FCC Chair Carr Criticizes Agency's Handling of Salt Typhoon Cyber Assaults - New Development
The Federal Communications Commission (FCC) has proposed new cybersecurity rules aimed at strengthening the nation's telecommunications infrastructure, following the Salt Typhoon cyber intrusion that was attributed to Chinese intelligence services.
The Salt Typhoon attacks, which occurred in the fall of 2024, targeted nine major U.S. telecommunications companies, causing significant concern over the vulnerability of the country's communications critical infrastructure. Following the reports, FCC chair Jessica Rosenworcel highlighted the severity of the threat and called for action.
To address these deficiencies, the FCC's proposal includes instituting new rules for telecommunications providers that would require them to submit annual certifications proving their cybersecurity measures meet certain standards. This initiative is intended to ensure that communications service providers (CSPs) maintain robust cybersecurity practices.
The specific cybersecurity requirements for these certifications have not yet been publicly detailed, as the full extent of the attack is still under investigation. However, the FCC's materials relating to Salt Typhoon can be found at a specified location.
In January 2025, the FCC adopted a Declaratory Ruling and a Notice of Proposed Rulemaking (NPRM) aimed at affirming and clarifying its cybersecurity and infrastructure protection authority in response to threats like Salt Typhoon. This ruling emphasizes the need for stronger mandatory cybersecurity standards for the telecommunications sector, addressing vulnerabilities that were exploited during the attack.
Commissioner Brendan Carr, slated to become the FCC's chair in the new Trump administration, has expressed criticism of the FCC's response to the Salt Typhoon cyber intrusion. Carr believes that the FCC's actions are neither serious nor effective and has questioned why the FCC departed from its previous approach at the eleventh hour. Despite his initial skepticism, Carr appears to accept that expanded regulatory efforts are necessary to counter ongoing threats.
Rosenworcel, a Democrat, believes that as technology advances, the U.S. must adapt and reinforce its defenses against cyberattacks. She proposed that communications service providers submit an annual certification to the FCC regarding their cybersecurity risk management plans. Carr, on the other hand, has criticized CALEA as an inappropriate legal basis for the FCC's actions regarding cybersecurity.
The FCC's proposed response to the Salt Typhoon cybersecurity attacks includes the new rules for telecommunications providers and the Declaratory Ruling and NPRM aimed at affirming the FCC's authority to impose mandatory cybersecurity standards. Under Carr's leadership, the FCC continues to vigorously defend the rules in court, signifying a pragmatic approach acknowledging the persistent cybersecurity threats to U.S. telecom networks, especially those posed by Chinese hacking groups like Salt Typhoon.
[1] Source: FCC documents on Salt Typhoon cybersecurity attacks [2] Source: FCC Declaratory Ruling and Notice of Proposed Rulemaking on cybersecurity and infrastructure protection [3] Source: FCC records and public statements by Commissioner Brendan Carr
Read also:
- Gadgets and Tech Essentials to Outshine Your Studies in the Upcoming Academic Term
- A separate cable linking to an RTX 50-Series GPU could potentially not be attributed to Nvidia for the issue.
- Today's top computer savings: Grab the new iPad M3 for $100 less, or snag a RTX 5080 gaming PC with a $400 discount and a complimentary gaming monitor included.
- Nostalgic Tech Revivals: A Look at 10 Forgotten Technologies making a Remarkable Resurgence
