Wyden Proposes Forcing FCC Enforce CALEA Mandate That Carriers Protect Against Intrusions

the FCC implement security conditions for telecom carriers that Congress originally mandated in the 1994 Communications Assistance for Law Enforcement Act. Lawmakers called in CALEA Section 105 for the FCC to require that telecom companies secure their systems against unauthorized intrusions, but the commission has never fully implemented this provision, Wyden’s office said. The draft bill would, in part, require carriers to annually test whether their networks and systems are vulnerable to cyberattack or other unauthorized intrusions. FCC Chairwoman Jessica Rosenworcel circulated a draft declaratory ruling last week to commissioners finding that Section 105 requires that telecom carriers secure their networks against cyberattacks (see 2412050044). “It was inevitable that foreign hackers would burrow deep into the American communications system the moment the FCC decided to let phone companies write their own cybersecurity rules,” Wyden said. “Telecom companies and federal regulators were asleep on the job and as a result, Americans’ calls, messages, and phone records have been accessed by foreign spies intent on undermining our national security. Congress needs to step up and pass mandatory security rules to finally secure our telecom system against an infestation of hackers and spies.” Wyden’s release of the draft came hours before Rosenworcel and federal intelligence officials were scheduled to brief House lawmakers on the Salt Typhoon hack. They briefed senators last week.