Cruz Raps FCC CALEA Declaratory Ruling Proposal; Carr Eyes Coordination on Salt Typhoon
Senate Commerce Committee ranking member Ted Cruz, R-Texas, during a Wednesday Communications Subcommittee hearing criticized FCC Chairwoman Jessica Rosenworcel’s draft declaratory ruling last week finding that Communications Assistance for Law Enforcement Act Section (CALEA) Section 105 requires telecom carriers to secure their networks against cyberattacks (see 2412050044). Republican FCC Commissioner Brendan Carr, President-elect Donald Trump’s pick to become chairman Jan. 20, told reporters Wednesday he believes the commission’s response to the Salt Typhoon Chinese government-affiliated effort at hacking U.S. telecom networks (see 2411190073) should focus on continuing to “closely” coordinate with other federal cyber-related agencies and identify vulnerabilities to the private sector.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
Senate Communications Chairman Ben Ray Lujan, D-N.M., and others during the hearing highlighted Congress’ likely impending passage of a compromise version of the FY 2025 National Defense Authorization Act with language allocating $3.08 billion to fully fund the FCC’s Secure and Trusted Communications Networks Reimbursement Program (see 2412070001). The House voted 281-140 Wednesday afternoon to pass the measure as a substitute amendment to the previously-cleared Wildlife Innovation and Longevity Driver Reauthorization Act (HR-5009). The attached Spectrum and Secure Technology and Innovation Act language in HR-5009 would give the FCC $3.08 billion in Treasury Department borrowing authority through 2033 for rip-and-replace reimbursements. HR-5009 would offset the rip-and-replace funding by authorizing the FCC to reauction the 197 AWS-3 licenses that Dish and affiliated designated entities returned to the commission last year.
Cruz signaled he is strongly against Rosenworcel’s CALEA Section 105 declaratory ruling, which he called “a Band-Aid at best and a concealment of a serious blind spot at worst.” He doubts “whether an annual certification is the right solution, as well as questions about the FCC’s technical expertise and legal authority on this matter. The FCC should not be using the waning days of this administration to rush into regulatory expansion.” The agency and lawmakers “need to fully address this issue in the next administration,” Cruz said: “In addition to plugging any holes, we should look at coordinating the cybersecurity tools we have already in place at DHS, [DOJ] and elsewhere. Where these conflict or overlap,” policymakers “should streamline and remove any chinks in the armor.”
Carr didn’t address Rosenworcel's CALEA proposal during a news conference after the FCC's Wednesday meeting but emphasized “we never should have been in this situation where these networks are compromised at this level.” Now “we have to get the horses back in the barn,” he said. “Job one needs to be … for the FCC to be at the table, closely coordinated with all of these other cyber-related agencies focused very, very narrowly on getting this thing under control.” The federal government also needs to “be feeding information directly to the C-suites and cyber officials at the targeted companies as we are identifying vulnerabilities … and remedies,” he said: “If there is any issue with respect to those entities taking remedial steps based on what we're seeing in real time, then we can sort of deal with that and address that on a separate track.”
Testimony
Pamir Consulting Chief Intelligence Officer James Mulvenon suggested Rosenworcel’s proposed declaratory ruling “does not seem to be proactive enough, given the seriousness of the” Salt Typhoon attack. “The FCC has direct regulatory oversight, particularly over CALEA compliance,” he said. “What I expected to see in their press release was a specific discussion of CALEA compliance and wiretapping compliance and certification from the carriers that they were engaged in fixing the problem right now, not some airy, fairy sort of annual certification.”
Sen. Ed Markey, D-Mass., emphasized “we urgently need to enhance our cybersecurity defenses to ensure a hack of this nature never happens again” and pressed witnesses on how the FCC should apply Rosenworcel’s proposed CALEA declaratory ruling. James Lewis, director of the Center for Strategic and International Studies' Strategic Technologies Program, praised Rosenworcel's proposal as a “good start” given the FCC’s role in ensuring that telecom companies are following the law.
Lujan said he’s “optimistic that there is now support” for the rip-and-replace funding in NDAA but emphasized Congress and others will need to take more action in response to Salt Typhoon. Affected companies “must do a full accounting of their network security practices to ensure they are ticking every single box,” he said: “As the pressure on our networks continues to increase, it is vital that federal partners do everything in their power to keep the bad actors out at every point of the supply chain.” He later told reporters he expects lawmakers will eventually eye legislation that addresses cyber deterrence and federal acquisition rules.
Lewis, Competitive Carriers Association CEO Tim Donovan and other witnesses highlighted congressional action on rip-and-replace funding as a major priority. “Strengthening our communications networks to ensure that all consumers have access to the latest fixed and mobile broadband services is critical to our national security, disaster preparedness and response, and economic growth,” Donovan told Senate Communications.