Reversing previous cybersecurity regulations, the Federal Communications Commission voted 2-1 along party lines to eliminate requirements for U.S. phone and internet giants to adhere to specific minimum cybersecurity standards.
The decision to rescind the rules that mandated telecommunication carriers to secure their networks from unauthorized access or communication interception was supported by the FCC’s two Trump-appointed commissioners, chairman Brendan Carr and Republican colleague Olivia Trusty. These regulations were put in place by the Biden administration before their transition earlier this year.
On the opposing end, FCC’s lone Democratic commissioner, Anna Gomez, dissented from the decision. In a statement post-vote, Gomez expressed disappointment in the overturning of regulations that she deemed as the agency’s significant effort following the exposure of a large-scale cyber campaign by a China-backed hacking group known as Salt Typhoon. This breach involved infiltrating numerous U.S. phone and internet companies, including major players like AT&T, Verizon, and Lumen, for extensive surveillance purposes targeting American officials.
The move by the FCC to revoke these cybersecurity rules has drawn criticism from influential lawmakers like Sen. Gary Peters (D-MI), who serves as the ranking member of the Senate Homeland Security Committee. Peters voiced his concerns over the rollback of essential cybersecurity protections, cautioning that such actions could leave the American populace vulnerable to cyber threats.
Similarly, Sen. Mark Warner (D-VA), the ranking member of the Senate Intelligence Committee, expressed his apprehension in a statement, highlighting the absence of a credible strategy to address fundamental security gaps exploited by entities like Salt Typhoon in the absence of these regulations.
While the NCTA, representing the telecommunications industry, applauded the elimination of these rules, labeling them as overly prescriptive and counterproductive, Gomez emphasized the necessity of enforcement in conjunction with industry cooperation to effectively combat cybersecurity threats.
Gomez emphasized the insufficiency of informal agreements without enforcement measures in deterring state-sponsored hackers and preventing future breaches. She underscored the importance of strengthening the weakest links in the network chain to enhance overall cybersecurity defenses, stressing that voluntary cooperation alone may not suffice in the face of sophisticated cyber threats like Salt Typhoon.
