The Federal Communications Commission voted 2-1 along party lines Thursday to eliminate rules requiring U.S. phone and Internet giants to meet certain minimum cybersecurity requirements.
The two Trump-appointed FCC commissioners, Chairman Brendan Carr and fellow Republican Olivia Trusty, voted to withdraw rules requiring telecommunications carriers to “protect their networks against unlawful access to or interception of communications.” The Biden administration had adopted these rules before leaving office. earlier this year.
The FCC’s only Democratic commissioner, Anna Gómez, disagreed. in a statement After the vote, Gomez called the now-revoked rules the “only significant effort this agency has made” since the discovery of a broad campaign by a Chinese-backed hacking group. called salt typhoon which involved hacking a raft of US Phone and Internet Companies.
Hackers broke into more than 200 telecommunications companies, including AT&T, Verizon and Lumen, during the years-long campaign to carry out large-scale surveillance of US officials. In some cases, hackers targeted wiretapping systems which the US government previously required telecommunications companies to install for law enforcement access.
The FCC’s decision to change the rules drew rebuke from top lawmakers, including Sen. Gary Peters (D-MI), ranking member of the Senate Homeland Security Committee. Peters said he was “disturbed” by the FCC’s effort to roll back “basic cybersecurity safeguards” and warned that doing so would “leave the American people exposed.”
Senator Mark Warner (D-VA), ranking member of the Senate Intelligence Committee, said in a statement that the rule change “leaves us without a credible plan” to address the basic security gaps exploited by Salt Typhoon and others.
For its part, the NCTA, which represents the telecommunications industry, praised the elimination of standards, calling them “prescriptive and counterproductive regulations.”
But Gómez warned that although collaboration with the telecommunications industry is valuable for cybersecurity, it is insufficient without its application.
“No forceful handshake agreements will not stop state-sponsored hackers in their quest to infiltrate our networks,” Gomez said. “They will not prevent the next violation. They do not guarantee that the weakest link in the chain will be strengthened. If voluntary cooperation were enough, we would not be sitting here today after the salt typhoon.”
