FCC Rescinds Cybersecurity Requirements for Telecommunications Carriers

The Federal Communications Commission (FCC) has rescinded its rule that required telecommunications carriers to safeguard their networks from cyberattacks, saying it will instead partner with carriers to strengthen cybersecurity.

The regulator said in a Thursday (Nov. 20) press release that the declaratory ruling and notice of proposed rulemaking (NPRM) were unlawful and proposed ineffective requirements.

It was reported in February that the declaratory ruling and NPRM were issued in the final days of Jessica Rosenworcel’s tenure as chair of the Democrat-led FCC.

The declaratory ruling affirmed that the Communications Assistance for Law Enforcement Act (CALEA) required telecommunications carriers to safeguard their networks from unlawful access, while the NPRM aimed to extend cybersecurity and supply chain risk management requirements to a broader range of service providers.

When announcing its decision to rescind these actions on Thursday, the FCC said that the declaratory ruling misconstrued CALEA. The regulator also said that communications service providers have strengthened their cybersecurity posture over the past several months and will continue to do so.

The FCC’s action to rescind the prior measures was approved by two commissioners, with a third commissioner dissenting, according to the release.

FCC Chairman Brendan Carr said in a Thursday statement that he approved the move because actions the regulator takes to protect the nation’s communications systems from cybersecurity threats must be both lawful and effective.

Carr said that the Biden-era measures resulted from a “rushed and eleventh-hour approach to cybersecurity” and that under his leadership, the FCC has worked directly with carriers and taken other actions to protect against cyber intrusions.

Commissioner Olivia Trusty, who also approved the rescinding of the prior measures, said in a statement that the move affirms the FCC’s commitment to act within its regulatory authority and to pursue actions that are “targeted and enforceable.”

“Importantly, today’s decision does not signal a retreat from our cybersecurity mission,” Trusty said in the statement. “On the contrary, it reflects a recognition that one of the most effective defenses against foreign threats comes from a dynamic partnership between the federal government and the private sector.”

Commissioner Anna Gomez, who dissented from the rescinding of the measures, said in a statement that the prior measures were advanced in response to Salt Typhoon’s breach of American telecommunications infrastructure and that the FCC’s rescinding of those measures “reverses the only meaningful effort this agency has advanced in response to that attack.”

“We’re told the answer is not regulation, but voluntary cooperation,” Gomez said in the statement. “Collaboration is valuable and I support it as one part of a comprehensive cybersecurity strategy. However, collaboration is not a substitute for obligation.”

The post FCC Rescinds Cybersecurity Requirements for Telecommunications Carriers appeared first on PYMNTS.com.