The Federal Communications Commission has voted 2–1 along party lines to overturn rules requiring U.S. phone and internet companies to meet basic cybersecurity standards. The rules, adopted earlier this year under the Biden administration, required carriers to secure their networks against unlawful access or interception.
FCC chair Brendan Carr and Republican commissioner Olivia Trusty voted to withdraw the standards, while the agency’s only Democratic commissioner, Anna Gomez, dissented. Gomez called the repealed rules the “only meaningful effort” the FCC had made since the discovery of Salt Typhoon, a China-backed hacking campaign that infiltrated more than 200 U.S. telecommunications companies, including AT&T, Verizon, and Lumen.
Salt Typhoon’s operation, which ran for years, targeted telecom infrastructure to conduct surveillance on U.S. officials. In some cases, hackers even went after government-mandated wiretap systems used by law enforcement.
Related: Paystack Suspends CTO Ezra Olubi Over Misconduct Allegations
The decision to roll back the rules drew sharp criticism from lawmakers. Sen. Gary Peters warned the FCC’s move would “leave the American people exposed,” while Sen. Mark Warner said it leaves the country with “no credible plan” to address the vulnerabilities exploited by Salt Typhoon and other groups.
Industry groups, however, welcomed the vote. The NCTA, which represents major telecom companies, called the cybersecurity rules “prescriptive and counterproductive.”
Gomez argued that voluntary cooperation with industry is not enough to protect critical networks.
“Handshake agreements without teeth will not stop state-sponsored hackers,” she said. “They won’t prevent the next breach.”
