Members of Congress are looking for answers from both Federal agencies and U.S. telecommunications service providers following a report from the Wall Street Journal last week that says Chinese government hackers may have breached major U.S. phone and broadband companies’ wiretapping systems.
On Oct. 11, Sen. Ron Wyden, D-Ore., sent a letter to the Department of Justice (DoJ) and the Federal Communications Commission (FCC) demanding answers regarding the potential hack, while a separate group of lawmakers also sent letters to each of the companies involved: AT&T, Verizon, and Lumen.
Demanding Answers From Agencies
In his letter to FCC Chair Jessica Rosenworcel and Attorney General Merrick Garland, Sen. Wyden said the alleged cyberattack “should serve as a major wake-up call to the government.”
The senator called on the FCC for an update to the Communications Assistance for Law Enforcement Act (CALEA) – which was enacted in 1994 to require phone companies to install and secure wiretapping systems. However, he said the Federal government never adopted mandatory security standards for these systems.
“These telecommunications companies are responsible for their lax cybersecurity and their failure to secure their own systems, but the government shares much of the blame,” he stressed.
“At a minimum, these updated regulations should establish baseline cybersecurity standards for telecommunications carriers, enforced by steep fines; require independent, annual third-party cybersecurity audits; require board-level cybersecurity expertise; and require senior executives annually sign certifications of compliance with the cybersecurity standards,” the senator said.
Additionally, Sen. Wyden called on the DoJ to “recognize the failure of its current approach to combating cyberattacks,” as well as hold companies accountable for their cybersecurity failures rather than “hiding information about security incidents from Congress, consumers, and investors.”
He also called on the DoJ to share information on corporate cyber negligence with Federal regulators and to prioritize corporate accountability for negligent cybersecurity over prosecuting “foreign hackers who are almost never brought to justice.”
“The outdated regulatory framework and DoJ’s failed approach to combating cyberattacks by protecting negligent corporations must be addressed,” Sen. Wyden wrote. “The security of our nation’s communications infrastructure is paramount, and the government must act now to rectify these longstanding vulnerabilities.”
Demanding Answers From Telecom Companies
As for the three companies allegedly involved in the breach, each one received a letter from House Energy and Commerce Committee Chair Cathy McMorris Rodgers, R-Wash., and Ranking Member Frank Pallone, D-N.J., as well as Communications and Technology Subcommittee Chair Bob Latta, R-Ohio, and Ranking Member Doris Matsui, D-Calif.
The bipartisan group of lawmakers demanded answers and requested a briefing from each company by Oct. 18 “to understand how these breaches occurred and what steps your company has taken to fortify the security of your network.”
“We are concerned by the recent reports of a massive breach of AT&T, Verizon, and Lumen’s communications networks by Chinese hackers. These types of breaches are increasing in frequency and severity, and there is a growing concern regarding the cybersecurity vulnerabilities embedded in U.S. telecommunications networks,” the lawmakers wrote.
“The Committee needs to understand better how this incident occurred and what steps your company is taking to prevent future service disruptions and secure your customers’ data,” they added.
The group of lawmakers demanded answers to several questions, including when the companies were made aware of the breach, what law enforcement entities – if any – did they contact upon learning of the breach, what information was the hacker able to acquire, and what steps have been taken to notify customers of the breach.
