Chairwoman Rosenworcel Announces Agency Action to Require Telecom Carriers to Secure Their Networks

Following recent reports involving an intrusion by foreign actors into U.S. communications networks, FCC Chairwoman Jessica Rosenworcel announced the agency has taken action to safeguard the nation’s communications systems from real and present cybersecurity threats, including from state-sponsored cyber actors from the People’s Republic of China. The FCC adopted a Declaratory Ruling finding that section 105 of Communications Assistance for Law Enforcement Act (“CALEA”) affirmatively requires telecommunications carriers to secure their networks from unlawful access or interception of communications. That action is accompanied by a proposal to require communications service providers to submit an annual certification to the FCC attesting that they have created, updated, and implemented a cybersecurity risk management plan, which would strengthen communications from future cyberattacks. The Declaratory Ruling takes effect immediately.  The Notice of Proposed Rulemaking invites comment on cybersecurity risk management requirements for a wide range of communications providers.  The Notice also seeks comment on additional ways to strengthen the cybersecurity posture of communications systems and services.