FCC orders telcos to sharpen up security after Salt Typhoon chaos
The FCC has decided to impose new, more stringent requirements on telecom carriers to secure their networks in response to the recent Salt Typhoon threat campaign targeting the industry.
Jessica Rosenworcel, chairwoman at the FCC, said the body has taken action to ensure the nation’s communication systems are safeguarded against ongoing cyber threats, including state-sponsored attacks from sophisticated groups.
“In response to Salt Typhoon, there has been a government-wide effort to understand the nature and extent of this breach, what needs to happen to rid this exposure in our networks, and the steps required to ensure it never happens again,” she said.
“At the Federal Communications Commission, we now have a choice to make. We can turn the other way and hope this threat goes away. But hope is not a plan.”
The Salt Typhoon group is thought to have been responsible for a spate of recent attacks on multiple major US telecommunication companies, including Verizon, and AT&T.
In December, White House deputy national security advisor Anne Neuberger said the group was able to use its access to record the conversations of high-ranking American political figures.
Rosenworcel added that it was time the US updated its regulation of network security in critical sectors such as communication.
“Leaving old policies in place when we know what new risks look like is not smart. Today, in light of the vulnerabilities exposed by Salt Typhoon, we need to take action to secure our networks. Our existing rules are not modern. It is time we update them to reflect current threats so that we have a fighting chance to ensure that state-sponsored cyberattacks do not succeed,” she said.
“The time to take this action is now. We do not have the luxury of waiting. Telecommunications networks are essential for everything in day-to-day life, from our national defense to public safety to economic growth. The actions we take and propose here will strengthen our cybersecurity safeguards and enhance our resilience against future attacks.”
Experts told ITPro that because the UK had more up to date regulations protecting communications, namely the Telecommunications Security Act (TSA), it was well-placed to address increased threats to its telecoms industry.
Moreover, during a press briefing at the end of 2024, Neuberger said that when discussing the recent intrusions with security colleagues from the UK, they argued that the UK’s more stringent regulations, such as the TSA, would have meant the attack was identified and contained far faster.
US authorities are now looking to address this security gap and ensure its critical communication infrastructure remains resilient to continued and more sophisticated attacks.
FCC sanctions hit China-linked ‘cyber actor’
The US Treasury Department has also imposed new sanctions on a Chinese individual as well as a cybersecurity company in the region for their involvement in the Salt Typhoon attacks against US telecoms companies.
The Office of Foreign Assets Control (OFAC), the body responsible for US economic sanctions, said Shanghai-based ‘cyber actor’ Yin Kecheng played a role in the recent Department of the Treasury network compromise.
It also revealed it would be sanctioning Sichaun Juxinhe Network Technology Co. Ltd, a cybersecurity firm based in Sichuan that was alleged to have had direct involvement in the Salt Typhoon group.
Sichuan Juxinhe Network Technology is said to have had “direct involvement in the exploitation of these US telecommunication and internet service provider companies”, according to a US Treasury Department press release.
Following the action taken by OFAC, announced on 17 January, all property and interests in property of Yin Kecheng and Sichuan Juxinhe Network Technology in the US will be blocked and relevant parties are required to notify OFAC.
“The Treasury Department will continue to use its authorities to hold accountable malicious cyber actors who target the American people, our companies, and the United States government, including those who have targeted the Treasury Department specifically,” said deputy secretary of the Treasury Asewale O. Adeyemo.
Source link
/cdn.vox-cdn.com/uploads/chorus_asset/file/25697390/STK071_APPLE_H.jpg)
