UPDATE Following the breaches of at least eight U.S. telecom networks by Chinese-backed hackers, FCC Chairwoman Jessica Rosenworcel proposed action to safeguard the nation’s communications systems from real and present cybersecurity threats. Rosenworcel said Thursday the FCC will act to ensure telecoms are required to secure their networks.
“The cybersecurity of our nation’s communications critical infrastructure is essential to promoting national security, public safety, and economic security,” said Rosenworcel. “As technology continues to advance, so does the capabilities of adversaries, which means the U.S. must adapt and reinforce our defenses. While the Commission’s counterparts in the intelligence community are determining the scope and impact of the Salt Typhoon attack, we need to put in place a modern framework to help companies secure their networks and better prevent and respond to cyberattacks in the communications sector in the future.”
Chairwoman Rosenworcel has shared with her fellow commissioners a finding that requires carriers to secure their networks from unlawful access or interception of communications. That action in section 105 of the Communications Assistance for Law Enforcement Act is accompanied by a proposal that would require communications service providers to submit an annual certification to the FCC attesting that they have created, updated, and implemented a cybersecurity risk management plan, which would strengthen communications from future cyberattacks.
If adopted, the Declaratory Ruling would take effect immediately. In addition, the draft Notice of Proposed Rulemaking would seek comment on cybersecurity risk management requirements for a wide range of communications providers. The proposal would also seek comment on additional ways to strengthen the cybersecurity posture of communications systems and services.
The latest move dovetails with previous Commission actions on this problem. Last month, the FCC proposed cybersecurity risk management plan requirements for submarine cable landing applicants and licensees. In addition, the Commission previously proposed that participants in the Emergency Alert System and Wireless Emergency Alerts maintain cybersecurity risk management plans.
By Leslie Stimson, Inside Towers Washington Bureau Chief
Reader Interactions