Rip-and-Replace Funding Boosters See Lame-Duck Momentum Amid Salt Typhoon Fallout
Some congressional backers of the FCC’s Secure and Trusted Communications Networks Reimbursement Program are beginning to see momentum turn toward including an additional $3.08 billion that will fully fund the initiative in an end-of-year legislative package (see 2411190064), but they aren’t guaranteeing success yet. Lawmakers and other rip-and-replace boosters hope congressional scrutiny of the Salt Typhoon Chinese government-affiliated effort at hacking U.S. telecom networks (see 2411190073) could be a tipping point for securing the funding after multiple spectrum legislative proposals, meant to pay for the program, stalled in recent years.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
FCC Chairwoman Jessica Rosenworcel, who was among federal officials who briefed senators about Salt Typhoon Wednesday afternoon, responded to the attack Thursday by circulating a draft declaratory ruling to commissioners finding that Communications Assistance for Law Enforcement Act Section 105 requires that telecom carriers secure their networks against cyberattacks. Rosenworcel also circulated an NPRM that would require providers to annually certify with the FCC that “they have created, updated, and implemented a cybersecurity risk management plan” to strengthen U.S. networks against future cyberattacks, the agency said. The FCC last month approved a submarine cable rules rewrite NPRM that eyes strengthening the infrastructure’s security (see 2411210006).
Cybersecurity and Infrastructure Security Agency Director Jen Easterly told reporters after the Wednesday briefing that the Department of Homeland Security-led Cyber Safety Review Board intends to formally launch a probe into the hack during a Friday meeting. She expects the board will issue recommendations by the end of 2025 on a response to the attack. “Obviously the seriousness of this merits” the probe and other federal work, Easterly said: CSRB didn’t initiate the investigation earlier because participating agencies were “still involved in the incident response.”
Intelligence Committee Chairman Mark Warner, D-Va., and other senators voiced anger and frustration after the Wednesday Salt Typhoon briefing about continued vulnerabilities in U.S. networks. Warner called the breach “far and away the worst telecom hack” and blamed major U.S. carriers for leaving “gaping holes” that China exploited. Warner told reporters he and other lawmakers are already writing a bill aimed at plugging identified vulnerabilities that they may seek to pass before year’s end. It’s “about as bad as it gets” given “how massive our telecommunications systems” are, said Senate Intelligence Vice Chairman Marco Rubio, R-Fla., who is President-elect Donald Trump’s secretary of state nominee.
Senate Commerce Committee Chair Maria Cantwell, D-Wash., cautioned Thursday that the rip-and-replace funding deficit didn't get attention when she attended the Wednesday briefing, but she said it remains a live issue in talks on year-end legislation. “People need to know whether we’re really having” an FY 2025 National Defense Authorization Act deal that could be a prime vehicle for moving the additional funding, Cantwell told us. “There could be some discussion” about that money if an NDAA deal appears likely. “We’ll deal with Salt Typhoon” more holistically next year, she said.
'Not There Yet'
Senate Communications Subcommittee Chairman Ben Ray Lujan, D-N.M., said he has detected momentum for rip-and-replace funding in recent days based on “many conversations that have been taking place in the Senate and the House.” Lujan said public scrutiny of Salt Typhoon and U.S. networks’ vulnerabilities means lawmakers “now see more urgency to make infrastructure investments” like the additional rip-and-replace funding. “There’s a lot that needs to be done in this particular space and I certainly hope” lawmakers’ feeling of urgency motivates them to move the rip-and-replace money during the lame-duck session, he said.
Lujan said there’s “broad … bipartisan support” for the rip-and-replace funding but cautioned it’s unclear yet whether House Speaker Mike Johnson of Louisiana and other chamber Republicans will agree to advancing the funding either via NDAA, a continuing resolution to extend federal appropriations past Dec. 20 or another vehicle. Johnson said Thursday he hopes House leaders will reach a deal on CR text over the weekend and release it “next week.”
Sen. Steve Daines, R-Mont., who led a letter last month pressing congressional leaders to let rip-and-replace funding ride on a year-end vehicle, is also optimistic. “I think we’re gaining ground,” he told us Thursday. “We’re not there yet, but we’re working on it.” Communications lobbyists we spoke with indicated momentum is clearly in favor of moving rip-and-replace via language from the Daines-led Supporting National Security with Spectrum Act (HR-9340/S-4049), which would allocate additional money and authorize the FCC to reauction the 197 AWS-3 licenses that Dish and affiliated designated entities returned to the commission last year (see 2403220056).
Senate Minority Whip John Thune, R-S.D., and Commerce ranking member Ted Cruz, R-Texas, are drawing less of a connection between Salt Typhoon and rip-and-replace funding. The Chinese-led breach is “certainly going to put an intense focus on our communications networks and how vulnerable they are to attack,” Thune told us. Cruz noted “rip and replace is an important priority that I think we will continue to see a serious focus on.” China’s “security threat profile is deeply concerning,” he said: “They invest significantly in hostile cyber activity, and we need to take that threat very seriously.”