Wyden seeks stricter telecom cyber standards following Salt Typhoon breach

Sen. Ron Wyden on Tuesday unveiled legislation that would require the Federal Communications Commission to set cybersecurity standards for telecom companies, as the policymakers grapple with the ongoing breach of U.S. phone networks by Chinese hackers.

The draft measure from the Oregon Democrat comes days after Senate lawmakers received a classified briefing about the wide-scale campaign by a group dubbed Salt Typhoon, which companies have yet to evict from their systems. House members are set to receive the same closed-door briefing later today.

Wyden’s bill would require the FCC to implement security requirements for telecom carriers that were originally included in a 1994 federal law but never fully acted upon.

“It was inevitable that foreign hackers would burrow deep into the American communications system the moment the FCC decided to let phone companies write their own cybersecurity rules,” Wyden, a senior member of the Senate Intelligence Committee, said in a statement. 

“Telecom companies and federal regulators were asleep on the job and as a result, Americans’ calls, messages, and phone records have been accessed by foreign spies intent on undermining our national security.”

Last week, FCC Chairwoman Jessica Rosenworcel released a draft proposal for the agency to regulate the cybersecurity of telecom companies.

Wyden’s proposed measure would require the FCC to create — in consultation with the Cybersecurity and Infrastructure Security Agency and the Director of National Intelligence — specific digital security standards designed to prevent unauthorized interceptions.

The FCC would require the telecom firms to conduct annual tests of the safety measures and work to patch any uncovered vulnerabilities, as well as tap an outside auditor to carry out yearly assessments of compliance with the cybersecurity rules.

In addition, companies would have to turn in annual reports to the agency with any documentation associated with such work, as well as a statement from senior management that their firm is in compliance with FCC standards.

“Congress needs to step up and pass mandatory security rules to finally secure our telecom system against an infestation of hackers and spies,” according to Wyden.

He also urged his colleagues to act on two previously introduced bills meant to shore up government and personal digital defenses against foreign hackers. However, with Congress likely to adjourn next week, any substantive push to respond to Salt Typhoon will have to wait until next year.