Sponsors (5)
The bill promises greater public transparency and coordinated cybersecurity best practices for mobile networks, but risks exposing vulnerabilities if reporting isn't carefully redacted, may omit important 5G risks, and will impose administrative costs on government and industry.
Consumers and small businesses will receive a public, unclassified assessment within one year that summarizes mobile-network cybersecurity practices (including providers' use of encryption and authentication), making it easier for buyers to compare security when purchasing services and devices.
State and local governments, and technology workers will benefit from federal consultation with agencies, standards bodies, researchers, and international stakeholders that can encourage coordinated industry adoption of cybersecurity best practices.
Consumers and technology workers could face increased exposure if public reporting of vulnerabilities (even redacted) reveals exploitable details unless redaction is complete and careful.
Consumers, small businesses, and state governments may receive incomplete or less useful risk information because the assessment's focus on non-5G 'mobile service networks' can leave gaps about modern 5G deployments.
State and local governments, and some tech staff will incur administrative burdens as NTIA, DHS, FCC, and providers must prepare the detailed report, consuming staff time and resources.
Based on analysis of 2 sections of legislative text.
Requires a one-year federal report assessing mobile network cybersecurity, encryption/authentication use, and interception tools (e.g., cell-site simulators), excluding 5G protocols.
Requires the Assistant Secretary (at Commerce/NTIA) to produce a congressional report within one year that assesses cybersecurity vulnerabilities in mobile service networks (excluding 5G protocols/networks), how providers have addressed known vulnerabilities, the use and availability of encryption and authentication, and the prevalence and risks of interception tools like cell-site simulators. The report must consult federal agencies, standards bodies, industry (including small and rural providers), manufacturers, OS and app developers, researchers, and relevant international partners. The report must cover customer awareness of cybersecurity when buying mobile services/devices, availability of evaluation tools, barriers to stronger encryption/authentication, provider adoption of best practices and risk frameworks, and whether device manufacturers mitigate certain vulnerabilities; it does not provide new funding or create new regulatory requirements—it is an informational assessment for two congressional committees.
Introduced February 27, 2025 by Greg Landsman · Last progress July 15, 2025