U.S. Senator Maria Cantwell, the Ranking Member of the Senate Committee on Commerce, Science and Transportation, has voiced strong opposition to a move by Federal Communications Commission (FCC) Chairman Brendan Carr and the agency’s Republican majority to roll back network protection rules that were implemented following last year’s Salt Typhoon cyberattack.
The Salt Typhoon hack, attributed to Chinese state-sponsored actors, targeted major U.S. telecommunications networks such as AT&T and Verizon. While both companies stated in December 2024 that their networks were secure, experts maintain that vulnerabilities remain unaddressed. According to Sen. Cantwell, “With these highly sophisticated foreign threat actors, our efforts should be focused on further enhancing the cybersecurity of our critical infrastructure networks, not rolling back existing protections.”
Senator Cantwell previously requested documentation from AT&T and Verizon CEOs regarding steps taken to remediate vulnerabilities related to Salt Typhoon but reports that neither company has provided information. She noted that Carr’s draft ruling acknowledges ongoing exploitation of network weaknesses: “Experts agree that the attack has not been fully remediated from telecommunications networks, and Carr’s draft ruling concedes that vulnerabilities ‘are still being exploited.’”
Following the Salt Typhoon incident, which allowed hackers to access sensitive data including geolocation information for millions of Americans and wiretap systems used by law enforcement agencies, the FCC updated its interpretation of the Communications Assistance for Law Enforcement Act (CALEA). The January 2025 ruling required carriers to secure their networks against unlawful access or interception—a step described by Cantwell as aligning with current network realities.
Cantwell criticized Carr's proposal to reverse this requirement after lobbying from telecommunications companies whose systems had been breached: “Your proposal to rescind this ruling would undermine the FCC’s ability to hold carriers accountable for protecting our nation’s critical communications infrastructure,” she wrote. She also expressed concern about relying solely on voluntary collaboration with carriers rather than enforceable standards.
In her letter addressed directly to Chairman Carr, Cantwell said: “I am concerned that your move to drop cybersecurity requirements on carriers is part of a pattern of weakness on national security issues.” She cited previous instances where she believes Carr failed to support measures aimed at countering foreign influence in U.S. communications infrastructure.
Cantwell called for Chairman Carr to withdraw his draft ruling and maintain legal requirements obligating telecom companies to secure their networks: “I strongly encourage that you reverse course, withdraw the draft ruling, and maintain the FCC’s ruling that the telecommunications companies are required by law to secure their networks from unlawful access or interception of communications.”
The Senate Commerce Committee maintains oversight over the FCC. In her letter, Cantwell requested several documents from Chairman Carr by November 25—including any cybersecurity assessments conducted prior to proposing repeal of existing rules; evidence submitted by telecom providers regarding removal of Salt Typhoon hackers; and proof supporting claims about effective collaboration between regulators and industry.
She concluded her letter by emphasizing national security concerns tied directly both to recent cyberattacks and broader policy decisions affecting U.S. communications infrastructure.
