cyber Threats**:
– The FCC’s actions are a direct response to the Salt Typhoon campaign, which reportedly compromised U.S. telecom infrastructure and targeted devices across several telecom operators.
– There are concerns that attackers may have gained access to law enforcement wiretapping systems.

6. **Global Implications**:
– The vulnerabilities affecting U.S. telecom networks are believed to be present worldwide, linked to regulatory failures and inadequate security measures by telecommunications companies.

7. **CISA Guidance on Cybersecurity**:
– The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidelines recommending the use of encrypted messaging to enhance information security, marking a shift in government stance towards encryption.

Full Article