U.S. Federal Communications Commission Chairwoman Jessica Rosenworcel is proposing that communications service providers be required to submit an annual certification attesting that they have a plan in place to protect against cyberattacks, the agency said in a statement on Thursday.

The proposal is in part in response to efforts by an allegedly Beijing-sponsored group of hackers, dubbed “Salt Typhoon,” to burrow deep into American telecommunications companies to steal data about U.S. calls.

“While the Commission’s counterparts in the intelligence community are determining the scope and impact of the Salt Typhoon attack, we need to put in place a modern framework to help companies secure their networks and better prevent and respond to cyberattacks in the future,” Rosenworcel said in a statement.

Salt Typhoon’s sweeping espionage campaign has been the subject of increasing concern across Washington, and Rosenworcel’s announcement follows a day after U.S. government agencies held a classified briefing for all senators on the hacking.

In parallel, a senior U.S. official told journalists Wednesday that “a large number of Americans’ metadata” had been stolen by the hackers, who had broken into “at least” eight telecommunications and telecom infrastructure firms in the United States.

Rosenworcel said the proposal was being circulated to other commissioners in her agency and, if adopted, would take effect immediately. A message seeking comment from Commissioner Brendan Carr, who President-elect Donald Trump has chosen to replace Rosenworcel at the FCC, was not immediately returned.

Representatives for major telecom companies including Verizon, AT&T, and T-Mobile did not immediately return a message seeking comment.

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETCISO App

• Get Realtime updates
• Save your favourite articles

Scan to download App