FCC Proposes New Cybersecurity Mandates for Submarine Cable Operators in Major Rule Review, Seeks Public Input

By Anna Ribeiro, Industrial Cyber​
March 14, 2025

The U.S. Federal Communications Commission (FCC) is conducting its first comprehensive review of submarine cable rules since 2001 to enhance the protection of the nation’s submarine cable infrastructure amid evolving national security concerns. The review also proposes that all applicants for cable landing licenses and licensees submitting periodic reports must certify that they have developed and implemented cybersecurity risk management plans. Existing licensees must also provide this certification for the first time, following a prioritization schedule.

Additionally, applicants and licensees must confirm they take reasonable measures to protect the confidentiality, integrity, and availability of their systems. The cybersecurity plans should outline identified risks, mitigation controls, and how these controls are effectively applied. The Commission is seeking comments on these proposals.

The FCC review also aims to establish new rules for better safeguarding submarine cable infrastructure, including a proposed three-year reporting requirement for landing licenses and potential changes to the current 25-year license term. The FCC also seeks to clarify its jurisdiction and application requirements while aiming to improve circuit capacity data quality and facilitate information sharing with federal agencies to strengthen oversight of U.S. communications networks.

In a Federal Register notice published on Thursday, the FCC has called for comments from interested stakeholders, which must be submitted by April 14, 2025. Reply comments are due by May 12, 2025. Additionally, written feedback on the proposed information collection requirements under the Paperwork Reduction Act should be submitted by the public, the Office of Management and Budget (OMB), and other interested parties by May 12, 2025.

“Given the importance of cybersecurity, the Commission believes that the operation of submarine cable systems should meet baseline security requirements to safeguard systems against threats,” the notice explained. “The Commission believes these proposals are consistent with the National Cybersecurity Strategy and, in that connection, are in keeping with a whole-of-government effort to ‘establish cybersecurity requirements to support national security and public safety.’”

Also, the FCC expects that creating, updating, and implementing cybersecurity risk management plans would help protect applicants’ and licensees’ systems and services from serious threats to national security, public safety, and the economy. These proposals would require specific actions to protect communications networks and infrastructure and collaborating with communications sector industry members to identify best practices. The Commission seeks comment on these expectations and any national security, economic, or public safety benefits of effective cybersecurity practices and cybersecurity risk management for applicants and licensees.

Read more…