Regulatory Changes Impacting Cybersecurity Standards for ISPs

The Federal Communications Commission, or FCC, has voted to allow internet service providers and cellular carriers to monitor their own cybersecurity standards, reversing a rule that required them to meet minimum cybersecurity protocols.

According to CNET, this decision came after a vote that fell along party lines, with a two to one outcome. This ruling dismantles a requirement established just days before former President Donald Trump's inauguration, which mandated providers to issue an annual certification confirming they had implemented a cybersecurity risk management plan.

This requirement was a response to the Salt Typhoon cyberattack, which occurred in September of the previous year. Hackers linked to the Chinese government infiltrated the networks of major U.S. internet providers, including AT&T and Verizon, accessing millions of customers' call and text message metadata, and even audio recordings.

Cooper Quintin, a senior staff technologist at the Electronic Frontier Foundation, expressed strong concerns, stating, "This is rolling out the red carpet for another attack." Quintin highlighted the significant impact of the Salt Typhoon incident, cautioning that the lack of accountability for telecommunications companies could set a dangerous precedent.

FCC Chair Brendan Carr defended the new ruling, arguing that existing cybersecurity measures had already improved since the Salt Typhoon attacks, claiming the rules were no longer necessary. However, this assertion faced swift pushback from Democratic lawmakers, including Mark Warner, who emphasized the lack of a credible plan to address vulnerabilities exposed by the Salt Typhoon.

Senator Maria Cantwell criticized the FCC's decision, suggesting it was influenced by lobbying from the telecommunications industry. The industry, in fact, argued that the cybersecurity collaboration between government and private sector has made stringent regulations unnecessary and even harmful.

Quintin dismissed these claims, asserting that if reporting requirements made companies less secure, it indicated a fundamental flaw in their cybersecurity practices. The FCC's decision raises alarms not only for the telecommunications sector but also for everyday consumers.

With the rollback of these regulations, experts warn that individuals face increased risks of scams and cybercrime. Quintin highlighted potential threats like SIM swapping attacks and phishing scams. To mitigate these risks, he recommended several cybersecurity practices, including using strong, unique passwords, enabling multifactor authentication, and being vigilant against phishing attempts.

Additionally, utilizing a VPN can enhance personal security, especially in the wake of significant cyber threats. As the FCC steps back from monitoring the security of networks, the onus is now on consumers to safeguard their online presence.