FCC Adopts Cybersecurity Rules in Wake of Salt Typhoon

The incoming chair dissented from the order.

FCC Adopts Cybersecurity Rules in Wake of Salt Typhoon
Photo by Philipp Katzenberger

WASHINGTON, Jan. 16, 2025 – The Federal Communications Commission adopted new cybersecurity rules Thursday in the wake of the Salt Typhoon hacks, the agency said.

“Our existing rules are not modern. It is time we update them to reflect current threats so that we have a fighting chance to ensure that state-sponsored cyberattacks do not succeed,” FCC Chairwoman Jessica Rosenworcel said in a statement. “The time to take this action is now. We do not have the luxury of waiting.”

The hack, linked to the Chinese government, saw an unprecedented breach of U.S. telecommunications networks, reportedly targeting both presidential campaigns and government wiretapping systems. The three major wireless carriers have said they expunged hackers from their systems.

The newly adopted rules—which take effect immediately—specify that federal wiretapping law, Section 105 of the Communications Assistance for Law Enforcement Act, creates a legal requirement for telecom carriers to secure their networks generally against hacks. The law applies to broadband providers, and companies can face fines for infractions.

Also adopted was a proposal that seeks comment on instituting an annual reporting requirement, plus risk management rules and “additional ways to strengthen the cybersecurity posture of communications systems and services.”

The agency marshalled support from White House National Security Advisor Jake Sullivan and CISA Director Jen Easterly, both of whom, like Rosenworcel, will step down on Jan. 20.

The rules are “a critical step to require U.S. telecoms to improve cybersecurity to meet today’s nation state threats, including those from China’s well-resourced and sophisticated offensive cyber program,” Sullivan said in a statement.

FCC Commissioner Brendan Carr, the incoming Republican chairman of the agency, didn’t publicly oppose the rules when they first circulated in December, but he made clear ahead of the announcement he was against the order.

“The Biden FCC decided to force a vote on a partisan, uncoordinated, and counterproductive approach to the Salt Typhoon cybersecurity threats,” he posted on X Wednesday night. He said the agency didn’t have authority under CALEA to impose network obligations outside of the specific components carriers have to open for government surveillance.

Carr has opposed extra regulation on telecom companies, but has also been hawkish on China. Senate Commerce Committee Chairman Ted Cruz, R-Texas, also criticized the proposal that preceded the rules at a hearing last month.

Popular Tags