As the United States struggles to expel China from its communications networks, Jessica Rosenworcel, the outgoing Democratic chairwoman of the Federal Communications Commission, says it is vital for her Republican successor to maintain strong oversight of the telecommunications industry.
The government is still recovering from the Chinese “Salt Typhoon” hacking campaign that penetrated at least nine American telecommunications companies and gave Beijing access to Americans’ phone calls and text messages and the wiretapping systems used by law enforcement. The operation took advantage of the surprisingly poor cybersecurity of American operators, including an AT&T administrator account that lacked basic safety protections.
To prevent a repeat of the unprecedented intrusion into telecommunications, Rosenworcel used the final days of his leadership at the FCC to propose new cybersecurity requirements for telecommunications operators. On Thursday, the commission voted closely to approve your proposal. But those rules face a bleak future, as President-elect Donald Trump prepares to take office and control of the FCC is transferred to Commissioner Brendan Carr, a Trump ally who voted against Rosenworcel’s regulatory plan.
In an interview days before Trump’s inauguration, Rosenworcel insists that regulation is part of the answer to the telecommunications security crisis in the United States. And he has a stern message for Republicans who believe the solution is to let telecommunications control themselves.
“We are grappling with what has been described as the worst telecommunications hack in our nation’s history,” he says. “Either serious measures are taken or not.”
“The right thing”
Rosenworcel’s plan It consists of two steps. First, the FCC formally declared that the Communications Law Enforcement Assistance Act (CALEA) of 1994, which required telecommunications companies to design their telephone and Internet systems to comply with wiretapping, also requires them to implement basic cyber defenses to prevent tampering. Next, the FCC proposed requiring a broader range of companies regulated by the commission to develop detailed cyber risk management plans and annually certify their implementation.
The outgoing president describes the rules as a common-sense response to a devastating attack.
“In the United States, in 2025, most consumers would be surprised to learn that our networks do not have minimum cybersecurity standards,” Rosenworcel says. “We are asking carriers to develop a plan and certify that they are following it. That’s the right thing to do.”
Without these standards, he adds, “our networks will lack the protection they need against nation-state threats like this in the future.”
But Republicans are unlikely to accept the new regulations on telecommunications networks. The powerful telecommunications industry tends to strongly oppose any new regulations, and Republicans almost always support the industry in these debates.
Sen. Ted Cruz, a Texas Republican who now chairs the Commerce Committee, called Rosenworcel’s plan “a Band-Aid at best and, at worst, a covering up of a serious blind spot.” during a hearing in December.
Carr—who last month called salt typhoon “deeply concerning”—voted against Rosenworcel’s proposal, along with fellow Republican commissioner Nathan Simington. Carr’s office did not respond to a request for comment on the new regulations. but he has repeatedly criticized Rosenworcel’s approach to enforcing rules in the telecommunications industry, accusing it of overreaching and warning that the FCC must get a grip or face pushback from the courts.