Despite Chinese hacks, Trump’s FCC votes to scrap cybersecurity rules for phone and internet companies

In a contentious decision, the Federal Communications Commission (FCC) voted 2-1 along party lines to eliminate essential cybersecurity regulations for major U.S. telecommunications companies. This change, led by Trump-appointed commissioners Brendan Carr and Olivia Trusty, has sparked significant alarm among lawmakers and cybersecurity experts. The rules in question mandated that telecom carriers take necessary measures to safeguard their networks from unauthorized access and interception of communications. These regulations were originally implemented by the Biden administration earlier this year in response to increasing cyber threats, including a recent campaign by a China-backed hacking group known as Salt Typhoon. This group successfully infiltrated more than 200 telecommunications providers, including giants like AT&T and Verizon, to conduct extensive surveillance on American officials. FCC Commissioner Anna Gomez, the sole Democrat on the panel, expressed her disapproval of the vote, stating that these rules represented the only significant action taken by the agency to bolster cybersecurity amidst rising threats. Gomez emphasized the importance of enforcing meaningful security measures, warning that collaborative efforts without regulatory backing would not be enough to deter state-sponsored hackers. The decision has drawn criticism from several senior lawmakers. Senator Gary Peters, a prominent figure on the Senate Homeland Security Committee, voiced his concern, stating that the rollback of fundamental cybersecurity protections would leave citizens vulnerable to cyber attacks. Senator Mark Warner, who heads the Senate Intelligence Committee, echoed these sentiments, highlighting that the rule change undermines the establishment of a robust defense against exploitation by malicious actors like Salt Typhoon. In contrast, the National Cable and Telecommunications Association (NCTA), representing the telecom industry, welcomed the FCC's decision, labeling the previous regulations as overly prescriptive and unproductive. Nevertheless, Gomez cautioned that without enforceable standards, the industry’s voluntary cooperation alone wouldn’t suffice to secure networks against future breaches. “If voluntary cooperation were enough, we would not be here today in the wake of Salt Typhoon,” she remarked, underscoring the urgent need for a more effective cybersecurity strategy.