The Federal Communications Commission (FCC) on Dec. 5 responded to recent reports that the Chinese group Salt Typhoon infiltrated at least eight U.S. telecom companies by proposing that carriers create, update and implement cybersecurity risk management plans annually to the FCC, or face stiff penalties.
FCC Chairwoman Jessica Rosenworcel said the agency had this authority under Section 105 of the Communications Assistance for Law Enforcement Act (CALEA), which created a legal obligation for the telecoms to secure their networks against unlawful access and interception.
The recent proposed “Declaratory Ruling” was made available to the five members of the FCC and, if adopted, would reportedly be the first time the FCC has assumed such powers under the existing CALEA wiretapping law first enacted in 1994.
“As technology continues to advance, so does the capabilities of adversaries, which means the U.S. must adapt and reinforce our defenses,” said Rosenworcel. “While the commission’s counterparts in the intelligence community are determining the scope and impact of the Salt Typhoon attack, we need to put in place a modern framework to help companies secure their networks…
