FCC Tightens Cybersecurity Rules After Salt Typhoon Attack
The US Federal Communications Commission (FCC) is bolstering cybersecurity measures for telecommunications firms following the Salt Typhoon attack. FCC Chairwoman Jessica Rosenworcel has proposed a Declaratory Ruling to clarify network security obligations, while also inviting public comment on an expanded compliance framework.
The Salt Typhoon attack, part of a large-scale espionage campaign, targeted multiple US communications firms, including Verizon, AT&T, and Lumen Technologies. The FCC is now seeking public input on expanding cybersecurity requirements and additional defence strategies.
Rosenworcel has proposed a Declaratory Ruling that, if adopted, would immediately take effect. It clarifies that telecommunications carriers must secure their networks against unlawful access and interception. The FCC is also considering an annual certification requirement for communications firms to create, update, and implement cybersecurity risk management plans.
The FCC's Notice of Proposed Rulemaking, if adopted, would open the cybersecurity compliance framework for public comment. The agency aims to strengthen network security in response to the Salt Typhoon attack, which impacted at least eight US communications firms. The FCC invites stakeholders to share their views on the proposed changes.
