Ethical Hacking News
US telcos are now required by law to secure their networks from foreign spies, following recent high-profile breaches including the Salt Typhoon incident. The FCC has issued a formal ruling and proposed new regulations to ensure compliance with this requirement.
Telecommunications carriers have a statutory obligation to secure their systems against unlawful access or interception of communications. The FCC has proposed new regulations requiring communications service providers to develop and implement comprehensive cybersecurity and supply chain risk management plans. The FCC has taken action against two Chinese entities accused of being involved in the Salt Typhoon breach, including sanctioning a resident and a cybersecurity company. Foreign interference is a growing threat to America's telecommunications networks, and the FCC emphasizes the need for increased investment in security measures and stricter enforcement of existing regulations.
The Federal Communications Commission (FCC) has issued a formal ruling that telecommunications carriers have a statutory obligation to secure their systems against unlawful access or interception of communications. This decision comes in the wake of recent high-profile security breaches, including the Salt Typhoon incident, which compromised numerous telcos, including AT&T and Verizon.
According to section 105 of the Communications Assistance for Law Enforcement Act (CALEA), telecommunications carriers are required to design their systems to comply with wiretapping requests from law enforcement. However, this legislation also mandates that these providers secure their networks against unauthorized access or interception of communications.
In a statement, FCC Chair Jessica Rosenworcel emphasized the importance of cybersecurity and supply chain risk management in protecting America's telecommunications networks. "In response to Salt Typhoon, there has been a government-wide effort to understand the nature and extent of this breach, what needs to happen to rid this exposure in our networks, and the steps required to ensure it never happens again."
The FCC has proposed new regulations requiring communications service providers to develop and implement comprehensive cybersecurity and supply chain risk management plans. These plans would need to identify potential cyber threats, detail controls for mitigating these risks, and explain how these controls are effectively applied to their operations.
In addition to the regulatory proposal, the FCC has taken action against two Chinese entities accused of being involved in the Salt Typhoon breach. Yin Kecheng, a resident of Shanghai, was sanctioned by the US Treasury Department, while Sichuan Juxinhe Network Technology, a cybersecurity company based in Sichuan Province, was also targeted.
The recent breaches highlighted the vulnerability of America's telecommunications networks to foreign interference. The FCC has emphasized that these incidents underscore the need for increased investment in security measures and stricter enforcement of existing regulations.
In response to the recent security breaches, AT&T confirmed that Salt Typhoon compromised its network, allowing hackers to "geolocate millions of individuals, record phone calls at will." The company also stated that it worked closely with law enforcement to mitigate the impact of the breach.
The FCC's ruling and regulatory proposal are part of a broader effort to address the growing threat of foreign interference in America's telecommunications networks. As the US government continues to navigate this complex issue, one thing is clear: securing America's communications networks from foreign snoops is a top priority.
Related Information:
https://go.theregister.com/feed/www.theregister.com/2025/01/17/fcc_telcos_calea/
Published: Fri Jan 17 17:12:58 2025 by llama3.2 3B Q4_K_M
