A US Senator has presented a new bill to secure the networks of the country's telecommunication companies targeted by the China-linked Salt Typhoon hacking group.
What's considered to be the largest intelligence compromise in US history sparked a call to all US citizens to switch to encrypted communications last week. At least eight of the country's largest telecoms were hacked to spy on their customers' activities, including AT&T, Verizon, and Lumen Technologies.
The Secure American Communications Act would require the Federal Communications Commission (FCC) to "fix its own failure" and fully implement the cybersecurity rules under the 1994 legislation. US telecoms are also required to submit annual security tests and audits to the FCC.
A turning point?
"It was inevitable that foreign hackers would burrow deep into the American communications system the moment the FCC decided to let phone companies write their own cybersecurity rules," said Ron Wyden, US Senator of Oregon who announced the bill.
Under the 1994 Communications Assistance for Law Enforcement Act (CALEA), the FCC was already expected to ensure telecom operators secure their systems against unauthorized access – something that, apparently, the watchdog never did fully.
"Telecom companies and federal regulators were asleep on the job and as a result, Americans’ calls, messages, and phone records have been accessed by foreign spies intent on undermining our national security," said again Wyden.
"Congress needs to step up and pass mandatory security rules to finally secure our telecom system against an infestation of hackers and spies."
The Secure American Communications Act is the third proposal Wyden presented so far in a bid to beef up the security of US communications networks.
As per Wyden's latest proposal, US telecoms will need to implement specific cybersecurity requirements to prevent external interceptions, while conducting both internal and independent evaluations on their systems every year.
In the meantime, new cybersecurity practices come into force, and the FBI and Cybersecurity and Infrastructure Security Agency (CISA) have shared security recommendations for both customers and enterprises.
According to experts, US citizens should secure all their communications with encryption. This technology is used by the likes of WhatsApp, Signal, or secure email like Proton Mail, to scramble data into an unreadable form to prevent third-party access – ensuring communications remain private.
FBI officials also suggest keeping your smartphone up-to-date and enabling two-factor authentication whenever possible to protect your accounts against phishing attacks.
If you're looking to secure your enterprise network, CISA's security tips to stay protected are then a must-read.
