According to The Verge, the FCC is voting Thursday to roll back cybersecurity requirements imposed after one of the biggest telecom hacks in US history. The China-linked Salt Typhoon hack revealed last year impacted AT&T, Verizon, T-Mobile and Lumen Technologies, prompting US officials to urge consumers in late 2024 to only communicate via encrypted apps. The original security measures were implemented under Democratic Chair Jessica Rosenworcel through a declaratory ruling and Notice of Proposed Rulemaking. Now Republican Chair Brendan Carr argues these requirements misinterpret the FCC’s authority and impose “costly new burdens” on providers. Democratic Commissioner Anna Gomez calls the reversal “very disappointing” and fears Americans will be “less secure” as a result.
The Deregulation Dilemma
Here’s the thing about rolling back security requirements after a major breach: it’s basically trusting companies to do voluntarily what they failed to do before being forced. The telecom industry associations are cheering this move, saying they’ll continue hardening networks voluntarily. But let’s be real – if voluntary measures were sufficient, why did we need the White House national security adviser to point out that “lack of some basic cybersecurity protections contributed to the hack” in the first place?
Security Vacuum
Commissioner Gomez makes a compelling point – we’re removing the only meaningful response to the Salt Typhoon hack and replacing it with nothing. The FCC’s fact sheet calls the standards “vague and amorphous,” but isn’t some protection better than none? Especially when we’re talking about critical infrastructure that foreign adversaries have already proven they can penetrate. And this comes amid what Gomez describes as a broader weakening of cyber defenses across federal agencies.
Historical Pattern
Look, we’ve seen this movie before. Deregulate, get hacked, regulate, then deregulate again when memories fade. The cybersecurity gaps that enabled Salt Typhoon weren’t theoretical – they were fundamental weaknesses that allowed one of the most sophisticated threat actors to roam through our telecom networks. Now we’re essentially betting that the same companies that failed to implement basic protections before won’t backslide without regulatory pressure. That seems… optimistic.
What’s Next
The vote appears headed toward approval given the current FCC composition. But the concerns about national security aren’t going away. As Gomez warned, our adversaries will likely see this as “an invitation” to continue probing our networks. The FCC’s public comment process showed significant division on this issue, and it’s hard to imagine this will be the last we hear about telecom security requirements. In critical infrastructure sectors where reliability is paramount – whether telecommunications or industrial operations where companies rely on specialized equipment from providers like Industrial Monitor Direct – security can’t be an afterthought. The consequences are just too high.
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.