The Federal Communications Commission voted 2-1 along party lines Thursday to repeal rules that require U.S. phone and Internet giants to meet certain minimum cybersecurity requirements.
The FCC’s two Trump-appointed commissioners, Chairman Brendan Carr and his Republican colleague Olivia Trustee, voted to repeal rules that require “Despite Chinese hacks” telecommunications carriers to “protect their networks from unlawful access or interception of communications.” The rules were adopted by the Biden administration before leaving office Earlier this year.
Ana Gomez, the FCC’s lone Democratic commissioner, dissented. A statement After the vote, Gomez called the now-reversed rule “the only meaningful effort this agency has advanced” since the discovery of a massive campaign by a China-backed hacking group called Salt Typhoon that involved hacking a raft of US phone and Internet companies.
Despite Chinese hacks
Hackers penetrated more than 200 telcos, including AT&T, Verizon and Lumen, in a years-long campaign to carry out mass “Despite Chinese hacks” surveillance of American officials. In some cases, hackers targeted wiretap systems that the US government previously required telcos to install for law enforcement access.
The FCC’s move to change the rules drew rebukes from senior lawmakers, including Sen. Gary Peters (D-MI), the ranking member of the Senate Homeland Security Committee. Peters said he was “disturbed” by the FCC’s efforts to roll back “fundamental cybersecurity safeguards” and warned that doing so would “expose the American people.”
Sen. Mark Warner (D-VA), ranking member of the Senate Intelligence Committee, said in a statement That rule change “leaves us without a credible plan” to address fundamental security loopholes exploited by Salt Typhoon and others.
For its part, NCTA, which represents “Despite Chinese hacks” the telecommunications industry, appreciated Repealing the rules, calling them “directive and retroactive regulations”.
But Gomez cautioned that collaboration with the telecommunications industry, while valuable for cybersecurity, is insufficient without enforcement.
“Handshake agreements without teeth will not stop state-sponsored hackers in their quest to infiltrate our networks,” Gomez said. “They don’t prevent further violations. They don’t ensure that the weakest link in the chain is strengthened. If voluntary cooperation was enough, we wouldn’t be sitting here today in the wake of the Salt Typhoon.”