The Federal Communications Commission (FCC) is introducing a new rule that could force telecom carriers to improve their cybersecurity practices. This move comes after a series of cyberattacks, including one attributed to the Chinese hacking group Salt Typhoon, raised serious concerns about the vulnerability of America"s communication infrastructure.
According to FCC"s press release, the proposed rule would require phone companies to implement robust security measures to safeguard their networks from "unlawful access or interception of communications." This includes mandating annual certifications from these companies, demonstrating that they have a comprehensive cybersecurity plan in place to counter potential threats.
FCC"s Chairwoman Jessica Rosenworcel states:
The cybersecurity of our nation’s communications critical infrastructure is essential to promoting national security, public safety, and economic security. As technology continues to advance, so does the capabilities of adversaries, which means the U.S. must adapt and reinforce our defenses. While the Commission’s counterparts in the intelligence community are determining the scope and impact of the Salt Typhoon attack, we need to put in place a modern framework to help companies secure their networks and better prevent and respond to cyberattacks in the future.
The FCC"s initiative is a much-needed step towards improving the nation"s cybersecurity posture. The Salt Typhoon incident, which reportedly compromised telecom networks including Verizon and AT&T for up to two years, exposed a critical vulnerability. Foreign hackers gaining access to these networks could potentially eavesdrop on sensitive communications, steal valuable data, or even disrupt major infrastructure.
Adding to these concerns, recently, senators pushed for action on military phone security, urging the Department of Defense (DoD) to investigate its failure to protect telephone communications from foreign spies. This highlights the urgent need for a unified national strategy to address cyber vulnerabilities across all communication channels.
To ensure effective implementation, the FCC needs to establish clear guidelines for what constitutes a sufficient cybersecurity plan and conduct thorough audits to verify compliance. Additionally, the financial penalties for non-compliance need to be substantial enough to discourage phone companies from prioritizing short-term profits over long-term security.