FCC Eases Cybersecurity Rules for US Telecom Companies

The Federal Communications Commission has voted to eliminate mandatory cybersecurity requirements for US telecommunications carriers, raising concerns about national security vulnerabilities.

Key Takeaways

• FCC removes mandatory cybersecurity rules for telecom companies
• Decision follows China-linked Salt Typhoon hacking campaign
• Senior lawmakers warn of security gaps
• Industry group supports rule removal

The FCC has eliminated regulations that required phone and internet providers to maintain minimum cybersecurity standards. The repealed rules mandated carriers to “secure their networks from unlawful access or interception of communications.”

Commissioners appointed by former President Donald Trump voted to withdraw the Biden-era regulations implemented in January. FCC Commissioner Anna Gomez criticized the move, calling the rules the “only meaningful effort this agency has advanced” since discovering a major hacking campaign.

Salt Typhoon Hacking Campaign

The China-backed Salt Typhoon cybercrime group compromised over 200 US telecommunications companies, including AT&T, Verizon and Lumen. The multi-year operation conducted widespread surveillance of American officials and targeted wiretap systems designed for law enforcement access.

Lawmaker Reactions

Senior US lawmakers expressed strong concerns about the FCC’s decision. Senator Gary Peters (D-MI) cautioned that the rule change would create security vulnerabilities.

Senator Mark Warner (D-VA) stated the reversal “leaves us without a credible plan” to address security weaknesses exploited by Salt Typhoon and similar threats.

The telecommunications industry, represented by NCTA, supported removing the regulations, describing them as burdensome.