As the United States struggles to cut China out of its communications networks, Jessica Rosenworcel, the outgoing Democratic president Federal Communications Commissionsays maintaining strong oversight of the telecommunications industry is key for her Republican successor.
The government is still wavering with the Chinese “Salt Typhoon” hacking campaign. which hacked into at least nine US telecommunications companies and gave Beijing access to Americans’ phone calls and text messages and to wiretapping systems used by police. The operation took advantage of the shockingly poor cyber security of US carriers, including AT&T administrator account which did not have basic security protections.
To prevent a repeat of the unprecedented telecom intrusion, Rosenworcel used the final days of her FCC leadership to propose new cybersecurity requirements for telecom operators. On Thursday, the commission narrowly voted approve her proposal. But those rules face a bleak future, with President-elect Donald Trump poised to take office and hand control of the FCC to Commissioner Brendan Carr, a Trump ally who voted against Rosenworcel’s regulatory plan.
In an interview days before Trump’s inauguration, Rosenworcel was adamant that regulation is part of the answer to America’s telecommunications security crisis. And she has a harsh message for Republicans who think the solution is to let the telecoms run their own business.
“We are grappling with what has been described as the worst telecommunications hack in our nation’s history,” she says. “Either you take serious action or you don’t.”
“The right thing to do”
Rosenworcel’s plan consists of two steps. First, the FCC officially announced that the Communications Assistance for Law Enforcement Act (CALEA) of 1994, which required telecommunications companies to design their telephone and Internet systems to accommodate eavesdropping, also required them to implement basic cyber defenses to prevent tinkering. The FCC then proposed requiring a broader range of companies regulated by the Commission to develop detailed cyber risk management plans and certify their implementation annually.
The outgoing president describes the rules as a common-sense response to the devastating attack.
“In the United States in 2025, most consumers would be shocked to learn that our networks do not have minimum cybersecurity standards,” says Rosenworcel. “We are asking carriers to develop a plan and confirm that they are following that plan. It’s the real deal.”
Without these standards, she adds, “our networks in the future will lack the protection they need against these kinds of nation-state threats.”
But Republicans are unlikely to accept new regulations on telecommunications networks. The powerful telecommunications industry tends to be staunchly opposed to any new regulations, and Republicans almost always side with the industry in these debates.
Senator Ted Cruz, the Texas Republican who now chairs the Commerce Committee, called Rosenworcel’s plan “at best a Band-Aid and at worst a cover-up for a serious deadlock.” during the hearing in December.
Carr—which last month called Salt Typhoon “deeply troubling” — voted against Rosenworcel’s proposal, along with fellow Republican Commissioner Nathan Symington. Carr’s office did not respond to a request for comment on the new regulations. But there is repeatedly criticized Rosenworcel’s approach to enforcing rules in the telecommunications industry, accusing it of overreach and warning that the FCC must rein in or face pushback from the courts.