A key U.S. senator is urging the Federal Communications Commission not to abandon its cybersecurity requirements for telecommunications companies.
In the wake of China’s Salt Typhoon espionage attacks on U.S. and allied telecoms, “our efforts should be focused on further enhancing the cybersecurity of our critical infrastructure networks, not rolling back existing protections,” Sen. Maria Cantwell, D-Wash., said in a Nov. 18 letter to FCC Chairman Brendan Carr.
The FCC plans to vote Thursday to scrap cyber rules that the commission began adopting during the Biden administration. The commission first declared that the 1994 Communications Assistance for Law Enforcement Act (CALEA) “affirmatively requires telecommunications carriers to secure their networks from unlawful access or interception of communications,” and then it proposed specific requirements that telecoms should have to meet.
Carr has called the rules misguided and overly burdensome. But Cantwell, the top Democrat on the Senate Commerce Committee, which oversees the FCC, wrote that they “simply brought the agency’s interpretation of [CALEA] in line with current network realities” and represented “a commonsense acknowledgment that providers are responsible for protecting public safety against cybersecurity threats.”
Salt Typhoon, considered one of the most damaging intrusion campaigns in U.S. history, compromised the networks of at least nine U.S. telecom companies and gave China-linked hackers access to federal wiretap records, prominent Americans’ phone calls and text messages and the metadata of many other calls and texts.
“Your proposal to rescind this ruling would undermine the FCC’s ability to hold carriers accountable for protecting our nation’s critical communications infrastructure,” Cantwell told Carr.
Cantwell also questioned Carr’s assertion that voluntary cooperation between the FCC and the telecom industry would protect the sector. In his proposed order rescinding the rules, Carr pointed to the industry’s plan for a new collaboration group, the Communications Cybersecurity Information Sharing and Analysis Center (C2 ISAC), as evidence that telecom firms were serious about staying ahead of cyber threats.
But Cantwell noted that the telecom companies “failed to detect the hacks and have not provided me any of the evidence I requested that they have removed the intruders from their networks.” Cantwell asked AT&T and Verizon for those documents in June but has yet to receive them.
“I strongly encourage that you reverse course,” she wrote to Carr.
Cantwell also asked Carr to testify before the Commerce Committee and provide any documents that the FCC relied on to justify its plan to eliminate the rules, including cyber assessments of the telecoms’ networks.
The FCC did not respond to a request for comment on Cantwell’s letter.
