FCC Responds to Cybersecurity Threats with CALEA Ruling

By: Casey Lide & Liam Fulling (Keller & Heckman)

In this piece for the Beyond Telecom blog, authors Casey Lide & Liam Fulling (Keller & Heckman) examine the FCC’s recent actions on cybersecurity and the evolving regulatory landscape for telecommunications providers.

Earlier this month, in the final days of Jessica Rosenworcel’s tenure as Chair of the Democrat-led FCC, the Commission issued a Declaratory Ruling affirming that Section 105 of the Communications Assistance for Law Enforcement Act (CALEA) requires telecommunications carriers to safeguard their networks from unlawful access and the interception of communications. In doing so, the FCC effectively positioned CALEA as a foundation for implementing additional cybersecurity regulations.

Alongside the ruling, the Commission adopted a Notice of Proposed Rulemaking (NPRM) aimed at extending cybersecurity and supply chain risk management requirements to a broader range of service providers.

Commissioners Carr and Simington dissented from both the Declaratory Ruling and the NPRM. While Commissioner Carr has frequently highlighted cybersecurity risks, particularly those posed by state-sponsored actors from the People’s Republic of China (PRC), it remains uncertain whether the newly GOP-led FCC will uphold these measures or take a different regulatory approach.

Background on CALEA

Enacted in 1994, CALEA mandates that telecommunications carriers and manufacturers of telecom equipment ensure law enforcement agencies have the necessary surveillance capabilities to monitor communications over their networks. Under the “substantial replacement” provision, the FCC has interpreted the term “telecommunications carrier” for CALEA purposes to include facilities-based broadband Internet access service (BIAS) and interconnected VoIP providers, extending its reach beyond traditional telecom services…

CONTINUE READING…