Skip to main content
close search
site logo
Dive Brief

FCC enacts rule requiring telecom operators to secure networks

The agency’s declaratory ruling took effect Thursday, but the future outlook of that effort and a separate proposed rule remain uncertain under the incoming administration.

Published Jan. 17, 2025
Matt Kapko's headshot
Senior Reporter
Federal Communications Commission Chair Jessica Rosenworcel
Federal Communications Commission Chair Jessica Rosenworcel testifies before the House Energy and Commerce Committee's Communications and Technology Subcommittee on Dec. 5, 2019, in Washington, D.C. The FCC enacted a rule and proposed another designed to bolster the defenses of telecom networks on Jan. 16, 2025. Chip Somodevilla/Getty Images via Getty Images

Dive Brief:

  • The Federal Communications Commission on Thursday made good on a pledge it made last month to strengthen rules requiring telecom operators to secure their networks from attack or intercept. 
  • The declaratory ruling, which took effect immediately, clarifies that telecom operators are legally obligated to secure networks under Section 105 of the Communications Assistance for Law Enforcement Act. 
  • The FCC also published a notice of proposed rulemaking, which calls for a wide range of communications services providers to develop and implement cybersecurity and supply chain risk management plans.

Dive Insight:

The declaratory ruling and proposed regulation come three months after reports surfaced about an espionage campaign conducted by Salt Typhoon, a threat group sponsored by China’s government, that federal officials are still scrambling to assess and contain.

The federal agency took action four days before President-elect Donald Trump assumes office and FCC Chair Jessica Rosenworcel departs the agency.

“In light of the vulnerabilities exposed by Salt Typhoon, we need to take action to secure our networks,” Rosenworcel said in a Thursday statement. “Our existing rules are not modern. It is time we update them to reflect current threats so that we have a fighting chance to ensure that state-sponsored cyberattacks do not succeed. The time to take this action is now.”

Part of the FCC’s effort leans on executive accountability, including an annual certification to the agency attesting their organization has updated and implemented a cybersecurity risk management plan designed to improve defenses against future attacks. 

“The FCC’s actions today are an important step in securing the nation’s telecommunications infrastructure against the very real threat posed by the People’s Republic of China and other threat actors,” Cybersecurity and Infrastructure Security Agency Director Jen Easterly said in a statement.

Salt Typhoon compromised at least nine U.S. telecom companies in a campaign that went undetected for months and has been underway for up to two years, according to U.S. officials.

The notice of proposed rulemaking is now open for public comment, which means adoption, and any follow-through action or amendments will likely fall to new leadership at the FCC. 

Brendan Carr, Trump’s pick to chair the FCC and a member of the five-person commission since 2017, dissented against the proposed rule and said he will issue a separate statement at a later date.

The Biden administration took multiple actions in its final days to bolster cyber defenses, including an executive order requiring technology companies to develop more secure software. The future of these regulatory measures remain uncertain under the incoming administration.

Filed Under: Policy & Regulation

Editors' picks

Company Announcements

View all | Post a press release
Excelsior Orthopaedics Data Breach Investigation
From Migliaccio and Rathod LLP
January 08, 2025
Medusind Data Breach Investigation
From Migliaccio and Rathod LLP
January 08, 2025
American Trust Retirement Data Breach Investigation
From Migliaccio and Rathod LLP
January 07, 2025
Editors' picks
Latest in Policy & Regulation
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.