- 8 ways diversity and inclusion help teams perform better
- The project of reform and revival that saved JAL
- AI has grown beyond human knowledge, says Google's DeepMind unit
- Microsoft still has a massive Windows 10 problem - and there's no easy way out
- Midnight Blizzard Targets European Diplomats with Wine Tasting Lure
FCC Proposes Stricter Cybersecurity Rules for US Telecoms
The US Federal Communications Commission (FCC) is looking to expanding cybersecurity requirements for US telecommunications firms following the Salt Typhoon cyber-attack which impacted at least eight US communications firms.
As part of its “decisive action” the FCC has released a Notice of Rulemaking in which communications firms could be subject to an annual certification requirement to create, update and implement cybersecurity risk management plans.
In addition, FCC Chairwoman Jessica Rosenworcel has proposed a Declaratory Ruling that would clarify that Section 105 of the Communications Assistance for Law Enforcement Act (CALEA) creates a legal obligation for telecommunications carriers to secure their networks against unlawful access and interception.
The Salt Typhoon incident saw foreign actors, state-sponsored by the People’s Republic of China (PRC), infiltrated at least eight US communications companies, compromising sensitive systems and exposing vulnerabilities in critical telecommunications infrastructure.
The attack was part of a large-scale espionage campaign. It is believed that targets included Verizon, AT&T and Lumen Technologies.
In a statement, the FCC said, “While the Commission’s counterparts in the intelligence community are determining the scope and impact of the Salt Typhoon attack, the FCC can act now to strengthen cybersecurity safeguards and ensure resilience against future cyberattacks by adversaries.”
The FCC has invited the public to comment on the expanding cybersecurity requirements and identify additional ways to enhance such cybersecurity defenses.
The proposed measures have been made available to the five members of the Commission and they may choose to vote on them at any moment.
If adopted, the Declaratory Ruling would take effect immediately, the FCC statement said.
The Notice of Proposed Rulemaking, if adopted, would open for public comment the cybersecurity compliance framework, which is part of a broader effort to secure the nation’s communications infrastructure.
