Cyberattack response plans should be mandatory for US telecoms, FCC Chair says

Date:
Fri, 06 Dec 2024 14:28:00 +0000

Description:
Once a year, telcos should prove they have a solid incident reponse plan.

FULL STORY

It should be mandatory for American telecommunications organizations to every
year submit a certification, confirming they have a solid cyber-incident
response plan set up. 

This is a proposal set forth by US Federal Communications Commission
Chairwoman Jessica Rosenworcel, in response to recent news that Chinese
state-sponsored threat groups have entrenched themselves deeply into US
telecom providers, possibly snooping in on important communications for 
years. 

Earlier this year, multiple cybersecurity organizations, and then government
agencies too, reported that Chinese threat actors named Salt Typhoon
infiltrated some US telecommunications giants and were pulling valuable data.

Immediate effect 

Later, a number of organizations confirmed the findings, including T-Mobile,
Verizon, Lumen Technologies, and AT&T. The campaign seems to be global,
affecting dozens of private and public sector firms around the world. 

"While the Commission's counterparts in the intelligence community are
determining the scope and impact of the Salt Typhoon attack, we need to put 
in place a modern framework to help companies secure their networks and 
better prevent and respond to cyberattacks in the future," Rosenworcel said 
in a statement. 

 Reuters cited Rosenworcel saying the proposal was being circulated to other
commissioners in her agency. If adopted, it would take effect immediately, it
was added. 

The victims are now working diligently on ousting the spies in an ongoing
effort, with no concrete deadline set up. 

At the same time, the Chinese government remains silent. In the past, it has
denied these allegations on numerous occasions, even accusing the US of being
the worlds cyber-bully at one point. A few months ago, it released a report 
in which it claimed that Volt Typhoon, another hacking collective, was
actually a CIA asset . 

The document asserts that China consulted over 50 cybersecurity experts, who
collectively determined both the US and Microsoft do not have enough evidence
to implicate Chinas involvement with Volt Typhoon. However, the names of the
experts are not included in the document. 

 Via Reuters

======================================================================
Link to news story:
https://www.techradar.com/pro/security/cyberattack-response-plans-should-be-ma
ndatory-for-us-telecoms-fcc-chair-says

$$
--- SBBSecho 3.20-Linux