The U.S. Federal Communications Commission (FCC) is reviewing submarine cable rules to enhance security, focusing on national security concerns. The review mandates that all cable applicants and licensees certify cybersecurity risk management plans. These plans must address risks, security controls, and how they safeguard systems’ confidentiality, integrity, and availability. The FCC also proposes stricter reporting requirements and plans to clarify jurisdiction and data-sharing practices to strengthen oversight.
To further bolster security, the FCC suggests that applicants and licensees comply with frameworks such as NIST. They also seek feedback on whether specific risk management controls should be implemented. Cybersecurity plans must be signed by senior officials and tailored to each organization’s needs.
The FCC also aims to improve communication infrastructure resilience, ensuring that applicants don’t outsource cybersecurity risks to third parties.
Proposals also include maintaining records for two years and submitting risk management plans when requested. By updating cybersecurity requirements, the FCC seeks to protect U.S. communication networks against emerging threats.
The Commission’s proposals reflect its ongoing efforts to address cybersecurity threats, particularly those from state-sponsored actors. Public feedback will help determine the effectiveness of these measures. With security threats increasing globally, these changes are seen as crucial for protecting national infrastructure.
Reference: