The U.S. Federal Communications Commission (FCC) is currently undergoing a thorough review of submarine cable rules with a primary focus on enhancing security measures to address national security concerns. As part of this review, the FCC has mandated that all cable applicants and licensees must certify cybersecurity risk management plans. These plans are required to outline the specific risks, security controls, and measures in place to ensure the confidentiality, integrity, and availability of systems. Additionally, the FCC is proposing stricter reporting requirements and plans to clarify jurisdiction and data-sharing practices to strengthen oversight of submarine cable operations.
In order to further strengthen security measures, the FCC is recommending that applicants and licensees adhere to established frameworks such as the National Institute of Standards and Technology (NIST). They are also seeking feedback on whether specific risk management controls should be implemented to enhance security protocols. Furthermore, cybersecurity plans must be signed off by senior officials and customized to meet the individual needs of each organization.
One key aspect of the FCC’s initiative is to enhance communication infrastructure resilience by ensuring that applicants do not pass on cybersecurity risks to third-party entities. By proposing the maintenance of records for a minimum of two years and requiring the submission of risk management plans upon request, the FCC aims to update cybersecurity requirements to safeguard U.S. communication networks against evolving threats.
The Commission’s proposals underscore its continuous efforts to combat cybersecurity threats, particularly those posed by state-sponsored actors. Public input and feedback will play a crucial role in determining the efficacy of these measures in bolstering national security and infrastructure protection. Given the increasing global security threats, these regulatory changes are deemed essential in safeguarding critical communication networks and infrastructure.
As the FCC continues to prioritize cybersecurity as a top concern in the realm of submarine cable operations, the industry can expect to see a heightened emphasis on risk management, information sharing, and compliance with established security frameworks. By proactively addressing cybersecurity challenges, the FCC aims to fortify the resilience of communication infrastructure and mitigate potential security risks in an ever-evolving threat landscape.