The Federal Communications Commission (FCC) passed its proposal on a vote of 2-1 on Thursday to roll back key cybersecurity requirements for telecommunications companies, which lawmakers have warned will jeopardize national security.
During the Biden administration, the FCC established cyber rules under its interpretation of the 1994 Communications Assistance for Law Enforcement Act, ruling that the law “affirmatively requires telecommunications carriers to secure their networks from unlawful access or interception of communications.”
FCC Chair Brendan Carr had criticized that move as “a decision that both exceeded the agency’s authority and did not present an effective or agile response to the relevant cybersecurity threats.”
Carr and Olivia Trusty, a Republican commissioner, voted to support the measure to suspend that interpretation, while Anna Gomez, a Democratic commissioner, voted against that move. Gomez said that the Trump administration’s “FCC has still not put forward a single actionable solution to address the growing cybersecurity threat to our communications networks.”
Gomez’s criticism follows other remarks made by lawmakers, including Sen. Gary Peters, D-Mich., who said he was “disturbed by the FCC’s effort to roll back these basic cybersecurity safeguards, which, if successful, will leave the American people exposed and erode efforts to harden our national security against attacks like these in the future.”
Rolling back the cyber requirements without a replacement mandate “is part of a pattern of weakness on national security issues,” Sen. Maria Cantwell, D-Wash., said in a letter to Carr sent Wednesday.
The requirements were put in place after a large-scale attack from Chinese-affiliated Salt Typhoon intercepted communications between top bipartisan officials last year, including then-candidates President Donald Trump and Vice President JD Vance, as well as associates of former Vice President Kamala Harris.
Cantwell, ranking member of the Senate Committee on Commerce, Science, and Transportation, pointed to other attacks from Salt Typhoon on U.S. law enforcement wiretap systems and its geolocation of “almost every American,” while citing federal officials who said Salt Typhoon has likely hacked at least 200 U.S. organizations and 80 countries.
“With these highly sophisticated foreign threat actors, our efforts should be focused on further enhancing the cybersecurity of our critical infrastructure networks, not rolling back existing protections,” Cantwell wrote.
The senator said that rescinding the cyber requirement would “undermine the FCC’s ability to hold carriers accountable for protecting our nation’s critical communications infrastructure.”
“You have now proposed to reverse this requirement after heavy lobbying from the very telecommunications carriers whose networks were breached by Chinese hackers,” Cantwell wrote.
During the commissioners’ monthly meeting on Thursday, Carr defended the decision by suggesting that the FCC will continue to collaborate with industry to defend its networks.
“The FCC has worked directly with carriers who have agreed to make extensive coordinated efforts to harden their networks against a range of cyber intrusions,” Carr said.
“All of these actions have been well within the FCC’s legal authority and are helping to mitigate network vulnerabilities,” he continued, adding, “In its place, we will continue our work to strengthen and harden the nation’s communications networks and infrastructure.”