America’s Phone Networks Could Soon Face Financial – and Criminal – Penalties for Insecure Networks – Slashdot
The head of America’s FCC “has drafted plans to regulate the cybersecurity of telecommunications companies,” reports the Washington Post, and the plans could include financial penalties phone network operators with insufficient security — “the first time the agency has asserted such powers under federal wiretapping law.”
Rosenworcel said the FCC’s authority in this matter comes from Section 105 of the Communications Assistance for Law Enforcement Act [passed in 1994] — a single sentence that stipulates, without elaboration, that telecommunications carriers should ensure systems security “in accordance with regulations prescribed by the Commission.” As one of the measures, she is seeking to require network providers to submit an annual certification to the FCC that they are implementing a cybersecurity risk management plan. In addition to imposing fines, the FCC could coordinate with other agencies to pursue criminal penalties against carriers deemed too careless on cybersecurity…
Biden administration officials said voluntary efforts to protect against aggressive Chinese hacking activity have fallen short. “We’ve had for the last decade voluntary public-private partnership efforts,” Neuberger told The Post in a recent interview. “But we continue to see successful breaches, and in many cases, as with ransomware attacks, we continue to see pretty basic cybersecurity practices not being followed.” With China’s hackers becoming more brazen, pre-positioning themselves in U.S. critical networks, “we need to lock our digital doors,” Neuberger said…
Cyber requirements can make a difference, she said. After the Colonial Pipeline ransomware attack in 2021 shut down one of the nation’s largest energy pipelines for several days, creating a national security scare, the Transportation Security Administration issued several security directives, and today, all of the country’s several dozen critical pipeline companies are in compliance, she said. Similar directives were subsequently issued for rail and aviation sectors, and the compliance rates in those industries are now at 68 and 57 percent respectively, she said.
