Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
News
Security News
FBI: Chinese State Hackers Breached U.S. Telecom Providers
Message
<blockquote data-quote="Victor M" data-source="post: 1110988" data-attributes="member: 96560"><p>A probe with ChatGPT revealed some legal mandates and not just voluntary obedience.</p><p></p><p>-------------------------------------------------------------------------------------------------------------------------------------------</p><h3><strong>Regulations and Mandates for Telecom Security in the U.S.</strong></h3><p>If you're looking for binding requirements, these regulations and frameworks mandate security measures for telecoms and other critical infrastructure entities in the U.S.:</p><p></p><h4><strong>1. Federal Communications Commission (FCC) Regulations</strong></h4> <ul> <li data-xf-list-type="ul"><strong>Applicability</strong>: Telecom providers operating in the U.S.</li> <li data-xf-list-type="ul"><strong>Requirements</strong>:<ul> <li data-xf-list-type="ul">FCC imposes regulations under laws such as the <strong>Communications Act of 1934</strong> and the <strong>Telecommunications Act of 1996</strong>.</li> <li data-xf-list-type="ul">Telecoms are required to:<ul> <li data-xf-list-type="ul">Protect <strong>Customer Proprietary Network Information (CPNI)</strong>.</li> <li data-xf-list-type="ul">Report breaches involving customer data.</li> </ul></li> <li data-xf-list-type="ul"><strong>Enforcement</strong>: The FCC can fine companies for failing to secure customer data or report breaches promptly.</li> </ul></li> </ul><h4><strong>2. Cybersecurity Executive Orders (EOs)</strong></h4> <ul> <li data-xf-list-type="ul"><strong>Examples</strong>:<ul> <li data-xf-list-type="ul">EO 13800 (Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure): Encourages voluntary adoption of best practices like the NIST Cybersecurity Framework but stops short of mandates.</li> <li data-xf-list-type="ul">EO 14028 (Improving the Nation's Cybersecurity): Focuses on federal contractors but indirectly impacts telecoms by raising supply chain and infrastructure security standards.</li> </ul></li> </ul><h4><strong>3. CISA Requirements</strong></h4> <ul> <li data-xf-list-type="ul"><strong>Governing Body</strong>: Cybersecurity and Infrastructure Security Agency (CISA).</li> <li data-xf-list-type="ul"><strong>Applicability</strong>: Telecoms classified as part of critical infrastructure.</li> <li data-xf-list-type="ul"><strong>Requirements</strong>:<ul> <li data-xf-list-type="ul">Operators are required to report significant cyber incidents under the <strong>Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA)</strong> of 2022.</li> <li data-xf-list-type="ul">Encourages participation in information-sharing initiatives like the <strong>Cyber Information Sharing and Collaboration Program (CISCP)</strong>.</li> </ul></li> </ul><h4><strong>4. State-Level Mandates</strong></h4> <ul> <li data-xf-list-type="ul"><strong>Examples</strong>:<ul> <li data-xf-list-type="ul"><strong>California CCPA</strong> and <strong>CPRA</strong>: Mandate strong data security practices for companies handling consumer data, including telecoms.</li> <li data-xf-list-type="ul"><strong>New York Cybersecurity Regulation (23 NYCRR 500)</strong>: Requires comprehensive cybersecurity programs, including for telecom providers interacting with financial institutions.</li> </ul></li> </ul><h4><strong>5. Supply Chain Security Regulations</strong></h4> <ul> <li data-xf-list-type="ul"><strong>Federal Acquisition Regulations (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS)</strong>:<ul> <li data-xf-list-type="ul">While these apply to federal contractors, telecoms providing services to the government must adhere to stringent cybersecurity standards, often based on NIST SP 800-171 or 800-53.</li> </ul></li> </ul><hr /><h3><strong>CSSP vs. Mandates</strong></h3> <ul> <li data-xf-list-type="ul"><strong>CSSP</strong>:<ul> <li data-xf-list-type="ul"><strong>Purpose</strong>: Offers a roadmap for improving security and resilience in the communications sector.</li> <li data-xf-list-type="ul"><strong>Enforceability</strong>: Voluntary. Adherence depends on a telecom’s risk management priorities and willingness to align with best practices.</li> </ul></li> <li data-xf-list-type="ul"><strong>Regulations</strong>:<ul> <li data-xf-list-type="ul">Mandates like CIRCIA, FCC rules, or state laws have legal backing and enforce penalties for non-compliance.</li> </ul></li> </ul><p>===============================================================================================</p><p></p><p>imho the FCC and those states with laws like California and New York should file charges. The laws seem to protect customers and the govt is a customer. That would be some financial incentive for them.</p></blockquote><p></p>
[QUOTE="Victor M, post: 1110988, member: 96560"] A probe with ChatGPT revealed some legal mandates and not just voluntary obedience. ------------------------------------------------------------------------------------------------------------------------------------------- [HEADING=2][B]Regulations and Mandates for Telecom Security in the U.S.[/B][/HEADING] If you're looking for binding requirements, these regulations and frameworks mandate security measures for telecoms and other critical infrastructure entities in the U.S.: [HEADING=3][B]1. Federal Communications Commission (FCC) Regulations[/B][/HEADING] [LIST] [*][B]Applicability[/B]: Telecom providers operating in the U.S. [*][B]Requirements[/B]: [LIST] [*]FCC imposes regulations under laws such as the [B]Communications Act of 1934[/B] and the [B]Telecommunications Act of 1996[/B]. [*]Telecoms are required to: [LIST] [*]Protect [B]Customer Proprietary Network Information (CPNI)[/B]. [*]Report breaches involving customer data. [/LIST] [*][B]Enforcement[/B]: The FCC can fine companies for failing to secure customer data or report breaches promptly. [/LIST] [/LIST] [HEADING=3][B]2. Cybersecurity Executive Orders (EOs)[/B][/HEADING] [LIST] [*][B]Examples[/B]: [LIST] [*]EO 13800 (Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure): Encourages voluntary adoption of best practices like the NIST Cybersecurity Framework but stops short of mandates. [*]EO 14028 (Improving the Nation's Cybersecurity): Focuses on federal contractors but indirectly impacts telecoms by raising supply chain and infrastructure security standards. [/LIST] [/LIST] [HEADING=3][B]3. CISA Requirements[/B][/HEADING] [LIST] [*][B]Governing Body[/B]: Cybersecurity and Infrastructure Security Agency (CISA). [*][B]Applicability[/B]: Telecoms classified as part of critical infrastructure. [*][B]Requirements[/B]: [LIST] [*]Operators are required to report significant cyber incidents under the [B]Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA)[/B] of 2022. [*]Encourages participation in information-sharing initiatives like the [B]Cyber Information Sharing and Collaboration Program (CISCP)[/B]. [/LIST] [/LIST] [HEADING=3][B]4. State-Level Mandates[/B][/HEADING] [LIST] [*][B]Examples[/B]: [LIST] [*][B]California CCPA[/B] and [B]CPRA[/B]: Mandate strong data security practices for companies handling consumer data, including telecoms. [*][B]New York Cybersecurity Regulation (23 NYCRR 500)[/B]: Requires comprehensive cybersecurity programs, including for telecom providers interacting with financial institutions. [/LIST] [/LIST] [HEADING=3][B]5. Supply Chain Security Regulations[/B][/HEADING] [LIST] [*][B]Federal Acquisition Regulations (FAR) and Defense Federal Acquisition Regulation Supplement (DFARS)[/B]: [LIST] [*]While these apply to federal contractors, telecoms providing services to the government must adhere to stringent cybersecurity standards, often based on NIST SP 800-171 or 800-53. [/LIST] [/LIST] [HR][/HR] [HEADING=2][B]CSSP vs. Mandates[/B][/HEADING] [LIST] [*][B]CSSP[/B]: [LIST] [*][B]Purpose[/B]: Offers a roadmap for improving security and resilience in the communications sector. [*][B]Enforceability[/B]: Voluntary. Adherence depends on a telecom’s risk management priorities and willingness to align with best practices. [/LIST] [*][B]Regulations[/B]: [LIST] [*]Mandates like CIRCIA, FCC rules, or state laws have legal backing and enforce penalties for non-compliance. [/LIST] [/LIST] =============================================================================================== imho the FCC and those states with laws like California and New York should file charges. The laws seem to protect customers and the govt is a customer. That would be some financial incentive for them. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
