WASHINGTON, July 15, 2025 — The Federal Communications Commission’s new Council on National Security is sharpening its focus on telecommunications supply chain threats, according to Joshua Levine, a research fellow at the Foundation for American Innovation.
Speaking at Broadband Breakfast Live Online on June 18, 2025, Levine outlined the council’s three-part mission under FCC Chairman Brendan Carr: strengthening secure telecom supply chains, defending U.S. networks from cyberattacks, and competing technologically with the People’s Republic of China.
“This is about securing what goes into our networks—not just the obvious equipment, but the firmware, hardware providers, and even testing labs,” Levine said.
Broadband Breakfast on June 18, 2025 – Solving Cybersecurity Challenges
This BroadbandLive session will examine how policymakers are addressing cybersecurity challenges through regulation, interagency collaboration, and new oversight structures.
Expanding efforts to root out foreign threats
The council builds on years of FCC action targeting telecommunications equipment from what the agency calls “countries of concern”—including China, Russia, Iran, North Korea, Cuba, and Venezuela. This includes expanding the FCC’s “covered list” of banned vendors, administering the rip-and-replace program, and tightening oversight of undersea cable systems.
In one recent move, the FCC barred untrustworthy foreign labs from participating in the equipment authorization process. “They’re creating two separate lanes of equipment providers,” Levine explained—those deemed secure, and those excluded from U.S. networks.
Policy shift under new FCC leadership
The council reflects a broader shift in cybersecurity strategy under the new Republican-led FCC. Levine said Commissioner Carr has pushed back on efforts by the previous Democratic majority to expand cybersecurity mandates under the Communications Assistance for Law Enforcement Act (CALEA).
“Chairman Carr has been quite critical,” Levine said, “arguing that those moves overstepped the original intent of the law.”
Instead, the commission is emphasizing supply chain restrictions and vendor accountability—an approach more targeted than sweeping regulatory mandates.
Shared responsibilities between government, industry, and users
ISPs still have a central role to play. “Providers should be designing their networks with cybersecurity in mind,” Levine said. The FCC now requires ISPs to submit security frameworks outlining their risk management strategies.
But Levine also emphasized personal responsibility: “As much as the government does have a role to play here, it really is on consumers and individuals to practice good cyber hygiene.”
Full event video
