Congress eyes bigger cyber role for NTIA amid telecom attacks
As Salt Typhoon and other hacking groups continue targeting U.S. telecoms, a bipartisan bill that cleared a key House panel Tuesday aims to formalize a more cyber-focused role for the federal agency focused on those wireless networks.
The National Telecommunications and Information Administration Organization Act would establish an Office of Policy Development and Cybersecurity within the Commerce Department’s NTIA under legislation from Reps. Jay Obernolte, R-Calif., and Jennifer McClellan, D-Va. The bill, which advanced out of the House Energy and Commerce Committee, was passed by the chamber last year but stalled out in the Senate.
The NTIA advises the president on telecommunications and information policy issues, with a specific focus on the expansion of broadband internet and spectrum. Obernolte, who chairs the House Science, Space and Technology subcommittee on research and technology, said the bill “addresses a critical gap” by formalizing NTIA’s cybersecurity role to better “safeguard our communication networks.”
“The Office of Policy Development and Cybersecurity will work with stakeholders to develop and implement cybersecurity and privacy policies for the internet and communications networks,” he said. “It will promote collaboration between industry and security researchers to address vulnerabilities before they can be exploited. It will prevent and mitigate future software vulnerabilities that could compromise our telecommunications infrastructure, and it will provide technical assistance to small and rural communication service providers to ensure that they have the tools to defend against cyber security threats.”
McClellan connected the NTIA’s mission directly to the ongoing Salt Typhoon attacks. The Chinese-linked hacking group has breached multiple U.S. and global telecom networks, drawing serious concern from federal cyber experts over what one expert said is the “indiscriminate” targeting of Americans’ data.
McClellan said those “nefarious assaults” on U.S. networks are “a stark reminder of the evolving cyber threats we face, which impact not only our communication systems, but in our ever-connected, data-driven Internet of Things dependent society, can affect everything from airplane safety to health care providers, as foreign adversaries and criminals continue to exploit vulnerabilities in our digital and telecommunications infrastructure.”
Equipping the NTIA with codified cyber tools is “now more important than ever,” she added, so that the agency “is fully empowered to assess risk, coordinate responses and proactively shape policies to protect American consumers and businesses.”
Under a separate bill that also cleared the House Energy and Commerce Committee on Tuesday, the NTIA would be required to submit a report to Congress that examines the cybersecurity of mobile service networks.
The Understanding Cybersecurity of Mobile Networks Act from Reps. Kat Cammack, R-Fla., and Greg Landsman, D-Ohio, would also charge the assistant secretary of commerce for communications and information with assessing the vulnerabilities of mobile networks and devices to cyberattacks and surveillance.
“This legislation will provide us with the data necessary to identify these vulnerabilities and develop stronger protections against cyber threats, with adversaries like China, Russia and other malicious actors actively targeting our networks,” Cammack said. “We cannot afford to be reactive and sit on the sidelines. Understanding the risks to our mobile infrastructure will allow us to stay ahead of emerging threats, protect American consumers and safeguard critical national security interests.”
Landsman said this “simple bill” will “have a huge impact” on how the federal government deals with cyber threats from China, Russia and other nation-state actors as they target Americans’ data and attempt to breach personal devices. The legislation will call on the NTIA to figure out how those adversaries are accessing that data and what can be done to stop attacks on devices.
“One of their goals is to use that data to divide us,” Landsman said. “This is an important step for us to improve our cybersecurity and protect all Americans.”
