The Federal Communications Commission is abandoning cybersecurity rules it rushed into place after China's devastating Salt Typhoon hack exposed major telecom carriers. Republican Chair Brendan Carr's FCC will vote Thursday to rescind security requirements that were meant to prevent another breach affecting AT&T, Verizon, T-Mobile and other providers.
The Federal Communications Commission just pulled the plug on its only meaningful response to one of the biggest cybersecurity disasters in US telecom history. Republican Chair Brendan Carr's FCC is set to vote Thursday to scrap cybersecurity rules that were hastily implemented after China's Salt Typhoon hackers infiltrated America's largest carriers.
The timing couldn't be more revealing. Less than a year after the China-linked Salt Typhoon hack exposed critical vulnerabilities at AT&T, Verizon, T-Mobile, and Lumen Technologies, the agency is abandoning the very safeguards designed to prevent a repeat performance. The hack was so devastating that federal officials urged Americans to communicate only through encrypted apps, fearing Chinese operatives were still lurking in carrier networks.
The FCC's previous Democratic leadership, led by Jessica Rosenworcel, responded with emergency cybersecurity requirements and opened public comment on additional protections. Now Carr's team is calling those measures an overreach, arguing in a fact sheet that the rules impose "vague and amorphous" standards with "costly new burdens" on providers.
Telecom industry groups are cheering the reversal. They've lobbied the FCC to kill the requirements, insisting carriers have already hardened their networks voluntarily since the breach. The industry argues the FCC overstepped its authority and that existing security measures are sufficient to handle sophisticated state-sponsored threats.
But Democratic Commissioner Anna Gomez isn't buying it. "We are going to reverse the only meaningful effort this agency has advanced in response to that hack," she told The Verge in an exclusive interview. She warns that voluntary industry efforts aren't enough when facing advanced persistent threats from nation-state actors.
The Salt Typhoon breach exposed how unprepared US telecom infrastructure was for sophisticated attacks. A White House national security adviser revealed that carriers' lack of basic cybersecurity protections contributed to the hack's success. The attackers gained access to wiretapping systems used by law enforcement, potentially compromising sensitive government communications.
This regulatory rollback comes as US cyber defenses face mounting pressure from budget cuts and political attacks on federal cybersecurity agencies. Gomez fears the Trump administration is "weakening our cyber defenses" just when America needs an "all hands on deck strategy" against increasingly bold adversaries.
Carr has framed the rollback as a necessary course correction, part of his broader deregulation agenda. But critics argue it sends the wrong signal to both industry and adversaries. The message: America's telecom networks are once again open season for state-sponsored hackers.
The political timing raises uncomfortable questions about priorities. While China's cyber capabilities continue advancing, US regulators are retreating from oversight just months after a breach that shook national security officials. Industry promises of voluntary compliance ring hollow when previous voluntary measures failed to prevent Salt Typhoon's success.
Gomez's warning feels prophetic: "My fear is Americans will be less secure from the day this hack was discovered a little over a year ago. And our adversaries will see this as an invitation, and will continue to prod our networks." The FCC's vote Thursday will test whether America learned anything from its worst telecom security failure in decades.
The FCC's decision to abandon cybersecurity rules after Salt Typhoon represents a troubling retreat from accountability just when America needs stronger defenses. By choosing industry convenience over national security, regulators risk leaving the door open for the next devastating breach. Whether voluntary industry measures can protect critical infrastructure from determined nation-state actors remains an expensive gamble with Americans' digital security.
