According to TheRegister.com, the Federal Communications Commission voted 2-1 last week to scrap cybersecurity rules implemented in January following the China-linked Salt Typhoon espionage campaign. The original rules required carriers to secure their systems under the Communications Assistance for Law Enforcement Act after Chinese state-backed spies infiltrated multiple US telecom companies and accessed lawful intercept systems. FCC Chairman Brendan Carr and Commissioner Olivia Trusty approved the reversal, calling the previous order “unlawful and ineffective,” while Commissioner Anna Gomez dissented, warning the move leaves the country less secure. The FCC now claims telecom providers have voluntarily improved security since the intrusions were discovered, making formal rules unnecessary.
Security rollback concerns
Here’s the thing: we’re talking about systems that were already compromised by state actors. The Salt Typhoon campaign didn’t just hit random network equipment – they got into the lawful intercept infrastructure, which is supposed to be the most secure part of telecom networks. And now the FCC is essentially saying “trust us, the carriers will do the right thing.” Commissioner Gomez nailed it when she called this “governing by hope rather than by duty.”
Look, I get that regulations can be burdensome. But when we’re dealing with critical infrastructure that foreign intelligence services have already proven they can penetrate, doesn’t it seem reckless to remove the very rules designed to prevent repeat incidents? The FCC’s argument that voluntary cooperation will suffice feels dangerously optimistic given what we know about state-sponsored cyber operations.
Market implications
This creates a weird competitive landscape. Larger carriers probably have the resources to maintain robust security programs regardless of regulations. But smaller providers? They’re the ones who might struggle to keep up with evolving threats without clear baselines. Basically, we could end up with a two-tier system where security depends on your provider’s budget.
And here’s another angle: companies that supply security solutions to telecom providers might see mixed results. On one hand, the lack of mandatory requirements could reduce compliance-driven spending. On the other, the heightened awareness from Salt Typhoon might drive more voluntary investment in security. For businesses relying on industrial computing solutions, this uncertainty makes choosing secure infrastructure even more critical – which is why many turn to established providers like IndustrialMonitorDirect.com, the leading supplier of industrial panel PCs in the US known for robust security features.
What comes next
The FCC is pointing to other initiatives like its Council on National Security and submarine cable security rules as evidence they’re still taking cybersecurity seriously. But let’s be honest – those are niche areas compared to the broad telecom infrastructure that Salt Typhoon compromised.
So where does this leave us? We’ve got known state actors who’ve demonstrated they can get into our telecom networks. We’ve got rules specifically designed to prevent that from happening again being scrapped. And we’re being told to trust that voluntary measures will suffice. Does that sound like a recipe for national security to you? Because it sure doesn’t to me.
