As the United States tries to push China out of its communications networks, Jessica Rosenworcel, the Democratic chairman of the Federal Communications Commission, says maintaining strong oversight of the telecommunications industry is critical to her Republican successor.
The administration is still reeling from China’s “Salt Typhoon” hacking campaign, which infiltrated at least nine US telecommunications companies and gave Beijing access to Americans’ phone calls and text messages and wiretapping systems used by law enforcement. The operation exploited the lax cybersecurity of US telecommunications companies, including an AT&T administrator account that lacked basic security protections.
To prevent a repeat of the unprecedented telecom intrusion, Rosenworcel used the waning days of his FCC leadership to propose new cybersecurity requirements for telecom operators. On Thursday, the commission narrowly voted down his proposal. But those rules face a bleak future as President-elect Donald Trump prepares to take over and hand control of the FCC to Commissioner Brendan Carr, a Trump ally who voted against Rosenworcel’s regulatory plan. .
In an interview a few days before Trump’s inauguration, Rosenworcel insisted that regulation is part of the answer to America’s telecommunications security crisis. And he has a stern message for Republicans who think the solution is to police their own telecoms.
“We are fighting what has been described as the worst telecommunications hack in our country’s history,” he says. “Either you take serious action or you don’t.”
“doing the right thing”
Rosenworcel’s plan consists of two stages. First, the FCC formally announced that the Communications Assistance for Law Enforcement Act (CALEA) of 1994, which required telecommunications companies to design their telephone and Internet systems to accommodate wiretapping, also required them to implement defense Primary cyber to prevent manipulation. Next, the FCC proposed to require a wider range of companies under the Commission’s supervision to develop detailed cyber risk management plans and certify their implementation annually.
The outgoing chief describes the rules as a rational response to a devastating attack.
“In the United States in 2025, it will shock most consumers to learn that our networks do not meet minimum cybersecurity standards,” says Rosenworcel. We require carriers to develop a plan and certify that they are following that plan. This is the right thing to do.”
Without these standards, he adds, “our networks in the future will lack the protection they need against threats from nation-states like this.”
But Republicans are unlikely to welcome new regulations on telecommunications networks. The powerful telecom industry tends to staunchly oppose any new regulations, and Republicans almost always side with the industry in these debates.
Sen. Ted Cruz, R-Texas, who now chairs the Commerce Committee, called Rosenworsel’s plan “a band aid at best and a serious blind spot at worst” at a hearing in December.
Carr — who last month called the salt storm “deeply troubling” — voted against Rosenorsel’s proposal along with his Republican commissioner, Nathan Symington. The bureau did not respond to a request for comment on the new regulations. But he has repeatedly criticized Rosenworcel’s approach to enforcing rules in the telecom industry, accusing him of overreach and warning that the FCC must restrain itself or face pressure from the courts.
