Article Details

Wyden proposes bill to secure US telecoms after Salt Typhoon hacks. U.S. Senator Ron Wyden of Oregon announced a new bill to secure the networks of American telecommunications companies breached by Salt Typhoon Chinese state hackers earlier this year. Wyden's "Secure American Communications Act" will order the Federal Communications Commission (FCC) to issue binding cybersecurity rules and implement the security requirements demanded since 1994 by legislation that instructs telecom providers to secure their phone and wireless networks from breaches. Telecom carriers will have to test their systems annually for security vulnerabilities, patch them, and document their findings and "all corrective measures." They'll also have to contract independent auditors for annual compliance audits with FCC cybersecurity rules and document any noncompliance findings. "It was inevitable that foreign hackers would burrow deep into the American communications system the moment the FCC decided to let phone companies write their own cybersecurity rules. Telecom companies and federal regulators were asleep on the job and as a result, Americans' calls, messages, and phone records have been accessed by foreign spies intent on undermining our national security," Wyden said today. "Congress needs to step up and pass mandatory security rules to finally secure our telecom system against an infestation of hackers and spies." On Thursday, FCC Chairwoman Jessica Rosenworcel announced that the agency would also act "urgently" to ensure that American telecom carriers are required to secure their networks. The Salt Typhoon telecom breaches CISA and the FBI confirmed the hacks in late October following reports that Chinese threat actors had hacked multiple telcos, including T-Mobile, AT&T, Verizon, and Lumen Technologies. Even though the timing of these breaches is still unclear, the Chinese hackers had access for "months or longer." This reportedly allowed them to steal substantial internet traffic from carriers providing services to American businesses and millions of customers. Last week, President Biden's deputy national security adviser Anne Neuberger told reporters during a Wednesday press briefing that the Salt Typhoon hacking group breached eight U.S. telecoms and carriers in dozens of other countries. The White House official said that "at this time, we don't believe any classified communications have been compromised," while a senior CISA official added in a Tuesday press call that they couldn't "say with certainty that the adversary has been evicted." CISA and FBI officials also advised Americans to use encrypted messaging apps to minimize the risk of communications interception by Chinese hackers and released guidance to help telecom infrastructure system admins and engineers harden systems against Salt Typhoon attacks. Also tracked as Earth Estries, Ghost Emperor, FamousSparrow, and UNC2286, the Salt Typhoon Chinese state-sponsored hacking group has been active since at least 2019, breaching government entities and telecom companies across Southeast Asia.