In response to the Salt Typhoon attack, the FCC has adopted rules to further secure U.S. communications critical infrastructure. Specifically, the Commission has adopted a Declaratory Ruling that clarifies that Section 105 of the Communications Assistance for Law Enforcement Law (CALEA) creates a legal obligation for telecommunications carriers to secure their network against unlawful access and interception. The Declaratory Ruling also clarifies that telecommunications carriers’ duties extend not just to the equipment they use but how they manage their networks.
The FCC also adopted a Notice of Proposed Rulemaking that proposes to require communications service providers to create, update, and implement cybersecurity risk management plans. These providers would be required to certify compliance with these plans to the FCC annually. The NPRM also seeks comment on expanding cyber requirements across a range of communications providers and identifying ways to enhance cyber defenses for communications systems.
