A new legislative push by Senator Ron Wyden (D-Ore.) seeks to close critical cybersecurity gaps in the United States telecommunications infrastructure. The Secure American Communications Act comes in response to the recent Salt Typhoon attacks, a sophisticated cyber espionage campaign attributed to Chinese state-sponsored actors that compromised the U.S. telecommunications system. This breach allowed unauthorized access to call records, real-time phone calls, and personal communications of high-ranking officials, including President Donald Trump and Senator J.D. Vance.
The Salt Typhoon attack, publicly disclosed last month, exposed vulnerabilities in the nation's telecom networks that critics have long warned about. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have since advised consumers to adopt encrypted messaging apps to mitigate the risks of interception. However, as Wyden's proposal makes clear, patchwork solutions are not enough to address systemic vulnerabilities.
"It was inevitable that foreign hackers would burrow deep into the American communications system the moment the FCC decided to let phone companies write their own cybersecurity rules," said Senator Wyden. "Telecom companies and federal regulators were asleep on the job, and as a result, Americans' calls, messages, and phone records have been accessed by foreign spies intent on undermining our national security."
The bill proposes comprehensive reforms to ensure U.S. telecommunications networks are no longer a soft target for cyber adversaries. Among its key provisions:
Mandatory FCC cybersecurity regulations:
The Federal Communications Commission (FCC) must establish robust cybersecurity standards in collaboration with CISA and the Office of the Director of National Intelligence (ODNI). These standards will specifically address risks from advanced persistent threats (APTs).
Annual testing and compliance:
Telecom providers will be required to conduct yearly evaluations to identify and address vulnerabilities.
Companies must document findings, implement corrective measures, and retain detailed records for regulatory review.
Independent audits:
Providers must engage third-party auditors to perform annual compliance assessments, with findings submitted to the FCC.
Executive accountability:
CEOs and Chief Information Security Officers (CISOs) will need to certify their company's compliance with FCC rules annually.
The Secure American Communications Act is one of three measures Wyden has proposed to bolster U.S. cybersecurity. Earlier this year, he introduced a bill requiring secure communications tools for government use, which could have mitigated the damage caused by the Salt Typhoon breach. Wyden has also proposed bipartisan legislation aimed at preventing the export of Americans' personal data to hostile nations.
The Salt Typhoon campaign, attributed to Chinese state-sponsored hackers, targeted critical U.S. infrastructure, focusing on telecom networks. The group exploited longstanding security gaps to intercept communications, compromising personal and government data. This breach highlights the escalating cyber threat posed by adversarial nations like China, which continues to invest heavily in cyber espionage capabilities.
The incident underscores the importance of Wyden's proposed reforms, which aim to secure not only the networks themselves but also the vast amounts of sensitive data they carry.
The Secure American Communications Act has garnered praise from cybersecurity experts and consumer advocacy groups. Justin Brookman, Director of Technology Policy at Consumer Reports, noted: "When the FBI and CISA warn consumers that they should use encrypted messaging apps to prevent hackers from accessing the content of their texts because of a massive incursion by Chinese hackers into U.S. telecommunications networks, it is past time to ensure that those networks are secure. Consumer Reports supports the Secure American Communications Act and believes it is a good first step in securing the communications networks that American consumers rely upon every day."
"Senator Wyden's proposed legislation provides a clear roadmap for addressing these vulnerabilities, with measures that emphasize accountability, regulatory oversight, and proactive defense against advanced threats. As Wyden aptly stated, 'Congress needs to step up and pass mandatory security rules to finally secure our telecom system against an infestation of hackers and spies.'"
As the U.S. continues to confront the challenges of an increasingly hostile cyber landscape, decisive action like this will be critical to safeguarding national security and the privacy of American citizens.
Follow SecureWorld News for more stories related to cybersecurity.