FCC Approves Sweeping Cybersecurity Overhaul for Emergency Alert Systems and Undersea Cables
The FCC voted Thursday to mandate strong passwords, patching, and firewalls for the Emergency Alert System and Wireless Emergency Alerts, while simultaneously overhauling decades-old undersea cable regulations to tighten supply-chain security.
The Federal Communications Commission approved new rules Thursday that significantly boost cybersecurity requirements for the nation's emergency alert infrastructure and modernize security regulations for the submarine cable network that carries the bulk of global internet traffic. The twin rulemakings address long-standing vulnerabilities in systems that millions of Americans rely on for life-saving information.
The new rules target the Emergency Alert System (EAS) and Wireless Emergency Alerts (WEA), which state and local authorities use to disseminate weather warnings, AMBER alerts, and other urgent messages via radio, television, and text. The FCC noted that a compromise of either system by a foreign government, cybercriminal group, or other rogue actor could be exploited to sow chaos and disinformation during emergencies or impede coordination in genuine crises.
The core requirements amount to basic cyber hygiene: operators must use strong passwords, promptly install security patches from vendors, and deploy firewalls to limit access to their equipment. More notably, the rule creates a new authentication ID system designed to verify alerts before they are submitted, preventing unauthorized or duplicate alerts from spreading through the nation's alert networks. FCC Commissioner Olivia Trusty said in a statement that the comprehensive review focused on the security of the EAS framework itself, as threats continue to evolve.
In a separate but equally significant move, the Commission passed the first comprehensive update to submarine cable regulations in decades. The new framework aims to balance national security concerns with the need to accelerate licensing for trusted operators. Undersea cable providers that can self-certify to what the FCC called "high security standards" will be presumptively exempt from the stringent Team Telecom interagency reviews that have historically been required for all cable landing applications.
The exemptions apply only to operators with a clean track record—those that have operated cables without incident, can certify to the highest national security standards, and agree to ongoing oversight and monitoring. At the same time, the FCC tightened oversight elsewhere: owners and operators of submarine line terminal equipment, which connects undersea cables to land-based facilities in the U.S., will now be subject to a new licensing requirement. The rule also updates supply-chain safeguards covering principal equipment, third-party service providers, and other areas of concern.
The dual rulemakings reflect growing recognition that critical infrastructure—whether emergency communication systems or the physical backbone of the internet—faces increasingly sophisticated threats. By mandating authentication for alerts and streamlining security reviews for trusted cable operators while tightening rules for critical equipment, the FCC is attempting to modernize protections without imposing unnecessary burdens on compliant providers.