Critical Infrastructure Security,
Cyberwarfare / Nation-State Attacks,
Fraud Management & Cybercrime
Industry Advocates for Voluntary Measures Amid Security Concerns
During a recent Senate hearing, experts highlighted that U.S. telecommunications networks remain susceptible to foreign threats, primarily from nation-states like China. Concerns were raised about the evolving tactics that adversaries use to maintain long-term access to critical American infrastructure. Notably, there is ongoing disagreement regarding the necessity of regulatory measures for the telecom sector.
The panel of experts detailed a sophisticated threat landscape, wherein foreign hackers exploit credential theft, persistent access, and artificial intelligence to surveil and target major telecoms, data identities, and satellite systems. Debra Jordan, previously the chief of the FCC’s public-safety bureau, argued that a non-regulatory approach will not adequately address these risks. She referenced the rollback of mandatory cybersecurity regulations for telecoms, which had been initially established to enhance security protocols.
“Hope should not be part of our security strategy,” Jordan commented, emphasizing the need for accountability measures to evaluate the effectiveness of carriers’ cybersecurity efforts. The worry is that without such measures, it remains unclear what security practices are in place and their impact.
Contrarily, industry representatives firmly opposed the notion of regulation, with Robert Mayer of USTelecom describing it as an outdated and bureaucratic response to a dynamic problem. This conflict over regulatory approaches has been longstanding, even predating significant cyber incidents attributed to Chinese state-sponsored actors, notably the operations led by the threat actor known as Salt Typhoon.
The FCC’s 2014 initiative sought to create a regulatory framework dependent on industry cooperation to enhance cybersecurity resilience. Despite these assurances, Salt Typhoon managed to exploit vulnerabilities within nine major U.S. telecommunications carriers and over 200 organizations, illustrating the gap between policy and practice.
Experts now recognize that recent incursions, including those by Salt Typhoon and predecessors like Volt Typhoon, signal a broader strategy among adversarial nations like China, Russia, and Iran to embed themselves within critical infrastructure. Jamil Jaffer of the National Security Institute pointed out a concerted effort among various state and non-state actors to leverage advanced technology, including AI, for cyber offensives.
While Jaffer rejected regulatory measures, calling instead for stronger public-private partnerships, others pointed to security vulnerabilities in satellite operations as areas needing urgent attention. Daniel Gizinski of Comtech detailed significant risks, from unencrypted satellite transmissions to disabled encryption protocols in modems, advocating for voluntary information-sharing frameworks instead of mandatory regulations.
Telecom companies informed senators that state-sponsored cyber campaigns have driven them to enhance their security practices significantly, such as improving patch management and engaging in more frequent interactions with cybersecurity agencies. Senator Deb Fischer expressed concern that adversaries are intensifying their efforts to compromise U.S. communications networks, employing advanced technologies to target not only data but also critical infrastructure itself.
