I
119THCONGRESS
1
STSESSION H. R. 1709
To direct the Assistant Secretary of Commerce for Communications and
Information to submit to Congress a report examining the cybersecurity
of mobile service networks, and for other purposes.
IN THE HOUSE OF REPRESENTATIVES
FEBRUARY27, 2025
Mr. L
ANDSMAN(for himself and Mrs. CAMMACK) introduced the following bill;
which was referred to the Committee on Energy and Commerce
A BILL
To direct the Assistant Secretary of Commerce for Commu-
nications and Information to submit to Congress a report
examining the cybersecurity of mobile service networks,
and for other purposes.
Be it enacted by the Senate and House of Representa-1
tives of the United States of America in Congress assembled, 2
SECTION 1. SHORT TITLE. 3
This Act may be cited as the ‘‘Understanding Cyber-4
security of Mobile Networks Act’’. 5
VerDate Sep 11 2014 01:43 Mar 06, 2025 Jkt 059200 PO 00000 Frm 00001 Fmt 6652 Sfmt 6201 E:\BILLS\H1709.IH H1709
kjohnson on DSK7ZCZBW3PROD with $$_JOB 2
•HR 1709 IH
SEC. 2. REPORT ON CYBERSECURITY OF MOBILE SERVICE 1
NETWORKS. 2
(a) I
NGENERAL.—Not later than 1 year after the 3
date of the enactment of this Act, the Assistant Secretary, 4
in consultation with the Department of Homeland Secu-5
rity, shall submit to the Committee on Energy and Com-6
merce of the House of Representatives and the Committee 7
on Commerce, Science, and Transportation of the Senate 8
a report examining the cybersecurity of mobile service net-9
works and the vulnerability of such networks and mobile 10
devices to cyberattacks and surveillance conducted by ad-11
versaries. 12
(b) M
ATTERSTOBEINCLUDED.—The report re-13
quired by subsection (a) shall include the following: 14
(1) An assessment of the degree to which pro-15
viders of mobile service have addressed, are address-16
ing, or have not addressed cybersecurity 17
vulnerabilities (including vulnerabilities the exploi-18
tation of which could lead to surveillance conducted 19
by adversaries) identified by academic and inde-20
pendent researchers, multistakeholder standards and 21
technical organizations, industry experts, and Fed-22
eral agencies, including in relevant reports of— 23
(A) the National Telecommunications and 24
Information Administration; 25
VerDate Sep 11 2014 01:43 Mar 06, 2025 Jkt 059200 PO 00000 Frm 00002 Fmt 6652 Sfmt 6201 E:\BILLS\H1709.IH H1709
kjohnson on DSK7ZCZBW3PROD with $$_JOB 3
•HR 1709 IH
(B) the National Institute of Standards 1
and Technology; and 2
(C) the Department of Homeland Security, 3
including— 4
(i) the Cybersecurity and Infrastruc-5
ture Security Agency; and 6
(ii) the Science and Technology Direc-7
torate. 8
(2) A discussion of— 9
(A) the degree to which customers (includ-10
ing consumers, companies, and government 11
agencies) consider cybersecurity as a factor 12
when considering the purchase of mobile service 13
and mobile devices; and 14
(B) the commercial availability of tools, 15
frameworks, best practices, and other resources 16
for enabling such customers to evaluate cyber-17
security risk and price tradeoffs. 18
(3) A discussion of the degree to which pro-19
viders of mobile service have implemented cybersecu-20
rity best practices and risk assessment frameworks. 21
(4) An estimate and discussion of the preva-22
lence and efficacy of encryption and authentication 23
algorithms and techniques used in each of the fol-24
lowing: 25
VerDate Sep 11 2014 01:43 Mar 06, 2025 Jkt 059200 PO 00000 Frm 00003 Fmt 6652 Sfmt 6201 E:\BILLS\H1709.IH H1709
kjohnson on DSK7ZCZBW3PROD with $$_JOB 4
•HR 1709 IH
(A) Mobile service. 1
(B) Mobile communications equipment or 2
services. 3
(C) Commonly used mobile phones and 4
other mobile devices. 5
(D) Commonly used mobile operating sys-6
tems and communications software and applica-7
tions. 8
(5) A discussion of the barriers for providers of 9
mobile service to adopt more efficacious encryption 10
and authentication algorithms and techniques and to 11
prohibit the use of older encryption and authentica-12
tion algorithms and techniques with established 13
vulnerabilities in mobile service, mobile communica-14
tions equipment or services, and mobile phones and 15
other mobile devices. 16
(6) An estimate and discussion of the preva-17
lence, usage, and availability of technologies that au-18
thenticate legitimate mobile service and mobile com-19
munications equipment or services to which mobile 20
phones and other mobile devices are connected. 21
(7) An estimate and discussion of the preva-22
lence, costs, commercial availability, and usage by 23
adversaries in the United States of cell site simula-24
tors (often known as international mobile subscriber 25
VerDate Sep 11 2014 01:43 Mar 06, 2025 Jkt 059200 PO 00000 Frm 00004 Fmt 6652 Sfmt 6201 E:\BILLS\H1709.IH H1709
kjohnson on DSK7ZCZBW3PROD with $$_JOB 5
•HR 1709 IH
identity catchers) and other mobile service surveil-1
lance and interception technologies. 2
(c) C
ONSULTATION.—In preparing the report re-3
quired by subsection (a), the Assistant Secretary shall, to 4
the degree practicable, consult with— 5
(1) the Federal Communications Commission; 6
(2) the National Institute of Standards and 7
Technology; 8
(3) the intelligence community; 9
(4) the Cybersecurity and Infrastructure Secu-10
rity Agency of the Department of Homeland Secu-11
rity; 12
(5) the Science and Technology Directorate of 13
the Department of Homeland Security; 14
(6) academic and independent researchers with 15
expertise in privacy, encryption, cybersecurity, and 16
network threats; 17
(7) participants in multistakeholder standards 18
and technical organizations (including the 3rd Gen-19
eration Partnership Project and the Internet Engi-20
neering Task Force); 21
(8) international stakeholders, in coordination 22
with the Department of State as appropriate; 23
(9) providers of mobile service, including small 24
providers (or the representatives of such providers) 25
VerDate Sep 11 2014 01:43 Mar 06, 2025 Jkt 059200 PO 00000 Frm 00005 Fmt 6652 Sfmt 6201 E:\BILLS\H1709.IH H1709
kjohnson on DSK7ZCZBW3PROD with $$_JOB 6
•HR 1709 IH
and rural providers (or the representatives of such 1
providers); 2
(10) manufacturers, operators, and providers of 3
mobile communications equipment or services and 4
mobile phones and other mobile devices; 5
(11) developers of mobile operating systems and 6
communications software and applications; and 7
(12) other experts that the Assistant Secretary 8
considers appropriate. 9
(d) S
COPE OFREPORT.—The Assistant Secretary 10
shall— 11
(1) limit the report required by subsection (a) 12
to mobile service networks; 13
(2) exclude consideration of 5G protocols and 14
networks in the report required by subsection (a); 15
(3) limit the assessment required by subsection 16
(b)(1) to vulnerabilities that have been shown to 17
be— 18
(A) exploited in non-laboratory settings; or 19
(B) feasibly and practicably exploitable in 20
real-world conditions; and 21
(4) consider in the report required by sub-22
section (a) vulnerabilities that have been effectively 23
mitigated by manufacturers of mobile phones and 24
other mobile devices. 25
VerDate Sep 11 2014 01:43 Mar 06, 2025 Jkt 059200 PO 00000 Frm 00006 Fmt 6652 Sfmt 6201 E:\BILLS\H1709.IH H1709
kjohnson on DSK7ZCZBW3PROD with $$_JOB 7
•HR 1709 IH
(e) FORM OFREPORT.— 1
(1) C
LASSIFIED INFORMATION .—The report re-2
quired by subsection (a) shall be produced in unclas-3
sified form but may contain a classified annex. 4
(2) P
OTENTIALLY EXPLOITABLE UNCLASSIFIED 5
INFORMATION.—The Assistant Secretary shall re-6
dact potentially exploitable unclassified information 7
from the report required by subsection (a) but shall 8
provide an unredacted form of the report to the 9
committees described in such subsection. 10
(f) D
EFINITIONS.—In this section: 11
(1) A
DVERSARY.—The term ‘‘adversary’’ in-12
cludes— 13
(A) any unauthorized hacker or other in-14
truder into a mobile service network; and 15
(B) any foreign government or foreign 16
nongovernment person engaged in a long-term 17
pattern or serious instances of conduct signifi-18
cantly adverse to the national security of the 19
United States or security and safety of United 20
States persons. 21
(2) A
SSISTANT SECRETARY.—The term ‘‘Assist-22
ant Secretary’’ means the Assistant Secretary of 23
Commerce for Communications and Information. 24
VerDate Sep 11 2014 01:43 Mar 06, 2025 Jkt 059200 PO 00000 Frm 00007 Fmt 6652 Sfmt 6201 E:\BILLS\H1709.IH H1709
kjohnson on DSK7ZCZBW3PROD with $$_JOB 8
•HR 1709 IH
(3) ENTITY.—The term ‘‘entity’’ means a part-1
nership, association, trust, joint venture, corpora-2
tion, group, subgroup, or other organization. 3
(4) I
NTELLIGENCE COMMUNITY .—The term 4
‘‘intelligence community’’ has the meaning given 5
that term in section 3 of the National Security Act 6
of 1947 (50 U.S.C. 3003). 7
(5) M
OBILE COMMUNICATIONS EQUIPMENT OR 8
SERVICE.—The term ‘‘mobile communications equip-9
ment or service’’ means any equipment or service 10
that is essential to the provision of mobile service. 11
(6) M
OBILE SERVICE.—The term ‘‘mobile serv-12
ice’’ means, to the extent provided to United States 13
customers, either or both of the following services: 14
(A) Commercial mobile service (as defined 15
in section 332(d) of the Communications Act of 16
1934 (47 U.S.C. 332(d))). 17
(B) Commercial mobile data service (as de-18
fined in section 6001 of the Middle Class Tax 19
Relief and Job Creation Act of 2012 (47 U.S.C. 20
1401)). 21
(7) P
ERSON.—The term ‘‘person’’ means an in-22
dividual or entity. 23
(8) U
NITED STATES PERSON .—The term 24
‘‘United States person’’ means— 25
VerDate Sep 11 2014 01:43 Mar 06, 2025 Jkt 059200 PO 00000 Frm 00008 Fmt 6652 Sfmt 6201 E:\BILLS\H1709.IH H1709
kjohnson on DSK7ZCZBW3PROD with $$_JOB 9
•HR 1709 IH
(A) an individual who is a United States 1
citizen or an alien lawfully admitted for perma-2
nent residence to the United States; 3
(B) an entity organized under the laws of 4
the United States or any jurisdiction within the 5
United States, including a foreign branch of 6
such an entity; or 7
(C) any person in the United States. 8
Æ
VerDate Sep 11 2014 01:43 Mar 06, 2025 Jkt 059200 PO 00000 Frm 00009 Fmt 6652 Sfmt 6301 E:\BILLS\H1709.IH H1709
kjohnson on DSK7ZCZBW3PROD with $$_JOB