A top senator on Tuesday urged the Federal Communications Commission to begin writing rules that would create mandatory security standards for wiretapping systems embedded in the networks of telecommunications carriers.

The suggestion to act immediately from Sen. Richard Blumenthal, D-Conn., comes in response to Chinese hackers known as Salt Typhoon, targeting the phones of both 2024 presidential campaigns via the so-called “lawful access” program, which mandates that telecoms assist the U.S. government in its surveillance efforts. The hacking campaign has spurred considerable congressional interest.

It also comes after the election of Donald Trump for president and as his administration prepares to take over in January. But at a hearing of his Senate Judiciary Subcommittee on Privacy, Technology and the Law, Blumenthal said the issue is bipartisan and any rulemaking should continue into next year.

“Think of it for a moment: A foreign adversary attempted to wiretap both presidential campaigns during this past election,” he said at the hearing. “We’re still learning each week about how sprawling and catastrophic this hacking campaign was. What we know now, and it’s publicly known, should galvanize action now. We need to ensure that these specific types of hacks will never happen again.”

Adam Meyers, senior vice president of the cybersecurity firm CrowdStrike, said hackers who infiltrate the lawful access program could collect call times, call contents, text message traffic, where a call is coming from and whom a target is with — opening up the ability to then target those additional parties.

“The lawful intercept rules that are present for lawful purposes, if there’s a warrant or other means for law enforcement to collect information, is a gold mine for a foreign threat actor,” he told Blumenthal’s panel.

The FCC should also launch an investigation, Blumenthal said. The commission reportedly requested a briefing from national security officials on the Salt Typhoon intrusions, but a spokesperson declined to comment last week on whether it received that briefing.

“The FCC has the legal authority, right now it has the power, to set and enforce security standards,” Blumenthal said.

Blumethal’s urging is an echo of other calls last month for the FCC to take up those security standards. The extent to which the Trump administration will embrace minimum critical infrastructure security standards, though, is unclear.

Tim Starks

Written by Tim Starks

Tim Starks is senior reporter at CyberScoop. His previous stops include working at The Washington Post, POLITICO and Congressional Quarterly. An Evansville, Ind. native, he’s covered cybersecurity since 2003. Email Tim here: tim.starks@cyberscoop.com.



Plus de détails sur l’article original.