A Chinese state-sponsored espionage campaign being dubbed Salt Typhoon now includes nine U.S telecommunication firms. The Chinese government has denied responsibility for the attack which has compromised communications of senior U.S government officials. The full scope of the attack may never be known as the sophisticated attackers took steps to erase evidence of their presence.
The FCC is hoping to vote to implement required minimum cyber security practices soon. In my opinion strict requirements should place already since telecom companies and ISPs are in a unique position to allow threat actors, (especially sophisticated state-sponsored ones), access to the networks of both organizations and individuals in addition to PII and CPNI.
If there is going to be a silver lining hopefully it will be some progress on requirements to make our critical data and infrastructure more secure going forward. Personally I would be in favor of something similar to the FDA, FCC, etc. that is entirely focused on this goal. I’m not generally in favor of government regulation but both small and large organizations continue to fall victim in ways that should be unacceptable.