The Salt Typhoon Threat: Protecting Against Cyberattacks

Show Notes

The Salt Typhoon cyberattacks––perpetrated by a state-sponsored group linked to the People’s Republic of China––have placed a significant spotlight on vulnerabilities within the U.S. communications infrastructure. These attacks infiltrated at least nine U.S. communications companies and, more alarmingly, targeted providers near critical U.S. military facilities.  

Today, we'll break down what these attacks mean for the industry, what steps companies should take to address this pressing threat, and the regulations that are now shaping the cybersecurity obligations for providers.  

Read the full article
Cybersecurity: Salt Typhoon’s Persistence is a Cruel Lesson for Smaller Providers

About the author
Caressa D. Bennet

Transcript

Welcome to Womble Perspectives, where we explore a wide range of topics, from the latest legal updates to industry trends to the business of law. Our team of lawyers, professionals and occasional outside guests will take you through the most pressing issues facing businesses today and provide practical and actionable advice to help you navigate the ever changing legal landscape.

With a focus on innovation, collaboration and client service. We are committed to delivering exceptional value to our clients and to the communities we serve. And now our latest episode.

Welcome to today's episode of Womble Perspectives. In this episode, we’re exploring an issue that’s been making waves in the world of cybersecurity.  

The Salt Typhoon cyberattacks––perpetrated by a state-sponsored group linked to the People’s Republic of China––have placed a significant spotlight on vulnerabilities within the U.S. communications infrastructure. These attacks infiltrated at least nine U.S. communications companies and, more alarmingly, targeted providers near critical U.S. military facilities.  

Today, we'll break down what these attacks mean for the industry, what steps companies should take to address this pressing threat, and the regulations that are now shaping the cybersecurity obligations for providers.  

Now, let’s begin with what exactly happened.   

Salt Typhoon is a state-sponsored hacking group from the People’s Republic of China, known for targeting critical infrastructure around the globe. This time, their operations infiltrated sensitive systems within no fewer than nine U.S. communications companies.  

And these attacks weren’t random. This was a calculated move designed to expose vulnerabilities in U.S. telecommunications infrastructure, stealing sensitive information, and potentially weakening national security.  

What’s particularly concerning is where these attacks hit. The focus wasn’t just on any communications companies. It was specifically on ones located near U.S. military facilities. This underlines a strategic and potentially long-term goal by Salt Typhoon to weaken U.S. defense systems.  

The implications are far-reaching—not just for national security but for every communications provider in the U.S. What Salt Typhoon has shown us is that every provider, regardless of size, is at risk.  

The question now is, how should businesses respond to this threat? Well, the good news is that there are clear guidelines and frameworks designed to help organizations protect themselves from these kinds of attacks.  

First, align your cybersecurity efforts with frameworks like the National Institute of Standards and Technology's (NIST) Cybersecurity Framework 2.0 and the Cybersecurity and Infrastructure Security Agency’s (CISA) Cross-Sector Cybersecurity Performance Goals. These guidelines offer actionable steps to bolster defense systems.  

Beyond federal guidelines, there are basic practices that every communications provider should already be implementing. These include:

1.     Role-based access controls to limit permissions to essential personnel.  
2.     Regularly updating default passwords.  
3.     Implementing minimum password strength requirements.  
4.     Adopting multifactor authentication for all employees.  
5.     Staying up to date with vulnerabilities through patch management.  

It’s often the simplest methods that make the biggest impact––yet many companies fail to prioritize these foundational steps.  

Another vital aspect of addressing these cybersecurity challenges is staying ahead of regulatory changes, and the FCC has taken some decisive actions this year to hold companies accountable. 

The FCC issued a Declaratory Ruling clarifying firms’ legal obligation to secure networks under the Communications Assistance for Law Enforcement Act Section 105. This means providers must actively work to prevent unauthorized intercepts and ensure their networks are fortified against unlawful access.  

This ruling also highlights that companies must keep detailed records of their cybersecurity measures. Falling short of this obligation can result in liability risks and reputational damage down the road.  

Then, there’s the FCC’s Notice of Proposed Rulemaking. If implemented, this would require communications providers to establish comprehensive cybersecurity and supply chain risk management plans. These plans would need to be regularly updated and certified annually.  

What’s significant here is the broad application. This doesn’t just affect telecom providers. It also includes broadcasters, satellite operators, and more.  

While regulation is catching up, there’s no time to wait and see what happens. Providers need proactive strategies to ensure they’re ahead of any impending threats.    

First, start by developing cybersecurity and supply chain risk management plans and cybersecurity incident response plans.  

And these aren't just paperwork; they’re essential tools for combating cyber threats.  

Does your cybersecurity liability insurance actually cover the types of breaches you’re most likely to encounter? That’s a crucial assessment every provider should make now.  

Equally important is reevaluating vendor and partner contracts. Be sure to include provisions for incident response, liability, and security clauses that reflect today’s heightened risks.

Last but not least, bring in some knowledgeable help. Legal counsel and cybersecurity professionals can help ensure regulatory compliance and protect you in the event of a data breach.  

Looking ahead, the cybersecurity landscape is only going to grow more challenging. With the FCC’s increasing involvement and additional regulations, the expectations for companies are only getting higher, and Salt Typhoon is just one of many groups with the capability and intent to disrupt our critical infrastructure. Threats are becoming more sophisticated every day.  

Perhaps most importantly, organizations that prioritize compliance, preparation, and external partnerships now will be the ones most equipped to weather the storm.  

To wrap up, the Salt Typhoon threat serves as a wake-up call for all communications service providers. The stakes are high––spanning from regulatory obligations to national security concerns.  

If you take away one thing from today’s episode, it’s this: don’t wait for the next attack. Begin adopting the best practices we’ve discussed, work toward compliance with regulatory frameworks, and bring in outside help where needed.  

Thank you for listening to Womble Perspectives. If you want to learn more about the topics discussed in this episode, please visit The Show Notes, where you can find links to related resources mentioned today. The Show Notes also have more information about our attorneys who provided today's insights, including ways to reach out to them.

Don't forget to subscribe via your podcast player of choice so that you never miss an episode. Thank you again for listening.