Significant years-long compromise of U.S. telecommunications firms by Chinese state-sponsored threat operation Salt Typhoon has prompted the Federal Communications Commission to propose more stringent cybersecurity requirements for telcos under the Communications Assistance for Law Enforcement Act, CyberScoop reports.
Under the proposed FCC rule, telecommunications entities would not only need to ensure their networks' defenses against "unlawful access and interception" but also be required to undergo yearly cybersecurity risk management plan certifications. "While the Commission's counterparts in the intelligence community are determining the scope and impact of the Salt Typhoon attack, we need to put in place a modern framework to help companies secure their networks and better prevent and respond to cyberattacks in the communications sector in the future," said FCC Chair Jessica Rosenworcel. Meanwhile, USTelecom - The Broadband Association President and CEO Jonathan Spalter expressed commitment to bolstering the sector's cybersecurity posture. "Ensuring the security of our customers is our top priority and we will continue to work side-by-side with intelligence agencies, law enforcement, and other government partners to identify and address the root causes of cybersecurity incidents," Spalter added.