NANOGers - 

As followup on the Salt Typhoon matter, it’s worth noting that in response to the hack there are now proposals at the FCC and at the US Senate that would require attestation, certification, and/or audits of telecommunications providers cybersecurity practices –

FCC - https://www.reuters.com/technology/cybersecurity/fcc-chair-proposes-cybersecurity-rules-response-chinas-salt-typhoon-telecom-hack-2024-12-05/

US Senate - https://www.bleepingcomputer.com/news/security/wyden-proposes-bill-to-secure-us-telecoms-after-salt-typhoon-hacks/

FYI,
/John

John Curran
President and CEO
American Registry for Internet Numbers

On Nov 25, 2024, at 4:58 PM, Eric Kuhnke <eric.kuhnke@gmail.com> wrote:

Re: compromise of lawful intercept / CALEA related features:
Original URL: https://www.washingtonpost.com/national-security/2024/11/21/salt-typhoon-china-hack-telecom/

The hackers, part of a group dubbed Salt Typhoon, have been able to listen in on audio calls in real time and have in some cases moved from one telecom network to another, exploiting relationships of “trust,” said Sen. Mark R. Warner (D-Virginia), chairman of the Senate Intelligence Committee and a former telecom venture capitalist. Warner added that intruders are still in the networks.