AT&T and Verizon acknowledged Saturday that their networks were part of the U.S.-based infrastructure that was hacked in Salt Typhoon Chinese government-affiliated operation (see 2411190073), but both carriers insisted their operations are now secure. “We detect no activity by nation-state actors in our networks at this time,” an AT&T spokesperson said. “Based on our current investigation of this attack, the People's Republic of China targeted a small number of individuals of foreign intelligence interest.” The carrier said it monitored and secured its networks following the attack to protect other consumers’ data. Verizon Chief Legal Officer Vendana Venkatesh likewise said the carrier has “not detected threat actor activity in Verizon's network for some time, and after considerable work addressing this incident, we can report that Verizon has contained the activities associated with this particular incident.” Anne Neuberger, deputy national security adviser-cyber and emerging technology, said during a Friday conference call with reporters that the federal government has identified a ninth U.S.-based telecom provider compromised in the Salt Typhoon hack. The “Chinese gained access to networks and essentially had broad and full access,” which allowed them to “geolocate millions of individuals, to record phone calls at will,” Neuberger said. She said FCC Chairwoman Jessica Rosenworcel’s draft declaratory ruling finding that Communications Assistance for Law Enforcement Act Section (CALEA) Section 105 requires telecom carriers to secure their networks against cyberattacks (see 2412050044) would help limit the impact of future hacks.
Senate Commerce Committee ranking member Ted Cruz, R-Texas, during a Wednesday Communications Subcommittee hearing criticized FCC Chairwoman Jessica Rosenworcel’s draft declaratory ruling last week finding that Communications Assistance for Law Enforcement Act Section (CALEA) Section 105 requires telecom carriers to secure their networks against cyberattacks (see 2412050044). Republican FCC Commissioner Brendan Carr, President-elect Donald Trump’s pick to become chairman Jan. 20, told reporters Wednesday he believes the commission’s response to the Salt Typhoon Chinese government-affiliated effort at hacking U.S. telecom networks (see 2411190073) should focus on continuing to “closely” coordinate with other federal cyber-related agencies and identify vulnerabilities to the private sector.
Some congressional backers of the FCC’s Secure and Trusted Communications Networks Reimbursement Program are beginning to see momentum turn toward including an additional $3.08 billion that will fully fund the initiative in an end-of-year legislative package (see 2411190064), but they aren’t guaranteeing success yet. Lawmakers and other rip-and-replace boosters hope congressional scrutiny of the Salt Typhoon Chinese government-affiliated effort at hacking U.S. telecom networks (see 2411190073) could be a tipping point for securing the funding after multiple spectrum legislative proposals, meant to pay for the program, stalled in recent years.
The FCC on Thursday approved 3-2 a three-year, $200 million cybersecurity pilot program for schools and libraries. Commissioners Brendan Carr and Nathan Simington dissented, as some had predicted (see 2406040039). The two cited concerns with the FCC using E-rate program funds for the effort. Commissioners Geoffrey Starks and Anna Gomez indicated changes were inserted into the pilot rules at their request.
Industry experts are hopeful the FCC will make several changes in a proceeding on draft rules for a proposed $200 million cybersecurity pilot program for schools and libraries (see 2405160076). While commissioners are expected to approve the order Thursday, officials said dissents are possible from Republican Commissioners Brendan Carr or Nathan Simington.
FCC commissioners approved 5-0 an NPRM Thursday that proposes barring test labs from entities on the agency’s “covered list” of unsecure companies from participating in the equipment authorization process. In addition, the FCC clamped down on political robocall violations. Chairwoman Jessica Rosenworcel, working with Commissioner Brendan Carr, proposed the lab rules (see 2405020071).
The FCC will take a series of steps aimed at addressing cybersecurity challenges during the commissioners' June 6 open meeting (see 2405150042). A draft NPRM released Thursday would seek comment on a proposal to impose specific reporting requirements on nine service providers as part of the agency's effort to increase border gateway protocol and resource public key infrastructure security, which assist routing traffic across the internet.
The FCC will address "additional measures to combat emerging security challenges of the digital age" during the commissioners' open meeting June 6, said Chairwoman Jessica Rosenworcel in a note Wednesday. Commissioners will consider a proposal requiring that ISPs comply with new rules concerning border gateway protocol (BGP) security and a pilot program supporting cybersecurity services for E-rate participants. Also on the agenda is a proposal that would change existing bank rating standards for high-cost programs and updates to the commission's low-power television rules.
The FCC released the Further NPRM added to an order on a voluntary cyber trust mark program that commissioners approved 5-0 last week (see 2403140034). The final order includes numerous other tweaks to the draft, addressing security and excluding motor vehicles and related equipment. The order and FNPRM were posted in Monday’s “Daily Digest.”
FCC commissioners approved 5-0 a voluntary cyber trust mark program based on National Institute of Standards and Technology criteria during their open meeting Thursday. As expected, commissioners noted changes in the item since a draft circulated three weeks ago (see 2403130047). Also, as expected, the FCC will ask additional questions in a further notice about software and hardware from countries of national security concern and whether data from U.S. citizens will be stored abroad. The FCC was under pressure to make changes.