Trump FCC Scraps Cybersecurity Rules Despite Chinese Hacks

FCC Rolls Back Cybersecurity Requirements for Telecoms

In a 2-1 decision along party lines on Thursday, the Federal Communications Commission voted to eliminate regulations mandating minimum cybersecurity standards for major U.S. phone and internet service providers.

Decision Details

The two commissioners appointed during the Trump administration – Chairman Brendan Carr and Commissioner Olivia Trusty – supported the withdrawal of rules designed to protect telecommunications networks from unauthorized access and communication interception. These rules had been implemented by the Biden administration prior to its transition.

Commissioner Anna Gomez, the sole Democrat on the FCC, registered a dissenting vote. She characterized the rescinded regulations as the agency’s “only meaningful effort” to address cybersecurity threats, particularly in light of the recent activities of the China-linked hacking group, Salt Typhoon.

Salt Typhoon and Network Intrusions

Over a prolonged period, hackers associated with Salt Typhoon successfully infiltrated over 200 telecommunications companies, including prominent firms like AT&T, Verizon, and Lumen.

The primary objective of these intrusions was to conduct extensive surveillance of American officials. In certain instances, the hackers specifically targeted wiretap systems previously installed by telecommunications companies at the behest of the U.S. government for law enforcement purposes.

Lawmaker Concerns

The FCC’s decision to revise the rules has drawn criticism from key legislators. Senator Gary Peters (D-MI), ranking member of the Senate Homeland Security Committee, expressed his “disturbance” over the rollback of “basic cybersecurity safeguards.” He cautioned that this action could increase vulnerability for the American public.

Senator Mark Warner (D-VA), ranking member of the Senate Intelligence Committee, stated that the rule change leaves the nation “without a credible plan” to address the security vulnerabilities exploited by Salt Typhoon and similar threat actors.

Industry Response

The NCTA, representing the telecommunications industry, welcomed the removal of the regulations, describing them as “prescriptive and counterproductive.”

The Importance of Enforcement

Commissioner Gomez emphasized that collaboration with the telecommunications industry, while beneficial, is not a substitute for enforceable regulations.

“Agreements based solely on trust will not deter state-sponsored hackers intent on infiltrating our networks,” Gomez asserted. “They will not prevent future breaches, nor will they guarantee the strengthening of the weakest points in our security infrastructure. The Salt Typhoon incident demonstrates the inadequacy of voluntary cooperation.”

Cybersecurity remains a critical concern for national security and the protection of sensitive data.

The debate highlights the ongoing tension between regulatory oversight and industry flexibility in addressing evolving cyber threats.