WASHINGTON − The White House is urging the Federal Communications Commission to crack down on U.S. telecom providers after at least nine were breached in a massive Chinese hacking and spying campaign that targeted senior government officials.
Voluntary compliance with cybersecurity practices are inadequate to protect against hacking from foreign actors, the White House’s deputy national security advisor for cyber and emerging technology, Anne Neuberger, said on a Friday call.
The Biden administration official urged the FCC to impose regulations that would make it harder, riskier and costlier for hackers to access Americans’ data in response to the Salt Typhoon hack that affected an unknown number of Americans.
More:Apple, Android users on notice from FBI, CISA about texts amid ‘massive espionage campaign’
“We know that voluntary cybersecurity practices are inadequate to protect against China, Russia and Iran hacking of our critical infrastructure,” Neuberger said.
The commission is expected to hold a vote on the proposal by Jan. 15, a week before the inauguration of President-elect Donald Trump. The FCC did not immediately respond to a request for comment.
More:Trump taps Brendan Carr, who opposed Kamala Harris’ SNL cameo, to lead the FCC
Federal authorities first acknowledged the hack in October. After an investigating they revealed weeks later that “a broad and significant cyber espionage campaign” by the Chinese government had taken place.
The FBI and the Cybersecurity and Infrastructure Security Agency, or CISA, pushed telecommunications companies to beef up their security and directed Americans to use encrypted communications in response as they worked to determine the scope of the beach.
More:Cyberattacks on critical US infrastructure keep happening. How worried should we be?
Previously, the White House said that at least eight companies were impacted. A ninth company, which the White House did not name, has been identified. Verizon, AT&T and Lumen are among the companies previously named.
The U.S. government does not know how many people were impacted, Neuberger said. But it is their understanding that “a large number” of individuals in the Washington, D.C. area and Virginia were geolocated, with the aim of identifying who the phones belonged to for “follow on espionage and intelligence collection of communications, of texts and phone calls.”
‘We will never know’ scope and scale of Salt Typhoon phone hack
Fewer than 100 individuals are estimated to have been targeted with further spying, she said.
Chinese hackers were careful about their techniques, she added. “They erased logs. In many cases, companies were not keeping adequate logs,” she said. “So there are details that likely … we will never know regarding the scope and scale of this.”
Australia and the UK already have stricter requirements in place, Neuberger said, that may have led to the hacks discovery and containment faster.
The U.S. says it believes the Chinese had the capability to geolocate millions of individuals and record phone calls at will because of the broad access they had into networks. The Chinese government has previously denied it was involved in the hack.
