- A yearly certification should be mandatory for US telcos, FCC Chair said
- The initiative should help businesses tackle rising attacks
- China denies any involvement
It should be mandatory for American telecommunications organizations to every year submit a certification, confirming they have a solid cyber-incident response plan set up.
This is a proposal set forth by US Federal Communications Commission Chairwoman Jessica Rosenworcel, in response to recent news that Chinese state-sponsored threat groups have entrenched themselves deeply into US telecom providers, possibly snooping in on important communications for years.
Earlier this year, multiple cybersecurity organizations, and then government agencies too, reported that Chinese threat actors named Salt Typhoon infiltrated some US telecommunications giants and were pulling valuable data.
Later, a number of organizations confirmed the findings, including T-Mobile, Verizon, Lumen Technologies, and AT&T. The campaign seems to be global, affecting “dozens” of private and public sector firms around the world.
“While the Commission’s counterparts in the intelligence community are determining the scope and impact of the Salt Typhoon attack, we need to put in place a modern framework to help companies secure their networks and better prevent and respond to cyberattacks in the future,” Rosenworcel said in a statement.
Reuters cited Rosenworcel saying the proposal was being circulated to other commissioners in her agency. If adopted, it would take effect immediately, it was added.
The victims are now working diligently on ousting the spies in an ongoing effort, with no concrete deadline set up.
At the same time, the Chinese government remains silent. In the past, it has denied these allegations on numerous occasions, even accusing the US of being the world’s cyber-bully at one point. A few months ago, it released a report in which it claimed that Volt Typhoon, another hacking collective, was actually a CIA asset.
The document asserts that China consulted over 50 cybersecurity experts, who collectively determined both the US and Microsoft do not have enough evidence to implicate China’s involvement with Volt Typhoon. However, the names of the experts are not included in the document.
Via Reuters