Sen. Ron Wyden, D-Ore., introduced legislation Tuesday that would require the Federal Communications Commission to regulate the cybersecurity of telecommunications companies under federal wiretapping law.

Wyden’s proposal is the latest response to the breach of telecom firms by Salt Typhoon, the Chinese government-connected hackers who carried out a potentially yearslong espionage campaign by infiltrating telecom networks. Those hackers as of last week still hadn’t been fully evicted from the systems.

“It was inevitable that foreign hackers would burrow deep into the American communications system the moment the FCC decided to let phone companies write their own cybersecurity rules,” Wyden said in a news release. “Telecom companies and federal regulators were asleep on the job and as a result, Americans’ calls, messages, and phone records have been accessed by foreign spies intent on undermining our national security. Congress needs to step up and pass mandatory security rules to finally secure our telecom system against an infestation of hackers and spies.”

The FCC itself last week proposed such rules under the 1994 Communications Assistance for Law Enforcement Act (CALEA). Salt Typhoon reportedly targeted communications accumulated by way of that law, which dictates how telecommunications carriers comply with federal law enforcement requests.

Wyden’s legislation would mandate that the FCC regulate telecommunications cybersecurity under CALEA within one year, in consultation with the Cybersecurity and Infrastructure Security Agency and the Office of the Director of National Intelligence.

Going beyond the FCC proposal, the legislation would also require annual testing of the telecommunications companies’ systems to determine whether they “are susceptible to the interception of communications or access to call-identifying information without lawful authorization by any person or entity, including by an advanced persistent threat.” It would also require them to contract with independent auditors to assess compliance with the FCC rules.

Wyden has taken numerous measures in response to the Salt Typhoon breaches, hailed as the worst in U.S. telecommunications history. Among them is a letter last week with Sen. Eric Schmitt, R-Mo., pressuring the Defense Department to shore up the cybersecurity of its telecommunications carriers.

The post Wyden legislation would mandate FCC cybersecurity rules for telecoms appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

How an Iranian-linked influence campaign pivoted after Oct. 7 attack on Israel

May 8, 2024 0 Comments 0 tags

In recent days, a purportedly pro-Israeli Telegram channel called “Tears of War” has posted dozens of messages. Interspersed with heartfelt posts pushing for the return of hostages taken as part

Read More

UK Justice System Failing Cybercrime Victims, Cyber Helpline Finds

November 29, 2024 0 Comments 0 tags

A report from the charity the Cyber Helpline found that 98% of cyber enabled crimes result in no further action from the police or justice system

Read More

Email Phishing Attacks Surge as Attackers Bypass Security Controls

October 3, 2024 0 Comments 0 tags

Egress found that attackers are becoming more adept at bypassing email security, such as using compromised accounts and the use of commodity campaigns

Read More