US phone companies could face fines for weak security under a proposed new rule from the Verge Emma Roth

A smartphone sits on top of a surface with red tape reading “DANGER.” Where one strip intersects the phone, it continues inside the phone’s screen.
Photo by Amelia Holowaty Krales / The Verge

Following news that foreign hackers may still be in US telecom networks, the Federal Communications Commission proposed a new rule that would require telecom companies to secure their networks from “unlawful access or interception of communications.” It would also force providers to submit an annual certification to the FCC stating they have implemented a plan to counter cybersecurity threats.

On Wednesday, US officials recommended Americans use encrypted apps to make phone calls and texts in response to the ongoing infiltration of telecom networks linked to the Chinese hacking group Salt Typhoon. Deputy national security advisor Anne Neuberger confirmed that at least eight telecom providers have been impacted by the hack, as reported by Bleeping Computer.

“We cannot say with certainty that the adversary has been evicted because we still don’t know the scope of what they’re doing,” Neuberger said during a press briefing, Bleeping Computer reports. Neuberger added that the attack has been going on for “likely one to two years” but doesn’t “believe any classified communications has been compromised.”

The Wall Street Journal reported in October that Chinese hackers had broken into AT&T, Verizon, and Lumen’s networks and even targeted members of President-Elect Donald Trump and Vice President Kamala Harris’s presidential campaigns. In a letter on Wednesday, Senators Eric Schmitt (R-MO) and Ron Wyden (D-OR) urged Department of Defense Inspector General Robert Storch to investigate the DOD’s “failure to secure its unclassified telephone communications from foreign espionage.”

If the FCC’s proposed rule is adopted, it will go into effect immediately.

“While the Commission’s counterparts in the intelligence community are determining the scope and impact of the Salt Typhoon attack, we need to put in place a modern framework to help companies secure their networks and better prevent and respond to cyberattacks in the future,” FCC Chair Jessica Rosenworcel said in the press release.

Read More