Lifetime Citizen Portal Access — AI Briefings, Alerts & Unlimited Follows
Senate Commerce hearing presses telecoms and FCC on network security after SALT Typhoon breaches
Loading...
Summary
Senators and cybersecurity witnesses at a Commerce Committee hearing scrutinized the SALT Typhoon intrusions, urged verification of carriers' remedial claims, debated whether prescriptive FCC mandates or incentives will better secure networks, and called for reauthorizing information-sharing laws and funding for rural cyber defenses.
The Senate Commerce Committee convened a hearing to examine threats to the nation's communications networks, focusing on the SALT Typhoon intrusions that investigators say deeply penetrated U.S. telecom systems. Chair Fisher opened the session by warning of evolving threats—from espionage to sabotage—and citing supply-chain risks from foreign-linked vendors.
Witnesses testified that SALT Typhoon represented unusually broad and deep access to U.S. telecommunications infrastructure. "The most distinctive thing about SALT Typhoon is the breadth and the depth of the access the Chinese government obtained," said Jamelle Jaffer, founder and executive director of the National Security Institute. He told the committee public reporting indicates actors gained access to at least nine providers and may have obtained access to law-enforcement or surveillance systems.
Former FCC bureau chief Deborah Jordan urged Congress to require structured cyber risk-management planning across the communications sector and to pair incentives with a verification regime. Jordan said the FCC previously issued a declaratory ruling and proposed annual certifications after SALT Typhoon, but "the FCC reversed the ruling, withdrew the proposed rules," leaving uncertainty about how providers will be held accountable.
Robert Mayer, senior vice president for cybersecurity and innovation at U.S. Telecom, advocated preserving and strengthening public-private partnerships and opposed a fixed, prescriptive compliance checklist. "The goal is not less oversight," Mayer said. "It is oversight and measures whether our nation's defenses are managing risk, adapting to new intelligence, shoring up our collective defense." He and others told senators that information-sharing authorities such as the Cybersecurity Information Sharing Act (CISA 2015) should be extended and strengthened.
Lawmakers pressed witnesses for specifics on whether carriers had implemented basic hygiene—patching, multifactor authentication and removal of default passwords—and for proof that intruders have been entirely evicted. Senator Cantwell said she had asked major carriers for documentation of their remedies and received insufficient detail. Jordan responded that a verification regime, not only voluntary commitments, is necessary to ensure those measures are broadly and consistently applied.
The hearing included debate over tools to improve accountability and resilience. Witnesses recommended a combination of incentives (liability protection, tax benefits, funding for workforce development) and stronger procurement standards for vendors working with federal agencies. Jaffer recommended independent audits and suggested Congress consider an outside commission to examine SALT Typhoon and related incidents.
The committee concluded without formal votes; senators and witnesses left a clear agenda of priorities: reauthorize and broaden information-sharing authorities, establish verification for provider cybersecurity claims, and ensure that federal funding programs can be used to strengthen security for smaller and rural providers.
