Ninth Telecom Company Struck in Salt Typhoon Series, Confirms White House Statement
In the wake of the Salt Typhoon cyberattack, attributed to the People's Republic of China, the United States government has taken significant steps to bolster the security of its telecommunications infrastructure. This article outlines the measures introduced and advocated, focusing on the Federal Communications Commission (FCC) and the call for enhanced security measures.
The FCC has been proactive in its response, implementing a new regulatory framework aimed at reducing foreign adversary influence on the telecommunications supply chain and identifying security vulnerabilities. The Commission has also strengthened its Equipment Authorization Program, prohibiting the importation and authorization of equipment from entities on the Covered List, and has proposed a uniform certification and reporting regime for comprehensive ownership disclosure by FCC licensees.
The Foundation for Defense of Democracies (FDD) has advocated for more stringent measures, urging the FCC to revoke existing equipment approvals for devices associated with high-risk vendors and to expand oversight of components embedded in equipment. These measures are part of a broader effort to enhance security standards and mitigate risks in the U.S. telecommunications infrastructure.
The FCC chair, Jessica Rosenworcel, has proposed stronger security rules, and U.S. officials are conducting an ongoing investigation into the Salt Typhoon campaign. The White House has also advocated for more regulations to strengthen security rules for U.S. telecom infrastructure, and FCC commissioners are scheduled to vote on the proposed stronger security rules by January 15th, as urged by the White House.
The Salt Typhoon intrusion has highlighted the need for improved cybersecurity practices in the telecom sector. The attack, which compromised nine telecom companies, including a recently identified ninth unnamed company, underscores the vulnerabilities of the current system. The attackers, a China-government sponsored threat group, gained broad and full access to U.S. telecom networks, erasing logs to cover their tracks and geolocating millions of individuals at will while stealing communications of probably less than 100 individuals.
Anne Neuberger, deputy national security advisor for cyber and emerging technology, has emphasised the need for private companies operating critical infrastructure to implement basic cybersecurity practices to make them harder to attack. However, she has also stated that voluntary cybersecurity practices are inadequate to defend U.S. critical infrastructure against nation-state threat groups.
As the investigation into the Salt Typhoon campaign continues, the call for stronger regulations comes not just from the FCC and the White House, but also from the need to protect the nation's critical infrastructure from similar threats in the future. The U.S. government is working to lock down telecom infrastructure, but the full scope and scale of the Salt Typhoon intrusion may never be known due to the attackers' efforts to cover their tracks. Despite this, the U.S. remains committed to holding China accountable for the Salt Typhoon intrusion.
- The FCC, in response to the Salt Typhoon cyberattack, has implemented a new regulatory framework aimed at reducing foreign influence and enhancing security in the telecommunications supply chain.
- The Foundation for Defense of Democracies (FDD) has advocated for stricter measures, urging the FCC to revoke existing equipment approvals for devices associated with high-risk vendors and expand oversight of components embedded in equipment.
- As the investigation into the Salt Typhoon campaign continues, there is a call for strong regulations to protect the nation's critical infrastructure from similar threats, such as cybersecurity vulnerabilities in telecom networks, by enforcing stringent technology, politics, and general-news related measures.
