The short answer is probably not, but it’s a matter that bears watching.

If you haven’t been following this, here’s what’s happened:

At the end of the Biden Administration, the Federal Communications Commission imposed tough new requirements for telecommunication companies to shore up their cybersecurity infrastructure and practices. In doing so, they cited the 1994 Communications Assistance for Law Enforcement Act, which requires them to “secure their networks from unlawful access or interpretation of communications.”

This came in the wake of 2024’s infamous Salt Typhoon espionage campaign, which was almost certainly perpetrated by Chinese state actors. Salt Typhoon breached the telecoms’ networks and allowed the Chinese Communist Party to steal a lot of sensitive information.

So that’s the background. On November 20, the FCC reversed that order and eliminated the requirements.

Madness?

According to the telecoms, the requirements are doing more harm than good because a) they are already making progress on patching, eliminating unnecessary network connections and improving threat-hunting; and b) the requirements forced them to spend a lot of time and money on issues that were really not the core concerns.

Commissioners Brendan Carr and Olivia Trusty voted to rescind the requirements. Commissioner Anna Gomez voted to keep them, declaring:

“If voluntary cooperation were enough, we would not be sitting here today in the wake of Salt Typhoon. Partnership and collaboration that carry no enforceable accountability are insufficient by design. Simply trusting industry to police itself is an invitation for the next breach.”

I’m not sure that’s true. Companies in just about every industry are shoring up their cybersecurity practices and infrastructure, not because government is forcing them to do it but because they recognize the danger of a ransomware attack, a data breach, a denial-of-service attack or the creation of deep fakes that can misdirect employees or facilitate a major financial heist.

Even so, it’s worth asking the telecoms: If you weren’t prepared for Salt Typhoon, why should anyone be confident you know how to prepare for the next attack? Salt Typhoon was such a comprehensive and insidious attack, it is believed it has still not been completely ejected from many of these telecoms’ systems.

I’m sure the telecoms don’t want to get hit like this again, and they don’t need the FCC forcing them to take that danger seriously. And maybe they’re right when they say the regulations are just wasting time and money they’re already trying to put into better solutions.

But it’s hard to take anyone seriously when they say, “Trust us, we know what we’re doing,” and it was just last year that Chinese hackers definitively proved they did not know what they were doing.

Here at CyberSynergies, we know what we’re doing and we’re ready to help you guard your own system from cyberattackers. Call us at 616.217.3019 or email dacarey@cybersynergies.io.