The Federal Communications Commission voted 2-1 along party lines on Thursday to scrap rules that required US phone and internet giants to meet certain minimum cybersecurity requirements.
The FCC’s two Trump-appointed commissioners, Chairman Brendan Carr and his Republican colleague Olivia Trusty, voted to withdraw the rules that require telecommunications carriers to secure their networks from unlawful access or interception of communications. The Biden administration had adopted these rules prior to leaving office earlier this year.
The FCC’s sole Democratic commissioner, Anna Gomez, dissented. In a statement following the vote, Gomez called the now-overturned rules the only meaningful effort this agency has advanced since the discovery of a sweeping campaign by a China-backed hacking group called Salt Typhoon. That campaign involved hacking into a raft of US phone and internet companies.
The hackers broke into more than 200 telecommunications companies, including AT&T, Verizon, and Lumen, during the years-long campaign to conduct broad-scale surveillance of American officials. In some cases, the hackers targeted wiretap systems that the US government previously required telecom companies to install for law enforcement access.
The FCC’s move to change the rules sparked rebuke from senior lawmakers, including Senator Gary Peters, the ranking member of the Senate Homeland Security Committee. Peters said he was disturbed by the FCC’s effort to roll back basic cybersecurity safeguards and warned that doing so will leave the American people exposed.
Senator Mark Warner, the ranking member of the Senate Intelligence Committee, said that the rule change leaves us without a credible plan to address the basic security gaps exploited by Salt Typhoon and others.
For its part, the NCTA, which represents the telecommunications industry, praised the scrapping of the rules, calling them prescriptive and counterproductive regulations.
But Commissioner Gomez warned that while collaboration with the telecommunications industry is valuable for cybersecurity, it is insufficient without enforcement. She stated that handshake agreements without teeth will not stop state-sponsored hackers in their quest to infiltrate our networks. She added that they won’t prevent the next breach and they do not ensure that the weakest link in the chain is strengthened. Gomez concluded that if voluntary cooperation were enough, we would not be sitting here today in the wake of Salt Typhoon.