ADVERTISEMENT

Company News

FCC Responds to Chinese Attack on Telecom Firms With New Rules

By Kelcee Griffis
HOUSTON, TX - JULY 22: A Chinese national flag waves at the Chinese consulate after the United States ordered China to close its doors on July 22, 2020 in Houston, Texas. According to the State Department, the U.S. government ordered the closure of the Chinese consulate "in order to protect American intellectual property and Americans' private information." (Photo by Go Nakamura/Getty Images) (Go Nakamura/Photographer: Go Nakamura/Getty )

(Bloomberg) -- The US Federal Communications Commission proposed a set of rules Thursday that mandates carriers take steps to protect their networks against cybersecurity threats in the wake of revelations that Chinese hackers have likely been embedded in US communications infrastructure for months — with no end in sight.

Carriers should be required to “secure their networks from unlawful access or interception of communications,” according to the agency, a step the FCC declined to take three decades ago after Congress passed a law to make it easier for law enforcement to access the networks. 

“While the Commission’s counterparts in the intelligence community are determining the scope and impact of the Salt Typhoon attack, we need to put in place a modern framework to help companies secure their networks and better prevent and respond to cyberattacks in the future,” FCC Chair Jessica Rosenworcel said in a statement. 

In a fact sheet also released Thursday, the agency acknowledged the White House’s disclosure that eight telecom companies were breached in the Salt Typhoon network intrusion. AT&T Inc. and Verizon Communications Inc. are among those affected, and the hackers potentially accessed systems the federal government uses for court-authorized network wiretapping requests, the Wall Street Journal reported in early October.

T-Mobile US Inc. Chief Security Officer Jeff Simon told Bloomberg News last week that the company had detected and quickly shut down a breach that was potentially related to Salt Typhoon. 

The Biden administration has said the threat is linked to China, although Beijing has repeatedly denied involvement. 

When Congress enacted the Communications Assistance for Law Enforcement Act in 1994, which created the legal wiretap program by requiring carriers to maintain back doors for intelligence-gathering, it directed the FCC to consider setting cyber standards for the system.

However, “the FCC declined to do so, stating that it did not want to ‘micro-manage’ companies’ practices,” according to an October letter from Senator Ron Wyden to the agency. “The FCC has failed to update these regulations to require specific cybersecurity defenses in the 25 years since, even after examples of spies targeting and compromising wiretapping systems became public.”

The proposed rules, which all five FCC commissioners must approve before they take effect, would obligate carriers to ensure unauthorized parties can’t access or intercept communications. The rules would also make clear “that telecommunications carriers’ duties extend not just to the equipment they use but how they manage their networks,” according to the fact sheet. It further proposed that carriers annually certify that they have and use cyber risk management plans. 

©2024 Bloomberg L.P.