Cantwell, Gomez Don’t Want FCC to Repeal Cybersecurity Rule

WASHINGTON, Nov. 19, 2025 – The top Democrat on the Senate Commerce Committee and the only Democrat on the Federal Communications Commission aren’t happy the agency is planning to scrap a cybersecurity rule instituted at the end of the Biden administration.

In January, former FCC Chairwoman Jessica Rosenworcel issued a new rule that interpreted federal wiretapping law to require that telecom carriers secure their entire networks against hacks, rather than just the equipment law enforcement agencies use for surveillance.

The rules were a response to the Salt Typhoon hack, in which hackers linked to the Chinese government gained sweeping access to U.S. telecom networks. Current FCC Chairman Brendan Carr, a commissioner at the time, dissented from the rules and announced last month the agency would vote on repealing them at its Nov. 20 meeting.

“You have now proposed to reverse this requirement after heavy lobbying from the very telecommunications carriers whose networks were breached by Chinese hackers. Your proposal to rescind this ruling would undermine the FCC’s ability to hold carriers accountable for protecting our nation’s critical communications infrastructure,” Sen. Maria Cantwell, D-Wash., said in a Tuesday letter to Carr.

Trade groups opposed to cybersecurity rule

Trade groups have indeed asked the agency to repeal the rule, both in a petition earlier this year and in multiple meetings with agency staff since this summer.

In an August filing, representatives from USTelecom, CTIA, and NCTA called the new rules’ requirements “onerous and vague,” among other things. The industry groups said in an October filing they had been working to improve their cybersecurity measures and favored a voluntary scheme.

Carr said at a press conference last month that the wiretapping law “has a very narrow provision that talks about having the required access for law enforcement inside a wire center, and somehow the FCC read that as a provision that authorized us to adopt untethered cybersecurity standards across every single portion of the network. That’s just not what the statute allowed.”

He said he had been pushing the carriers to take more cybersecurity measures and would announce “the substantial steps that providers have taken to strengthen their cybersecurity defenses,” in the item repealing the January order.

“Since the attacks, some carriers have participated in regular briefings with the Commission and federal law enforcement and intelligence agencies to share information and promote a coordinated national response strategy,” a public draft of the order says.

“In addition, some carriers have taken additional steps to harden their networks in recent months, including implementing accelerated patching cycles, updating access controls, reviewing remote access configurations, improving threat hunting efforts, disabling unnecessary outbound connections to limit lateral network movement, and strengthening contractual obligations with third-party vendors.”

FCC Commissioner Anna Gomez, the lone Democratic commissioner alongside Republicans Carr and Commissioner Olivia Trusty, said Wednesday she wasn't happy about the vote either.

“By rescinding previous efforts to strengthen our networks and offering nothing in their place, the FCC leaves the country less secure at the very moment when these threats are increasing,” she said in a statement Wednesday. “Salt Typhoon will not be the last attempt to infiltrate our networks, and without immediate action it will not be the last successful one.”

Carr and the other FCC commissioners will be testifying before Cantwell’s committee on Dec. 17. 

Sen. Ted Cruz, R-Texas, the committee’s chairman, was one of the few Republicans to criticize Carr's comments about late night host Jimmy Kimmel.