As the U.S. grapples with what has been termed "the worst telecommunications hack in our nation’s history," attributed to China’s Salt Typhoon hackers, outgoing FCC Chair Jessica Rosenworcel is unwavering in her commitment to improve network security in her final days in office.
The attack has caused significant alarm, allowing unauthorized access to sensitive information at nine major U.S. telecom companies, compromising the privacy of American phone calls and texts, and threatening the integrity of law enforcement communication systems. This incident has shed light on the alarming vulnerabilities in U.S. telecommunications networks, exacerbated by a lack of strong cybersecurity defenses.
In response, Rosenworcel is advocating for new cybersecurity requirements for telecom operators, asserting that regulation is critical to safeguarding against similar threats in the future. Despite a narrow vote by the FCC to approve her proposal, Rosenworcel faces an uncertain future with the upcoming Republican leadership, as President-elect Donald Trump is poised to take office, and control of the FCC will shift to Commissioner Brendan Carr, who has previously opposed such regulatory measures.
Rosenworcel’s plan comprises two key components. First, it seeks to clarify that telecom companies are legally required to implement cybersecurity measures under the 1994 Communications Assistance for Law Enforcement Act (CALEA). Second, it proposes that a broader array of companies must develop and annually attest to cyber risk-management plans. She believes these measures are necessary for ensuring the networks are protected against future intrusions.
Rosenworcel stresses that America’s communication infrastructure currently lacks fundamental cybersecurity standards and contends that simply relying on the telecommunications industry to self-regulate is insufficient. She emphasizes that the consequences of inaction could be severe, particularly in light of the sophisticated threats faced today.
However, this regulatory push is likely to face resistance from Republican lawmakers and the telecom lobby, which traditionally pushes back against increased regulations. Rosenworcel acknowledges that her approach may not be embraced by the new administration, but she insists that the magnitude of the threats demands a serious and proactive response.
An added challenge is that her proposal relies on the legally ambiguous CALEA, which was enacted decades before the current digital landscape evolved. This has raised concerns about potential legal challenges to the FCC’s authority to enforce these new standards.
As we look ahead, Rosenworcel recognizes the pressing need for the FCC to continue prioritizing cybersecurity, framing it as a matter of national security. She reflects on her tenure and the vital initiatives launched under her leadership, including banning risky foreign equipment, proposing regulations to secure internet traffic systems, and establishing a security labeling program for Internet of Things devices.
With Rosenworcel’s exit imminent and the FCC’s future under Carr evolving, the question remains whether effective cybersecurity measures will continue to be a priority. If proactive steps are not taken, experts worry the U.S. may remain vulnerable to similar, or even more sophisticated cyber threats in the future.
