FCC to Repeal Ruling on Securing Internet Provider Networks, Citing Industry Commitments
In a move that has sparked concerns about the future of cybersecurity in the US, the Federal Communications Commission (FCC) is set to vote in November to repeal a ruling that requires internet service providers (ISPs) to secure their networks. The decision follows extensive engagement with industry groups representing ISPs, who have committed to strengthening their cybersecurity defenses.
The FCC's January 2025 declaratory ruling was issued in response to attacks by China, including the Salt Typhoon infiltration of major telecom providers such as Verizon and AT&T. The ruling clarified that telecommunications carriers' duties under section 105 of the Communications Assistance for Law Enforcement Act (CALEA) extend not only to the equipment they choose to use in their networks but also to how they manage their networks.
However, cable, fiber, and mobile operators protested the decision, arguing that CALEA obligates providers only to facilitate lawful intercepts from law enforcement. They also claimed that the FCC lacks authority to promulgate technical standards under Section 105.
In a draft order that will be voted on in November, the FCC says it will rescind the declaratory ruling as unlawful and unnecessary, finding that the commission's interpretation of CALEA was legally erroneous and ineffective at promoting cybersecurity. The order also withdraws the Notice of Proposed Rulemaking, saying that the FCC will try to implement a targeted approach to promoting effective cybersecurity rather than a one-size-fits-all approach.
Industry groups have agreed to implement additional cybersecurity controls to harden their networks, including accelerated patching of outdated or vulnerable equipment, updating and reviewing access controls, disabling unnecessary outbound connections, and improving threat-hunting efforts. These commitments represent a significant change in cybersecurity practices compared to the measures in place in January.
The repeal of the ruling has sparked concerns about the future of cybersecurity in the US. Former FCC Chair Jessica Rosenworcel had defended the "common sense" ruling as necessary to protect networks against cyber threats, while current Chairman Brendan Carr appears to be satisfied that industry commitments make new rules unnecessary.
The decision is likely to have significant implications for the US's ability to respond to cyber threats and protect its critical infrastructure. As one expert noted, "the FCC's decision to repeal the cybersecurity rulemaking order sends a concerning message that the agency is willing to abdicate its responsibility to regulate the telecom industry in matters of cybersecurity."
In a move that has sparked concerns about the future of cybersecurity in the US, the Federal Communications Commission (FCC) is set to vote in November to repeal a ruling that requires internet service providers (ISPs) to secure their networks. The decision follows extensive engagement with industry groups representing ISPs, who have committed to strengthening their cybersecurity defenses.
The FCC's January 2025 declaratory ruling was issued in response to attacks by China, including the Salt Typhoon infiltration of major telecom providers such as Verizon and AT&T. The ruling clarified that telecommunications carriers' duties under section 105 of the Communications Assistance for Law Enforcement Act (CALEA) extend not only to the equipment they choose to use in their networks but also to how they manage their networks.
However, cable, fiber, and mobile operators protested the decision, arguing that CALEA obligates providers only to facilitate lawful intercepts from law enforcement. They also claimed that the FCC lacks authority to promulgate technical standards under Section 105.
In a draft order that will be voted on in November, the FCC says it will rescind the declaratory ruling as unlawful and unnecessary, finding that the commission's interpretation of CALEA was legally erroneous and ineffective at promoting cybersecurity. The order also withdraws the Notice of Proposed Rulemaking, saying that the FCC will try to implement a targeted approach to promoting effective cybersecurity rather than a one-size-fits-all approach.
Industry groups have agreed to implement additional cybersecurity controls to harden their networks, including accelerated patching of outdated or vulnerable equipment, updating and reviewing access controls, disabling unnecessary outbound connections, and improving threat-hunting efforts. These commitments represent a significant change in cybersecurity practices compared to the measures in place in January.
The repeal of the ruling has sparked concerns about the future of cybersecurity in the US. Former FCC Chair Jessica Rosenworcel had defended the "common sense" ruling as necessary to protect networks against cyber threats, while current Chairman Brendan Carr appears to be satisfied that industry commitments make new rules unnecessary.
The decision is likely to have significant implications for the US's ability to respond to cyber threats and protect its critical infrastructure. As one expert noted, "the FCC's decision to repeal the cybersecurity rulemaking order sends a concerning message that the agency is willing to abdicate its responsibility to regulate the telecom industry in matters of cybersecurity."
so basically the FCC is letting internet providers do whatever they want with their networks as long as they say they're doing something about it... like, yeah no thanks. 
i mean i get that industry groups have made some commitments but it's not enough. we need concrete steps taken to protect our online security, not just empty promises. 
what's wrong with a one-size-fits-all approach if it means everyone's networks are safer? 
. I mean, think about it - our internet providers are basically saying they can take care of their own security and we shouldn't worry about it? 
That doesn't sit well with me as a parent. What if my kid gets hacked while doing their homework online? It's not just about me, but all the parents out there who want to protect our kids from cyber threats.
. I get it, we don't want a bunch of red tape holding us back, but at the same time, we need to make sure our internet providers are doing everything they can to keep our networks safe.
. I hope these commitments from the ISPs actually stick and that we start seeing some real changes in cybersecurity practices. But for now, I'm just going to be extra vigilant about keeping my kid's online activities safe 
. So, basically the FCC is gonna repeal this ruling that required ISPs to secure their networks... and it's because they got a bunch of commitments from the industry groups 
. Like, cable and fiber operators are all like "we got this" 
. But seriously though, cybersecurity is a HUGE deal right now and I'm worried that by not having these rules in place, we're gonna be super exposed to cyber threats 
. The whole thing just feels like a giant leap backwards 
. We're so worried about national security that we're giving the internet providers, who are often the target of attacks, carte blanche to secure their own networks. It's like we're saying "good luck with that" 
. I mean, think about it - these guys have already proven they can't keep their networks safe, and now we're leaving it up to them to fix it? That's a recipe for disaster 
. And what's the industry's solution? Just making some token promises to patch things up 
. Where's the teeth in that? We need to hold these providers accountable for their own security, not just rely on their good intentions 
. It's time to take responsibility for our own cybersecurity - after all, we're the ones who'll be affected by a hack 
.
. And what about when a nation-state like China starts messing with our networks? Who's gonna pick up the slack then? 
This is a major concern and I'm not sure if industry commitments are enough to cover everyone off 
.
.
. They're relying on the industry to take care of themselves when it comes to cybersecurity? That's not good enough for me 
. We need stronger regulations in place to protect our info and infrastructure 
#FCC #Cybersecurity #InternetSecurity #HackersBeGone
The FCC's gotta do more than just trust that ISPs will be responsible for themselves. They need to make sure they're doing enough to protect us all 
.
.
. industry groups say they're committed to hardening their networks, but how can we trust that when we don't have any concrete evidence? 
this just feels like a power play by the FCC and industry groups 
. I mean, what's the point of even having a cybersecurity agency if they're just gonna let industry groups do whatever they want? It's like they think we won't notice or care that our networks are basically just begging for a cyber attack 
But at the same time, it's not entirely surprising - industry groups can be pretty powerful in shaping policy, and they've got some big names on board here. Still, it feels like a step backwards for cybersecurity efforts in this country... 
Do we really want to leave our internet security up to the mercy of a bunch of companies that might not even be doing it right? 
. It feels like they're trying to push the responsibility onto the commission rather than owning up to their own cybersecurity practices.
. If we can't even get some basic security measures in place at the industry level, how are we supposed to expect individual companies and organizations to take care of themselves? It's a slippery slope 
. Time will tell how this plays out, but I'm keeping an eye on it 
. I mean, we've seen what happens when they don't take security seriously β all those Chinese hackers getting in and causing chaos 
. In the meantime, I'll be keeping a close eye on things and hoping that someone keeps the bad guys in check 
. We need some real protection around here, not just a bunch of empty promises from ISPs.