According to TechCrunch, the Federal Communications Commission voted 2-1 along party lines on Thursday to scrap cybersecurity rules for US phone and internet companies. The rules required telecommunications carriers to secure their networks from unlawful access or interception of communications. The vote saw Trump-appointed commissioners Brendan Carr and Olivia Trusty overturn rules that the Biden administration had adopted earlier this year. This decision comes despite the recent discovery that Chinese hacking group Salt Typhoon compromised more than 200 US telcos including AT&T, Verizon and Lumen during a years-long surveillance campaign. Democratic commissioner Anna Gomez dissented, calling the overturned rules the “only meaningful effort” the FCC had advanced since the Salt Typhoon revelations.
Security rollback in dangerous times
Here’s the thing: we’re talking about removing basic cybersecurity requirements right after one of the most significant state-sponsored hacking campaigns against US infrastructure in recent memory. Salt Typhoon wasn’t just some random cybercrime group – they specifically targeted wiretap systems that the government requires telcos to install for law enforcement. So basically, we’re making it easier for foreign actors to access the very systems designed for national security purposes. And this isn’t theoretical – we have documented evidence of over 200 successful breaches already.
Industry preferences over security
The NCTA, representing telecommunications companies, praised the rule elimination as removing “prescriptive and counterproductive regulations.” But Commissioner Gomez nailed it when she said “handshake agreements without teeth will not stop state-sponsored hackers.” Look, voluntary cooperation sounds nice in theory, but if it actually worked, would we be dealing with the aftermath of Salt Typhoon? The industry’s preference for flexibility over mandatory standards seems dangerously short-sighted when we’re talking about critical infrastructure protection.
The political divide becomes security reality
What’s particularly concerning is how this breaks down along party lines. We have Democratic senators like Gary Peters and Mark Warner sounding alarms about leaving Americans exposed, while the Republican FCC commissioners push through the changes. In an ideal world, cybersecurity wouldn’t be partisan. But we’re seeing the practical consequences of that divide play out in real time. The Senator’s statement that this “leaves us without a credible plan” feels particularly damning given the scale of recent breaches.
What comes next?
So where does this leave us? The FCC has issued its cybersecurity proposal and corrective measures, but the elimination of mandatory requirements creates a significant gap. When critical infrastructure protection relies on voluntary cooperation, we’re essentially trusting that profit-driven companies will consistently prioritize security over cost savings. Given that we’re talking about systems that support everything from emergency communications to government operations, that’s a massive gamble. The industry’s celebration of reduced regulation might come back to haunt everyone when the next major breach occurs.
