Skip to main content
Advertisement
Advertisement
Close
It would go beyond the FCC’s own proposal to regulate telecommunications carriers under federal wiretapping law.
Listen to this article
0:00
Learn more. This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
Sen. Ron Wyden, D-Ore., talks with reporters as he leaves the U.S. Capitol following the first vote of the week on June 17. (Photo by Chip Somodevilla/Getty Images)
Sen. Ron Wyden, D-Ore., introduced legislation Tuesday that would require the Federal Communications Commission to regulate the cybersecurity of telecommunications companies under federal wiretapping law.
Wyden’s proposal is the latest response to the breach of telecom firms by Salt Typhoon, the Chinese government-connected hackers who carried out a potentially yearslong espionage campaign by infiltrating telecom networks. Those hackers as of last week still hadn’t been fully evicted from the systems.
“It was inevitable that foreign hackers would burrow deep into the American communications system the moment the FCC decided to let phone companies write their own cybersecurity rules,” Wyden said in a news release. “Telecom companies and federal regulators were asleep on the job and as a result, Americans’ calls, messages, and phone records have been accessed by foreign spies intent on undermining our national security. Congress needs to step up and pass mandatory security rules to finally secure our telecom system against an infestation of hackers and spies.”
The FCC itself last week proposed such rules under the 1994 Communications Assistance for Law Enforcement Act (CALEA). Salt Typhoon reportedly targeted communications accumulated by way of that law, which dictates how telecommunications carriers comply with federal law enforcement requests.
Advertisement
Wyden’s legislation would mandate that the FCC regulate telecommunications cybersecurity under CALEA within one year, in consultation with the Cybersecurity and Infrastructure Security Agency and the Office of the Director of National Intelligence.
Going beyond the FCC proposal, the legislation would also require annual testing of the telecommunications companies’ systems to determine whether they “are susceptible to the interception of communications or access to call-identifying information without lawful authorization by any person or entity, including by an advanced persistent threat.” It would also require them to contract with independent auditors to assess compliance with the FCC rules.
Wyden has taken numerous measures in response to the Salt Typhoon breaches, hailed as the worst in U.S. telecommunications history. Among them is a letter last week with Sen. Eric Schmitt, R-Mo., pressuring the Defense Department to shore up the cybersecurity of its telecommunications carriers.
Tim Starks
Written by Tim Starks
Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he's covered cybersecurity since 2003. Email Tim here: tim.starks@cyberscoop.com.
In This Story
Advertisement
Advertisement
Advertisement
More Scoops
Latest Podcasts
Government
Technology
Advertisement
Continue to CyberScoop