"The Federal Communications Commission (FCC) has scrapped a set of telecom cybersecurity rules introduced after the Salt Typhoon espionage campaign, reversing course on measures designed to stop state-backed snoops from slipping back into America's networks. In a 2-1 vote last week, the agency revoked the January Declaratory Ruling that had sought to force carriers to lock down their systems under the Communications Assistance for Law Enforcement Act (CALEA)."
"The rollback follows what the Commission describes as months of "extensive, urgent, and coordinated" cooperation from carriers following the Salt Typhoon discovery. In its announcement [PDF], the FCC claims that providers have already stepped up access controls, improved incident response, and generally become more attentive to cyber risks - less thanks to the rule itself and more due to what the agency frames as a voluntary clean-up effort after the intrusions. This marks a notable pivot from the mood earlier this year, when Salt Typhoon was revealed to have burrowed into multiple US telecom companies and lingered inside key systems."
"As The Register reported at the time, the Chinese state-backed espionage crew gained access not just to standard network management gear but also to parts of the lawful intercept stack - systems that are supposed to be the most tightly controlled parts of a carrier's infrastructure. The January ruling was sold as a necessary response to that fiasco: a baseline set of obligations to stop foreign intelligence services waltzing through carrier defenses."
The Federal Communications Commission voted 2-1 to revoke the January Declaratory Ruling that would have required carriers to harden systems under CALEA after the Salt Typhoon intrusions. The Commission characterized the earlier rule as unlawful and ineffective and withdrew the accompanying Notice of Proposed Rulemaking. The agency credits months of coordinated cooperation from providers for improved access controls, incident response, and heightened attention to cyber risks, framing those changes as voluntary rather than rule-driven. The Salt Typhoon intrusions had reached lawful intercept systems, prompting initial calls for baseline obligations to block state-backed espionage.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]