Key points:
- The US federal government has rolled back mandates intended to protect critical infrastructure following the Salt Typhoon attacks, which impacted major US communication companies and potentially intercepted highly-sensitive information.
- The Federal Communication Commission (FCC) has reversed a January 2025 Declaratory Ruling requiring US telecom providers to adopt and certify stricter cybersecurity measures, citing that it was "unlawful and ineffective".
- The reversal has been met with criticism from security experts and lawmakers, who argue that it will leave the country less secure and vulnerable to future cyberattacks, particularly from Chinese nation-state hackers.
The US federal government has made a surprising move by rolling back mandates intended to protect critical infrastructure following the Salt Typhoon attacks. The Federal Communication Commission (FCC) has reversed a January 2025 Declaratory Ruling that required US telecom providers to adopt and certify stricter cybersecurity measures. This ruling was put in place to protect against "unlawful access and interception" of sensitive information, and was a response to the Salt Typhoon attacks that impacted major US communication companies, including AT&T, Verizon, and T-Mobile.
The Salt Typhoon attacks, which were disclosed in October 2024, allowed hackers to access core systems used by the US government and potentially intercept highly-sensitive information related to high-ranking officials. The attacks were carried out by a Chinese-backed group, which exploited vulnerabilities in the routers of telecom providers to move into other networks and access sensitive information. The FCC claimed that the Declaratory Ruling "misconstrued" the Communications Assistance for Law Enforcement Act (CALEA), and that it was "flawed" and "unlawful and ineffective". However, security experts and lawmakers are criticizing the move, saying that it will leave the country less secure and vulnerable to future cyberattacks.
The reversal of the Declaratory Ruling means that telecom providers will no longer be required to create, update, and implement cybersecurity risk management plans, and certify them annually. This has raised concerns among security experts, who argue that it will leave the country less secure and vulnerable to future cyberattacks. David Shipley, CEO of Beauceron Security, called the reversal "shockingly incompetent", particularly in light of the damage caused by Chinese nation-state hackers in the telecommunication sector over the past two years. Senator Maria Cantwell also expressed her opposition to the reversal, saying that it will leave Americans less protected than they were before the Salt Typhoon breach was discovered.
The FCC has taken some steps to improve security, including establishing a Council on National Security and adopting targeted rules for critical infrastructure. However, security experts argue that these measures are not enough to protect against the growing threat of cyberattacks. The FCC has also banned "bad labs", equipment-testing companies owned or controlled by foreign adversaries, from its equipment authorization program. This move is seen as a positive step towards improving security, but it is not enough to offset the risks posed by the reversal of the Declaratory Ruling.
As the US government continues to grapple with the threat of cyberattacks, the reversal of the Declaratory Ruling has raised concerns about the country’s ability to protect its critical infrastructure. The Salt Typhoon attacks have shown that the threat is real, and that the country needs to take strong measures to protect itself. The FCC‘s decision to reverse the Declaratory Ruling has been met with criticism, and it remains to be seen how the government will respond to the growing threat of cyberattacks. Microsoft, as a leading provider of cybersecurity solutions, has a critical role to play in helping to protect the country’s critical infrastructure from cyber threats. The company’s Azure cloud platform and Windows Server operating system are widely used by government agencies and private companies, and the company has a responsibility to ensure that its products and services are secure and reliable. By working together with the government and other stakeholders, Microsoft can help to protect the country’s critical infrastructure and prevent future cyberattacks.
Read the rest: Source Link
Don’t forget to check our list of Cheap Windows VPS Hosting providers, How to get Windows Server 2022, Try Windows 11 Pro for Workstations & browse Windows Azure content.
Remember to like our facebook and follow us on twitter @WindowsMode.