After recent reports of data breaches involving an intrusion by foreign actors into U.S. communications networks, FCC Chairwoman Jessica Rosenworcel announced late yesterday the agency has taken action to safeguard the nation’s communications systems from cybersecurity threats, including those from the People’s Republic of China.
“In response to Salt Typhoon, there has been a government-wide effort to understand the nature and extent of this breach, what needs to happen to rid this exposure in our networks, and the steps required to ensure it never happens again,” said Rosenworcel. “At the FCC, we now have a choice to make. We can turn the other way and hope this threat goes away. But hope is not a plan.”
She said leaving old policies in place “when we know what new risks look like is not smart. Our existing rules are not modern. It is time we update them to reflect current threats so that we have a fighting chance to ensure that state-sponsored cyberattacks do not succeed.”
Rosenworcel explained, “Telecommunications networks are essential for everything in day-to-day life, from our national defense to public safety to economic growth. The actions we take and propose here will strengthen our cybersecurity safeguards and enhance our resilience against future attacks.”
“The FCC’s Declaratory Ruling and Notice of Proposed Rulemaking is a critical step to require U.S. telecoms to improve cybersecurity to meet today’s nation state threats, including those from China’s well-resourced and sophisticated offensive cyber program,” said National Security Advisor Jake Sullivan.
The Commission adopted a Declaratory Ruling finding that section 105 of Communications Assistance for Law Enforcement Act affirmatively requires telecommunications carriers to secure their networks from unlawful access or interception of communications. That action is accompanied by a proposal to require communications service providers to submit an annual certification to the FCC attesting that they have created, updated, and implemented a cybersecurity risk management plan, which would strengthen communications from future cyberattacks.
The Declaratory Ruling takes effect immediately. The Notice of Proposed Rulemaking invites comment on cybersecurity risk management requirements for a wide range of communications providers. The Notice also seeks comment on additional ways to strengthen the cybersecurity posture of communications systems and services.
By Leslie Stimson, Inside Towers Washington Bureau Chief
Reader Interactions