The law firm of choice for internationally focused companies

+263 242 744 677

admin@tsazim.com

4 Gunhill Avenue,

Harare, Zimbabwe

Trump Cybersecurity Policy Is Indistinguishable From A Foreign Attack – Above the Law

Posted on by TSA Press

Last
year
almost
a
dozen
major
U.S.
ISPs
were
the
victim
of a
massive,
historic
intrusion
by
Chinese
hackers who
managed
to
spy
on
public
U.S.
officials
for
more
than
a
year.
The
“Salt
Typhoon”
hack
was
so
severe,
the
intruders
spent
much
of
the
last
year
rooting
around
the
ISP
networks even
after
discovery.

AT&T
and
Verizon,
two
of
the
compromised
companies,
apparently didn’t
think
it
was
worth
informing
subscribers any
of
this
happened.
Many
of
the
attack
vectors
were
based
on
simple
things
like
telecom
administrators
failing
to
change
default
passwords
on
sensitive
hardware
entry
points.

The
hack,
caused
in
part
by
our mindless
deregulation
and
lax
oversight
of
telecom
monopolies,
only
saw
a
tiny
fraction
of
the
press
and
public
attention
reserved
for our
multi-year,
mass
hyperventilation
about
TikTok privacy
and
security.
But
on
their
way
out
the
door,
Biden
FCC
officials
did try
to
implement
some very
basic cybersecurity
safeguards,
requiring
that
telecoms
try
to
do
a
better
job
securing
their
networks
and
informing
customers
of
breaches.

Enter
the
Trump
FCC
under
Brendan
Carr,
which
is
now
rescinding
that
entire
effort because
lobbyists
at
AT&T,
Verizon,
Comcast,
and
Charter
told
them
to:


“The
Federal
Communications
Commission
will
vote
in
November
to
repeal
a
ruling
that
requires
telecom
providers
to
secure
their
networks,
acting
on
a
request
from
the
biggest
lobby
groups
representing
Internet
providers.”

In
a
folksy
Halloween blog
post,
Carr
tries
to
pretend
this
somehow improves cybersecurity.
According
to
Carr,
ISPs
pinky
swore
that
everything
is
fine
now,
and
frames
obvious
regulatory
capture
as
the
agency
being
more
“agile”:


“Following
extensive
FCC
engagement
with
carriers,
the
item
announces
the
substantial
steps
that
providers
have
taken
to
strengthen
their
cybersecurity
defenses. 
In
doing
so,
we
will
also
reverse
an
eleventh
hour
CALEA
declaratory
ruling
reached
by
the
prior
FCC—a
decision
that
both
exceeded
the
agency’s
authority
and
did
not
present
an
effective
or
agile
response
to
the
relevant
cybersecurity
threats. 
So,
we’re
correcting
course.”

Let
me
be
clear
about
something:
the
Biden
rules
were
the absolute
baseline
for
oversight
of
telecom,
basically
requiring
that
ISPs
do
the
absolute
bare
minimum
when
it
comes
to
securing
their
networks,
while
being
transparent
with
the
public
about
when
there’s
been
a
major
hack.
This
stuff
was
the bare
minimum,
and
the
U.S.
is too
corrupt to
even
do
that.

This
is
part
of
Carr’s
effort
to destroy
whatever
was
left
of
flimsy
U.S.
corporate
oversight
of
regional
telecom
monopolies so
he
can
ensure
he
has
a
cushy
post-government
job
at
a
telecom-funded
think
tank
or
lobbying
org.
To
that
end,
he’s
been
taking
a
hatchet
to
the
very
shaky
FCC
oversight
standards
that
already
helped
result
in
the
worst
hack
in
U.S.
telecom
history.

This
is,
you
might
recall,
the
same
guy
who
spent
the
last
few
years constantly
on
television
insisting
that
TikTok
was
the
greatest
cybersecurity
threat
facing
the
country,
proclaiming
he’d
be
using
nonexistent
authority
to
take
aim
at
the
company
(which,
as
we
found
out
later,
was
really
about offloading
TikTok
to
Trump’s
buddies and protecting
Facebook
from
competition it
couldn’t
out-innovate).

The
Trump
administration
has
also
gutted
government
cybersecurity
programs
(including
a
board
investigating
the
Salt
Typhoon
hack), dismantled
the
Cyber
Safety
Review
Board (CSRB)
(responsible
for
investigating
significant
cybersecurity
incidents),
and
fired
oodles
of
folks
doing
essential
work
at
the
Cybersecurity
and
Infrastructure
Security
Agency
(CISA).

Carr
is also
derailing
FCC
plans
to
impose
some
baseline
cybersecurity
standards
on
“smart”
home
devices based
on
some
completely
fabricated,
xenophobic
claims
about
one
of
the
planned
vendors
(again,
because
telecoms
simply
don’t
want any oversight
whatsoever).

It’s
yet
another
example
of
how
Trump
policy is
indistinguishable
from
a
foreign
attack.
In
many
ways
it’s
worse,
given
that
at
least
with
Russia,
Iran,
and
China,
you’re
spared
the
kind
of
phony
piety
and
sanctimony
coming
from
inside
your
own
house.


Trump
Cybersecurity
Policy
Is
Indistinguishable
From
A
Foreign
Attack


More
Law-Related
Stories
From
Techdirt:


Larry
Ellison’s
CBS
Acquisition
Leads
To
Mass
Layoffs
As
Bari
Weiss
Enjoys
$10k
A
Day
Security
Detail

USPTO
To
Re-Examine
Recently
Approved
Nintendo
Patent

NC
GOP
Threatens
ProPublica:
Drop
This
Story
Or
We’ll
Call
Trump
To
Punish
You