Sen. Ron Wyden, D-Ore., introduced legislation Tuesday that would require the Federal Communications Commission to regulate the cybersecurity of telecommunications companies under federal wiretapping law.
Wyden’s proposal is the latest response to the breach of telecom firms by Salt Typhoon, the Chinese government-connected hackers who carried out a potentially yearslong espionage campaign by infiltrating telecom networks. Those hackers as of last week still hadn’t been fully evicted from the systems.
“It was inevitable that foreign hackers would burrow deep into the American communications system the moment the FCC decided to let phone companies write their own cybersecurity rules,” Wyden said in a news release. “Telecom companies and federal regulators were asleep on the job and as a result, Americans’ calls, messages, and phone records have been accessed by foreign spies intent on undermining our national security. Congress needs to step up and pass mandatory security rules to finally secure our telecom system against an infestation of hackers and spies.”
The FCC itself last week proposed such rules under the 1994 Communications Assistance for Law Enforcement Act (CALEA). Salt Typhoon reportedly targeted communications accumulated by way of that law, which dictates how telecommunications carriers comply with federal law enforcement requests.
Wyden’s legislation would mandate that the FCC regulate telecommunications cybersecurity under CALEA within one year, in consultation with the Cybersecurity and Infrastructure Security Agency and the Office of the Director of National Intelligence.
Going beyond the FCC proposal, the legislation would also require annual testing of the telecommunications companies’ systems to determine whether they “are susceptible to the interception of communications or access to call-identifying information without lawful authorization by any person or entity, including by an advanced persistent threat.” It would also require them to contract with independent auditors to assess compliance with the FCC rules.
Wyden has taken numerous measures in response to the Salt Typhoon breaches, hailed as the worst in U.S. telecommunications history. Among them is a letter last week with Sen. Eric Schmitt, R-Mo., pressuring the Defense Department to shore up the cybersecurity of its telecommunications carriers.
The post Wyden legislation would mandate FCC cybersecurity rules for telecoms appeared first on CyberScoop.