On March 13, 2025, the Federal Communications Commission’s (“FCC”) Chairman Brendan Carr announced the creation of a Council on National Security (the “Council”) with Adam Chan serving as the Director. This new Council will be comprised of eight Bureaus and Offices within the FCC and will “leverage the full range of the Commission’s regulatory, investigatory, and enforcement authorities to promote America’s national security and counter foreign adversaries . . . .” Notably, the FCC specifically indicated that this Council would focus “particularly on threats posed by the People’s Republic of China (“PRC”) and Chinese Communist Party (“CSP”).”
The FCC asserted the Council will have a three-part goal moving forward:
- Reduce the American technology and telecommunications sectors’ trade and supply chain dependencies on foreign adversaries,
- Mitigate America’s vulnerabilities to cyberattacks, espionage, and surveillance by foreign adversaries, and
- Ensure the U.S. wins the strategic competition with China over critical technologies, such as 5G and 6G, AI, satellites and space, quantum computing, robotics and autonomous systems, and the Internet of Things.
This announcement from the FCC comes off the cusp of other entities such as the CISA and FBI warning the public that PRC-affiliated threat actors, such as Salt Typhoon, compromised networks of major global telecommunications providers to conduct a broad and significant cyber espionage campaign. This espionage campaign was even characterized by one senior U.S. senator as the “worst telecom hack in our nation’s history . . . .”
Under the Biden Administration, the FCC also recognized the threat of PRC-affiliated cyber-attacks. In December 2024, the FCC indicated that it was “taking decisive steps to address vulnerabilities in U.S. telecommunications networks following the Salt Typhoon cyber-attack . . . .” The FCC informed the public that a U.S. agency confirmed reports that threat actors associated with the PRC infiltrated at least eight U.S. communications companies. At that time, the FCC attempted to take steps to mitigate these cyber-attacks such as proposing an annual certification requirement for communications service providers.
It is unclear at this time what actions the new Council will take to mitigate future attacks. However, it is clear that there is a persistent cyber threat to American companies that has remained a priority for the FCC even after a presidential administration transition. Companies, especially telecommunications companies, should remain vigilant against these attacks and stay up to date on how the Council proceeds in the future.
