FCC rolls back telecom cybersecurity mandate
The FCC has rescinded its prior CALEA-based interpretation that effectively imposed cybersecurity obligations on telecom carriers, and has withdrawn a related rulemaking that would have set minimum security standards. This removes a key federal backstop on carrier security and shifts more responsibility for network protection onto enterprise architecture, contracts, and oversight. CIOs and CISOs should update risk models for carrier services, revisit SLAs, and double-check that segmentation and encryption strategies do not depend on a regulatory safety net that just disappeared.
Sources:
https://docs.fcc.gov/public/attachments/DOC-415455A4.txt
https://www.benton.org/headlines/fcc-corrects-course-outlines-improved-cybersecurity-measures
Draft executive order aims to preempt state AI laws
A leaked draft executive order under consideration at the White House would centralize AI regulation at the federal level by directing the Department of Justice and other agencies to challenge or sideline state AI laws, including by tying compliance to broadband funding. While not yet signed, the proposal underscores a push to rein in state-level rules on AI transparency, bias, and deepfakes. Enterprise leaders should scenario-plan for a world where state AI protections weaken even as public and board expectations for responsible AI continue to rise.
Sources:
https://www.reuters.com/business/urgent-trump-considering-executive-order-preempt-state-ai-laws-2025-11-19/
https://apnews.com/article/trump-executive-order-artificial-intelligence-ai-regulation-646de06404ba543dd7244d225fb27250
https://www.politico.com/news/2025/11/19/white-house-prepares-executive-order-to-block-state-ai-laws-00660719
NSA-directed AI security playbook moves forward in Congress
The bipartisan Advanced Artificial Intelligence Security Readiness Act would direct the National Security Agency to develop and publish an AI security playbook focused on protecting advanced U.S. AI technologies from foreign adversaries. If enacted, this framework is likely to influence future regulations, procurement language, and export-control expectations for AI systems. Organizations in defense, aerospace, and other sensitive sectors can gain an early advantage by aligning their own AI security practices with the themes emerging from this legislation.
AWS kills Amazon CodeGuru Security
AWS has ended support for Amazon CodeGuru Security as of November 20, 2025, making the console, APIs, and associated resources unavailable and pointing customers to alternative AWS services for code analysis. Any SDLC or audit control that depended on CodeGuru Security now requires a migration plan, along with a clear explanation of temporary risk to internal stakeholders and auditors. Mapping integration points, choosing replacement tools, and updating pipeline gates should be treated as an urgent DevSecOps initiative.
Sources:
https://docs.aws.amazon.com/codeguru/latest/security-ug/end-of-support.html
Quick Share–AirDrop interoperability raises new data-flow questions
Google has enabled Android’s Quick Share to interoperate with Apple’s AirDrop starting on Pixel 10 devices, using direct peer-to-peer connections rather than server relays. Google’s security and product blogs describe extensive threat modeling, Rust-based implementation, and third-party review, positioning the feature as private and secure by design. Even so, easier cross-platform file sharing can complicate data-loss prevention strategies and increase the risk of misdirected or shoulder-surfed transfers. Mobility and security teams should revisit MDM policies, DLP coverage, and user guidance in light of this new capability.
Sources:
https://blog.google/products/android/quick-share-airdrop/
https://security.googleblog.com/2025/11/android-quick-share-support-for-airdrop-security.html
New CISA ICS advisories hit real-world OT assets
CISA has released six new industrial control system advisories covering building automation systems, CCTV cameras, pneumatic controllers, and UPS monitoring tools widely deployed across commercial and industrial environments. Vulnerabilities range from unauthenticated access to remote command execution and exploitable buffer overflows. For organizations with any OT footprint, this is a call to refresh asset inventories, prioritize mitigation for high-impact vulnerabilities, and confirm that OT networks are segmented and monitored to contain compromise.
Sources:
https://www.cisa.gov/news-events/ics-advisories
AI-driven security automation: critical—but still stuck
A new ThreatQuotient and Securonix report on the evolution of cybersecurity automation and AI adoption finds that nearly all surveyed security leaders view automation as business-critical, yet almost all still face serious barriers to implementation. Challenges include technology limitations, lack of trust in automated decisions, and the integration and data-engineering work needed to make tools effective in complex environments. CISOs can use these findings to recalibrate leadership expectations, prioritize the highest-value use cases, and justify investment in consolidation and orchestration rather than standalone tools.
Sources:
https://www.threatq.com/news-feed/cybersecurity-teams-harness-automation-and-ai-to-drive-productivity-gains
https://www.securonix.com/resources/cybersecurity-automation-ai-2025-report/
Holiday ransomware and fraud surge around Black Friday and Cyber Monday
CYFIRMA’s latest threat-intelligence report highlights a surge in ransomware, phishing, and account-takeover activity aimed at retailers, e-commerce platforms, and shoppers during the Black Friday and Cyber Monday period. Adversaries are leaning on spoofed order emails, fake support messages, and brand impersonation while defenders are distracted by peak traffic. Retail and payments leaders should tighten authentication controls, enhance monitoring for brand abuse and unusual login patterns, and push rapid awareness messages to staff and customers. Non-retail organizations can expect similar holiday-themed phishing targeting employees.
Topics We’re Tracking (But Didn’t Make the Cut)
Dropped Topic: Senate oversight pushback on FCC cybersecurity rollback
Why It Didn’t Make the Cut: Closely related to today’s lead FCC story and would have been duplicative in a tight rundown.
Why It Caught Our Eye: Signals continuing political pressure on telecom cyber baselines and may shape future course corrections at the Commission.
Dropped Topic: Register commentary on Quick Share–AirDrop risk surface
Why It Didn’t Make the Cut: Adds color but doesn’t materially change today’s enterprise action items beyond the primary Google guidance.
Why It Caught Our Eye: Reinforces the need to treat new peer-to-peer features as part of your data-flow mapping, not just a convenience.
Quick Disclaimer and Sources Note: The author used AI in part to create this newscast. Our goal is to be transparent and show you how we sourced the info we used.
This newscast was developed using only public sources of information.
The Exchange Daily is a production of Metora Solutions. For more information about how to participate in this daily newscast, contact us at podcasts@metorasolutions.com.
