日本語
한국어
Tiếng Việt
简体中文
The Federal Communications Commission (FCC) is scheduled to vote next month on a contentious proposal to eliminate crucial cybersecurity requirements for telecommunications carriers. This move, spearheaded by FCC Chair Brendan Carr, seeks to undo mandates enacted by the commission’s previous leadership, which were a direct response to a series of significant cyberattacks on U.S. telecom infrastructure.
The Controversial Mandate and its Origins
The rules in question stemmed from a January 15 declaration, interpreting the 1994 Communications Assistance for Law Enforcement Act (CALEA) as mandating telecom carriers to secure their networks against unlawful access or communication interception. This declaration followed the devastating “Salt Typhoon” hacking campaign by suspected Chinese government operatives in late 2024. This espionage operation, widely regarded as one of the most damaging cyber incidents in U.S. history, saw hackers penetrate telecom networks, gaining access to federal wiretap information, call recordings of high-profile Americans, and metadata from over a million individuals.
The previous FCC leadership had also proposed implementing these mandates by requiring telecoms to develop cybersecurity plans, including measures to prevent network intrusions, service disruptions, and mitigate supply-chain threats. For then-chair Jessica Rosenworcel, these actions were about filling a dangerous void in federal oversight.
Chairman Carr’s Rationale for Rollback
FCC Chair Brendan Carr, a Republican who initially opposed the declaration, describes the January ruling as an “eleventh hour” decision that “both exceeded the agency’s authority and did not present an effective or agile response to the relevant cybersecurity threats.” In a recent blog post, Carr affirmed his intention to “correct course.”
Carr’s proposed order, made public late Thursday, argues that the FCC’s prior leadership misinterpreted its authority under CALEA, especially regarding the legal interpretation of “interception.” The order further contends that the CALEA declaration’s “inflexible, across the board” requirements created a “burdensome and inchoate compliance standard that does little to secure communications networks and protect national security.”
A Shift Towards “Targeted” Cybersecurity
With the proposed order, Carr aims to rescind not only the CALEA declaration but also the associated proposed rules. Instead of a “one-size-fits-all approach of a single rulemaking,” the FCC plans to adopt a “targeted approach” to foster improved cybersecurity within the industry. Carr alluded to “extensive FCC engagement with carriers,” suggesting reliance on voluntary commitments and “substantial steps that providers have taken to strengthen their cybersecurity defenses.” He asserts that this collaborative model demonstrates the effectiveness of the federal government’s approach, rendering the previous declaratory ruling “unnecessary.”
The Broader Implications for U.S. Telecom Security
Should the FCC vote to discard these mandates, it would effectively eliminate the U.S. government’s most significant direct response to the widespread cybersecurity vulnerabilities exposed in the telecom sector. Currently, U.S. telecom operators largely operate without federal cybersecurity requirements, a situation that critics argue has contributed to repeated major breaches due to outdated and poorly managed infrastructure.
Fresh Cyberattacks Underscore Urgency
The timing of this debate is particularly salient. Just hours after Carr announced his plan, news broke of a suspected nation-state cyberattack on a backbone technology provider essential to both U.S. and international telecom operations. This attack reportedly went undetected for nearly a year, highlighting the persistent and evolving threats facing the global telecommunications landscape. This incident underscores the critical importance of robust cybersecurity measures, even as federal oversight frameworks are being re-evaluated.
As the FCC prepares for its vote, the future of cybersecurity regulation for telecom carriers remains uncertain, setting the stage for an intense debate over the best path to safeguard national security and critical communication infrastructure.