The Federal Communications Commission (FCC) has rolled back several security measures for internet service providers (ISPs). These measures were implemented after Chinese hackers successfully gained access to ISP networks for several months.
“The Federal Communications Commission today took action to correct course and rescind an unlawful and ineffective prior Declaratory Ruling misconstruing the Communications Assistance for Law Enforcement Act (CALEA),” the communications regulator said in a press release published on Friday.
These regulations obligated carriers to implement various minimum security measures to prevent unauthorized access to their networks. In addition, they had to submit annual FCC certifications to show that they met these ends. Lastly, ISPs were required to treat the security of their networks as a legal obligation.
The FCC has now changed its stance and claims that these “ineffective cybersecurity requirements” were implemented as a result of “flawed legal analysis.” Therefore, the Notice of Proposed Rulemaking (NPRM) for effective cybersecurity responsiveness for carriers has been revoked.
“Over the past several months, the agency has engaged with providers that have agreed to take ‘extensive, urgent, and coordinated efforts to mitigate operational risks, protect consumers, and preserve national security interests’ against the range of cyberattacks that target their networks. Today’s action reinforces this commitment going forward,” the FCC stated.
These conditions were implemented by the Biden Administration after it became apparent that the Chinese hacker group Salt Typhoon had gained unauthorized access to ISP networks for months, including those of major companies such as Verizon, AT&T, T-Mobile, and Lumen Technologies.
The FBI even put out a $10 million reward for any information to identify, mitigate, or disrupt Salt Typhoon’s malicious cyber activities.
However, the FCC’s announcement to roll back cybersecurity rules for internet service providers isn’t welcomed by everyone. FCC Commissioner Anna M. Gomez, for example, said that the rollback “is not a cybersecurity strategy,” but an act that leaves Americans less protected than they were the day the Salt Typhoon breach was discovered.
“By rescinding previous efforts to strengthen our networks and offering nothing in their place, the FCC leaves the country less secure at the very moment when these threats are increasing. Salt Typhoon will not be the last attempt to infiltrate our networks, and without immediate action, it will not be the last successful one,” Gomez said in a press release.
Have thoughts about this topic? Others do, too. Join them in the discussion.
BleepingComputer noticed that Senators Maria Cantwell and Gary Peters have also sent letters to the FCC asking them to reconsider.
“I am concerned that your move to drop cybersecurity requirements on carriers is part of a pattern of weakness on national security issues,” Senator Cantwell wrote.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked