Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Internet service providers and cellular carriers will not be required to meet minimum cybersecurity standards following the Federal Communications Commission’s vote on Thursday.
The FCC voted 2-1 along party lines to reverse course on a January ruling — adopted four days before President Donald Trump’s inauguration — requires providers to issue an annual certification showing they have “established, updated, and implemented a cybersecurity risk management plan.”
The rules apply to a wide range of companies, including cellular carriers, Internet service providersRadio stations and even television broadcasters.
The new requirements were largely in response to “Salt Typhoon” cyber attack.In September last year, hackers linked to the Chinese government broke into the networks of American internet providers such as AT&T, Verizon, and Lumen, which owns CenturyLink and Quantum Fiber. The attackers gained access Millions of metadata for customer calls and text messages and Audio recordings were reportedly captured From people involved in the Harris and Trump campaigns.
“This is a terrible idea,” Cooper Quentin, a senior technologist at the Electronic Frontier Foundation, told CNET. “It’s rolling out the red carpet for another attack.” “I can’t overstate how impactful the Salt Typhoon was. It gave them access to every American’s communications. It affected everyone, and there were no consequences to the telecommunications companies other than having to report regularly.”
So why go back on the rules now? FCC Chairman Brendan Carr said the rules were not necessary because longer-serving providers had already “demonstrated a strengthened cybersecurity posture” in the year following the Salt Typhoon attacks.
This step is the final chapter in Carr’s agenda is “delete, delete, delete.”Which aims to end the “organizational attack from Washington.”
Objections from Democrats came quickly. Mark Warner, Vice Chairman of the Senate Intelligence Committee, Eliminate the requirements, he said “It leaves us without a reliable plan to address the vulnerabilities exposed by Salt Typhoon, including fundamental failures such as credential reuse and the lack of multi-factor authentication for highly privileged accounts.”
In a Letter to Carr Earlier this week, Senator Maria Cantwell said Hurricane Salt allowed the Chinese government to “geo-locate millions of individuals” and “record phone calls at will,” noting that the incident targeted nearly every American.
“You have now proposed eliminating this requirement after intense pressure from the same telecom companies whose networks the Chinese hackers infiltrated,” Cantwell said.
Carr waved off those objections at this morning’s meeting, saying: “Doing anything so we can say we did something is not the answer.”
Blair Levin, a former FCC chief of staff and a telecommunications industry analyst at New Street Research, told me he found Carr’s position counterintuitive.
“If you look at the FCC as the protector of the public interest in modern communications, the idea that you don’t have a role in cybersecurity strikes me as deliberately straightforward,” Levin said.
The ruling is a major win for telecom companies, which have lobbied to overturn the rules. In a The letter was sent to the FCC last monthIndustry groups argued that decades-long cybersecurity cooperation between industry and government meant the rules were not only unnecessary — they “significantly undermine that system and make our networks less secure.”
When I read this quote to Quentin, he laughed and dismissed it as a seven-letter word.
“If having to inform someone of their cybersecurity status makes them less safe, then they have bad cybersecurity,” he said.
Don’t miss any of our unbiased technical content and lab reviews. Add CNET As Google’s preferred source.
How to protect yourself from future cyber attacks
The FCC is taking a step back in monitoring the security of our networks, which means it’s never been more important Practice good cybersecurity yourself. While Hurricane Salt targeted government officials, ordinary Americans may be at risk in future attacks.
“The concern for you or me is more about fraud and cybercrime,” Quentin said, noting. SIM swap attacksinterception of two-factor authentication codes and scammers pretending to be your bank or healthcare provider may become more common.
Here are some steps you can take now to protect yourself and mitigate potential damage:
Set strong passwords and always use multi-factor authentication. for you Passwords They must all be unique, long, and contain a variety of letters, special characters, and numbers. If this sounds impossible to remember, it should be. good Password manager It will do the heavy lifting for you. If you learn that one of your passwords has been compromised in a hack, change it as soon as possible.
Look for phishing attacks. Data breaches provide criminals with a great opportunity to use your personal data against you by sending fraudulent emails, text messages or social media messages. Do not click on links from senders you do not know, and be extremely suspicious of handing over money or personal information to any person or company you have not vetted.
Monitor your financial accounts. It’s always a good idea to keep a close eye on your bank accounts and credit cards, but especially when you’re notified that your personal information has been disclosed. You can also set up account alerts to notify you when a large transaction is made.
Use a VPN. If you’re worried about another Salt Typhoon-style attack from a foreign government or anyone else, the best thing you can do to ensure your connection stays private is Use a trustworthy VPN. Look for advanced features like Jamming, Tor via VPN and a double VPN, which uses a second VPN server for an additional layer of encryption. You can too Install a VPN on your router Directly so that all your traffic is automatically encrypted.