Skip to main content
close search
site logo
Dive Brief

FCC proposes stronger telecom cyber rules as Salt Typhoon fallout continues

The agency’s proposed rule changes come two months after a China-government sponsored espionage campaign first came to light.

Published Dec. 6, 2024
Matt Kapko's headshot
Senior Reporter
Federal Communications Commission Chair Jessica Rosenworcel
Federal Communications Commission Chair Jessica Rosenworcel testifies before the House Energy and Commerce Committee's Communications and Technology Subcommittee on Dec. 5, 2019, in Washington, D.C. Rosenworcel proposed rules changes to bolster telecom operators defenses on Dec. 5, 2024. Chip Somodevilla/Getty Images via Getty Images

Dive Brief:

  • Federal Communications Commission Chair Jessica Rosenworcel on Thursday proposed stronger rules requiring telecom operators to secure their networks from intrusions, in response to the wave of China-linked attacks on U.S. carriers’ infrastructure.
  • The measure has two parts. Rosenworcel proposed a declaratory ruling to clarify telecom operators are legally obligated to secure their networks under Section 105 of the Communications Assistance for Law Enforcement Act. The second lever, a notice of proposed rulemaking, includes an annual certification requirement for telecom providers to maintain cybersecurity risk management plans.
  • “While the commission’s counterparts in the intelligence community are determining the scope and impact of the Salt Typhoon attack, we need to put in place a modern framework to help companies secure their networks and better prevent and respond to cyberattacks in the future,” Rosenworcel said in a statement Thursday.

Dive Insight:

The FCC’s proposals come two months after news first broke about an espionage campaign sponsored by China's government that federal officials scrambled to assess and have yet to contain.

“Given the magnitude of this global attack, it’s clear that we were caught off guard, need to catch up and then keep up,” said Stéphane Téral, founder and chief analyst at Téral Research.

Salt Typhoon, a China-affiliated threat group, compromised at least eight U.S. telecom providers, stole a large amount of records and still has access to the networks, officials said earlier this week. The threat group gained broad access to communications of everyday Americans and also stole private audio and text content of targeted U.S. government and political officials.

The FCC did not respond to a request for comment or explain when or how soon the declaratory ruling or proposed rule could take effect. The agency took an active role in enforcing cybersecurity and data protection in the sector this year, expanding cooperation with state attorneys general and instituting new data breach reporting rules.

Zeus Kerravala, founder and principal analyst at ZK Research, said the FCC has the right idea but he’s skeptical of its ultimate impact.

The call to “mandate they secure their networks from unlawful access is a very broad statement, and I believe the operators do this today to the best of their ability,” Kerravala said.

The FCC and national security agencies need to increase coordination and collaboration, Téral said.

Industry analysts question the outcome of the FCC’s efforts, particularly in the absence of greater support.

The agency’s efforts will deliver “little impact if insufficient resources are deployed for implementation and execution,” Téral said. “The name of the game is to stay ahead of all continuously evolving threats.”

Editors' picks

Company Announcements

View all | Post a press release
Migliaccio and Rathod Investigates Byte Federal Data Breach
From Migliaccio and Rathod
December 12, 2024
DigiCert Releases First-of-Its-Kind Open-Source DCV Library to Elevate Industry Standards
From DigiCert
December 18, 2024
Rumpke Data Breach Investigation
From Migliaccio and Rathod
December 11, 2024
Only Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Eva…
From Cynet Security
December 11, 2024
Editors' picks
Latest in Cyberattacks
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.