- FCC repeals cybersecurity rules for telecommunications companies
- These protections were put in place after the network breach by the Chinese actor Salt Typhoon.
- The Trump administration is rolling back regulations in the industry.
The Republican-led Federal Communications Commission (FCC) voted to reverse the measures taken after Typhoon Salt.
The mandatory safeguards required telecommunications companies to implement basic security controls and network protections and encouraged cooperation among major network providers to protect consumers and national security.
In the Salt Typhoone attacks, malicious actors hid in US telecommunications networks for more than a year and collected data in one of the largest cyberespionage campaigns ever recorded.
“Neither legal nor effective”
The FCC voted to overturn the decision, saying it was “ineffective because it neither addressed the nature of the relevant cybersecurity threats nor was consistent with the flexible and collaborative approach to cybersecurity that has proven to be effective,” the FCC said. Note on Commission documents.
FCC members argue that telecommunications companies voluntarily strengthen their cybersecurity and networks against intruders, meaning the rules place a heavy legal burden on companies that are already doing this work.
Minister Marlene Dortch said the protection order “imposes the same strict and general cybersecurity requirements on all telecommunications providers, regardless of their risk, size or organizational structure.”
“This vague and amorphous standard threatens to impose costly new burdens on many vendors that are either irrelevant to the potential threats they face or unnecessary because those vendors may already have sufficient cybersecurity practices in place to adequately mitigate the risk of successful attacks by the most sophisticated threat actors,” he wrote.
The move follows a predictable trend in the Trump administration, which has repeatedly demonstrated its failure to prioritize online security, already decimating public cybersecurity agencies through layoffs and reassignments within CISA.
The administration has also shown its deregulatory goals, particularly in the tech sector, going so far as to ignore state laws to eliminate existing protections for AI consumers and give more freedom to AI companies.
IN the file