Senators say US must boost security after Chinese Salt Typhoon telecom hacking

WASHINGTON (Reuters) -The United States must do more to address hacking threats after China’s alleged efforts known as Salt Typhoon to infiltrate American telecommunications companies and steal data about U.S. calls, senators said at a hearing Wednesday.

“This attack likely represents the largest telecommunications hack in our nation’s history,” said Senator Ben Ray Lujan, a Democrat who chairs a telecom subcommittee.

“There’s a lot that we still don’t know about the damage that was done by the Salt Typhoon hacks, but what we do know is that more must be done to prevent attacks like this.”

Republican Senator Ted Cruz said the “attack from a state-actor against our nation’s infrastructure will not be the last. We must plug any vulnerabilities in communications networks.”

U.S. agencies held classified briefings for the Senate and the House of Representatives over the last week about the hacking incident.

Federal Communications Commission Chairwoman Jessica Rosenworcel last week proposed requiring telecom firms to submit an annual certification attesting that they have a plan in place to protect against cyberattacks. Lujan said federal agencies’ outstanding recommendations “must be fully implemented across our networks.”

Republican Senator Dan Sullivan said in briefings U.S. officials focused on defense efforts to address Chinese hacking. “What about offense?” he asked. “What about deterrence?”

The White House last week said at least eight telecommunications and infrastructure firms in the United States had been impacted and a large number of Americans’ metadata has been stolen in the sweeping cyber espionage campaign.

Chinese officials have previously described the allegations as disinformation and said Beijing “firmly opposes and combats cyber attacks and cyber theft in all forms.”

The House is set to vote Wednesday on an annual defense bill that includes nearly $3.1 billion for U.S. telecom companies to remove equipment made by Chinese telecoms firms Huawei and ZTE (HK:0763) from American wireless networks.

The FCC (BME:FCC) says removing the insecure equipment is estimated to cost $4.98 billion but Congress previously only approved $1.9 billion for the “rip and replace” program.

U.S. officials previously alleged hackers targeted Verizon (NYSE:VZ), AT&T (NYSE:T), Lumen and others, and stole telephone audio intercepts along with a large tranche of call record data.