Cybersecurity oversight appears to be shifting under the Biden Administration, with the Federal Communications Commission (FCC) and Commerce Department’s National Telecommunications and Information Administration (NTIA) poised to take on a much larger role. While some of the agencies’ expanded cyber authority would be mandated under legislation working its way through Congress, the FCC is also exploring its own cybersecurity-related rulemakings.

House Committee Advances Cyber Bill Package

On July 21, 2021, the House of Representatives’ Energy and Commerce Committee advanced a package of eight cybersecurity bills aimed to improve the security of the country’s telecommunications networks and supply chains. "Collectively, these bills will only further our commitment to increasing the safety and security of our networks and supply chains, while at the same time increasing competition and innovation in the telecommunications marketplace," committee Chairman Frank Pallone (D-NJ) said in a press statement.

Below is a brief summary of the cyber legislation:

• Understanding Cybersecurity of Mobile Networks Act (H.R. 2685): The bill would require the NTIA to examine and report on the cybersecurity of mobile service networks and the vulnerability of these networks and mobile devices to cyberattacks and surveillance conducted by adversaries. 
• Secure Equipment Act of 2021 (H.R. 3919): The bill would direct the FCC to adopt rules to prohibit equipment authorization from companies on the Commission’s “Covered List.” The bill would prevent further integration and sales of devices from companies such as Huawei, ZTE, Hytera, Hikvision, and Dahua in the United States. The bill would specifically ensure the rules required do not apply retroactively. 
• Information and Communication Technology Strategy Act (H.R. 4028): The bill would direct the Secretary of Commerce, working through the Assistant Secretary for NTIA, to submit to Congress within one year a report analyzing the state of economic competitiveness of trusted vendors in the information and communication technology supply chain, identifying which components or technologies are critical or vulnerable, and identifying which components or technologies on which U.S. networks depend. It would also require the Secretary to submit to Congress, within six months after the report is submitted, a whole-of-government strategy to ensure the competitiveness of trusted vendors in the United States. 
• Open RAN Outreach Act (H.R. 4032): The bill would direct the NTIA Administrator to provide outreach and technical assistance to small communications network providers regarding Open Radio Access Networks (Open-RAN) and other open network architectures. 
• Future Uses of Technology Upholding Reliable and Enhanced Networks Act (FUTURE Networks Act) (H.R. 4045): The bill would require the FCC to create a 6G (sixth generation) Task Force.  The bill stipulates that the membership of the Task Force shall be appointed by the FCC Chair, and that the Task Force membership be composed, if possible, of representatives from trusted companies (meaning those not controlled by foreign adversaries), trusted public interest groups, and trusted government representatives with at least one representative from federal, state, local, and tribal governments. The Task Force would have to submit a report to Congress on 6G wireless technology, including the possible uses, strengths, and limitations of 6G. 
• NTIA Policy and Cybersecurity Coordination Act (H.R. 4046): The bill would authorize the existing NTIA Office of Policy Analysis and Development and rename it the Office of Policy Development and Cybersecurity. In addition to codifying the responsibilities of NTIA in administering the information sharing program in Section 8 of the Secure and Trusted Communications Act, the Office would be assigned functions to coordinate and develop policy regarding the cybersecurity of communications networks. 
• American Cybersecurity Literacy Act (H.R. 4055): The bill would require NTIA to develop and conduct a cybersecurity literacy campaign to educate U.S. individuals about common cybersecurity risks and best practices. 
• Communications Security Advisory Act of 2021 (H.R. 4067): The bill would codify an existing FCC advisory council, the Communications Security, Reliability, and Interoperability Council. It also requires biennial reporting to the FCC and public with recommendations to improve communications networks on such issues

The bills now head to the full House of Representatives.

FCC Proposing to Expand Cyber Regulations

The FCC is also exploring rulemakings that would expand its cyber oversight. In June, the Commission adopted a Notice of Proposed Rulemaking (NPRM) and Notice of Inquiry (NOI) that includes several rulemaking initiatives aimed at boosting cybersecurity, including a ban on equipment authorizations for devices deemed to pose a threat to national security. The NOI also solicited feedback on how the FCC can leverage its equipment authorization program to encourage manufacturers who are making devices that will connect to U.S. networks to incorporate cybersecurity standards and guidelines. In June, FCC Republican Nathan Simington publicly made the case for the FCC playing a greater role in safeguarding critical infrastructure from cyberattacks. "In this age of ransomware attacks, there's an ever-greater need for increased cybersecurity protections, and there's a specific role, I believe, for the FCC to play in looking at the signal side of cybersecurity," Simington said at a virtual event hosted by the Hudson Institute. "I believe that taking a close look at how receiver and physical device security standards can be improved at the FCC will help us find precise solutions to these issues."

If you have questions, please contact us

If you have any questions or if you would like to discuss the matter further, please contact me, Michael Sheppeard, or the Scarinci Hollenbeck attorney with whom you work, at 201-896-4100.