Kat Duffy, Kyle Fendorf, Zoë Moore and Maya Schmidt
CSRB to host first meeting on Salt Typhoon telecom hack
The U.S. Cyber Safety Review Board (CSRB) held its first meeting earlier this week on a major telecommunications hack by Chinese threat actor Salt Typhoon that compromised at least eight telecommunications companies and exposed the call records of countless senior government officials. The cyberattack, which may have begun as far back as 2022, involved exploiting routers and switches used by telecommunications companies to burrow deep into their networks, allowing hackers to observe call log data and potentially monitor calls in real-time. The hack also piggy-backed off a system used by law enforcement agencies to carry out wiretaps, prompting criticism from some privacy and civil liberties groups, who argue that the insecure nature of the wiretapping system allowed the hack to take place. The CSRB is composed of a mix of government officials and private sector experts and is charged with delivering reports on major cyber incidents, although experts have warned that the CSRB lacks the resources and political independence necessary to ensure comprehensive, impartial reports. The CSRB faces a daunting challenge as it investigates the ongoing hack, especially given its sprawling nature, the depth of Salt Typhoon’s intrusion, and the fact that U.S. cybersecurity officials are still determining the true scope of the attack and working to evict Salt Typhoon. Lawmakers from both parties have signaled support for the investigation, and Senator Ron Wyden (D-OR) introduced a bill to the Senate that would substantially tighten cybersecurity requirements for telecommunications companies.
No comments:
Post a Comment