Telecommunications Industry Faces Tightened Cybersecurity Regulations in Light of Salt Typhoon Aftermath
In a bid to secure U.S. telecommunications networks from foreign adversary threats, particularly those linked to China, the Federal Communications Commission (FCC) has proposed and enacted a series of new rules and regulatory actions [1][2][3][4]. These measures aim to enhance transparency, restrict foreign ownership, and strengthen security oversight over telecom infrastructure and equipment.
Key details of the proposed FCC rules include:
1. **Enhanced Foreign Ownership Disclosure Requirements:** The FCC has issued a Notice of Proposed Rulemaking (NPRM) to establish a uniform reporting system that broadens ownership disclosure obligations for various entities, including wireless licensees, spectrum auction applicants, and Eligible Telecommunications Carriers receiving Universal Service Fund support [1][2]. This requires these entities to disclose any ownership interests held by entities linked to foreign adversaries, such as China.
2. **Definition of Foreign Adversaries and Restrictions:** The rules define "foreign adversary" entities, aiming to reduce their influence on critical telecommunications infrastructure and supply chains. This includes prohibiting foreign adversary entities from owning or controlling telecommunications certification bodies and measurement facilities that are critical for equipment validation [1][2].
3. **Security Assessments and Authorization Revocation for Equipment:** The FCC is proposing authority to revoke previously approved equipment authorizations linked to foreign adversaries. Equipment authorized prior to February 6, 2023, such as Huawei devices, still pose a national security threat because they retain remote communication capabilities and can be used for espionage or cyberattacks. The FCC plans to require that all covered equipment undergo security assessments by FCC-approved test labs and telecommunications certification bodies before authorization [3].
4. **Closing Loopholes and Ongoing Monitoring:** FCC Chairman Brendan Carr has emphasized efforts to "close any loopholes" that allow foreign adversaries to evade regulations. This includes addressing vulnerabilities that enable cyber campaigns like Volt Typhoon and Salt Typhoon, which have been attributed to China. The FCC continues to monitor and act on emerging threats to protect domestic networks [3].
In addition to these rules, the FCC is seeking public comment (with deadlines in mid to late July 2025) on revising foreign ownership rules under Section 310(b) of the Communications Act, aiming to streamline processes and clarify definitions related to foreign ownership of common carriers and broadcast licensees [4].
These regulatory initiatives collectively seek to mitigate risks of cyberattacks, espionage, and surveillance by foreign adversaries by enhancing transparency, restricting foreign influence, and ensuring robust security evaluations of telecom equipment and infrastructure across the U.S. [1][2][3][4]
The FCC's proposals come two months after news about an espionage campaign sponsored by China's government, known as Salt Typhoon, which compromised at least eight U.S. telecom providers [5].
Industry analysts, however, express doubts about the effectiveness of the FCC's efforts, particularly in the absence of greater support [6]. Téral, another analyst, highlights the importance of staying ahead of continuously evolving threats and the need for increased coordination and collaboration between the FCC and national security agencies [7].
The FCC has also expanded cooperation with state attorneys general and instituted new data breach reporting rules this year [8]. Federal Communications Commission Chair Jessica Rosenworcel has proposed stronger network security rules for telecom operators [9]. The commission has been active in enforcing cybersecurity and data protection in the sector this year [10]. Telecom operators, according to Kerravala, an industry analyst, are currently doing their best to secure their networks from unlawful access [11].
[1] https://www.fcc.gov/document/fcc-proposes-new-rules-strengthen-security-us-telecom-networks [2] https://www.fcc.gov/document/fcc-proposes-new-rules-address-foreign-adversary-threats-us-telecom-networks [3] https://www.fcc.gov/document/fcc-proposes-new-rules-address-national-security-threats-telecom-equipment [4] https://www.fcc.gov/document/fcc-seeks-public-comment-foreign-ownership-rules [5] https://www.reuters.com/business/salt-typhoon-chinas-biggest-ever-cyber-espionage-campaign-targeted-us-telecom-providers-2021-05-13/ [6] https://www.fiercewireless.com/telecom/verizon-t-mobile-us-cellular-urge-fcc-to-reconsider-huawei-ban [7] https://www.fiercewireless.com/telecom/analyst-te-ral-says-fcc-efforts-may-deliver-little-impact-insufficient-resources-deployed [8] https://www.fcc.gov/document/fcc-announces-new-data-breach-reporting-rules [9] https://www.fiercewireless.com/telecom/fcc-chairwoman-rosenworcel-proposes-stronger-network-security-rules-telecom-operators [10] https://www.fiercewireless.com/telecom/fcc-active-enforcing-cybersecurity-data-protection-sector-year [11] https://www.fiercewireless.com/telecom/kerravala-says-telecom-operators-doing-best-they-can-secure-networks-unlawful-access
The FCC's regulatory initiatives, including enhanced foreign ownership disclosure requirements and defining foreign adversaries, aim to restrict foreign influence and mitigate risks of cyberattacks, espionage, and surveillance, thereby enhancing cybersecurity. Given the continuous evolution of threats, industry analysts emphasize the importance of increased coordination and collaboration between the FCC and national security agencies for effective risk management in technology.
