HR1709-119

Passed House

To direct the Assistant Secretary of Commerce for Communications and Information to submit to Congress a report examining the cybersecurity of mobile service networks, and for other purposes.

119th Congress Introduced Feb 27, 2025

Summary

What This Bill Does

The Understanding Cybersecurity of Mobile Networks Act directs the Assistant Secretary of Commerce for Communications and Information, who leads NTIA, to submit a report within one year to the House Energy and Commerce Committee and the Senate Commerce, Science, and Transportation Committee. The report must examine the cybersecurity of mobile service networks and the vulnerability of mobile devices to cyberattacks and adversary surveillance. It must assess whether mobile service providers have addressed vulnerabilities identified by academic researchers, independent researchers, standards organizations, industry experts, NTIA, NIST, DHS, CISA, and the DHS Science and Technology Directorate. It must also discuss whether consumers, companies, and government agencies consider cybersecurity when buying mobile service or devices; whether tools and frameworks exist to evaluate cybersecurity risk and price tradeoffs; adoption of best practices and risk frameworks; encryption and authentication used in mobile service, equipment, phones, operating systems, software, and apps; barriers to stronger algorithms; authentication of legitimate network equipment; and prevalence, cost, availability, and adversary use of cell-site simulators. The report must consult FCC, NIST, the intelligence community, CISA, DHS Science and Technology Directorate, researchers, 3GPP, IETF, international stakeholders, the State Department, small and rural providers, equipment manufacturers, device makers, mobile operating-system developers, and other experts. It excludes 5G protocols and networks and focuses on real-world exploitable vulnerabilities or mitigated vulnerabilities.

Who Benefits and How

Mobile service customers, consumer device buyers, companies buying mobile service, government agency mobile users, congressional commerce committees, cybersecurity researchers, NIST, CISA, FCC, and standards bodies benefit from a consolidated federal assessment of legacy mobile-network risk, surveillance threats, encryption gaps, authentication tools, and provider practices. The report can help users and policymakers understand where mobile-network security is weak without waiting for a breach-specific investigation.

Who Bears the Burden and How

NTIA, the Department of Homeland Security, CISA, DHS Science and Technology Directorate, FCC, NIST, intelligence-community analysts, mobile service providers, rural mobile providers, small mobile providers, telecommunications equipment manufacturers, mobile device manufacturers, mobile operating-system developers, and communications software developers must provide technical input, document mitigation status, discuss barriers to stronger encryption and authentication, and respond to federal scrutiny of surveillance and interception risks.

Key Provisions

  • Requires NTIA and DHS to report within one year on mobile-service network cybersecurity and adversary surveillance risks.
  • Requires assessment of provider responses to vulnerabilities identified by researchers, standards bodies, industry experts, and federal agencies.
  • Requires discussion of customer cybersecurity decision-making, risk tools, best practices, encryption, authentication, and cell-site simulators.
  • Requires consultation with FCC, NIST, CISA, DHS Science and Technology Directorate, researchers, 3GPP, IETF, international stakeholders, providers, manufacturers, and software developers.
  • Limits the report to mobile service networks, excludes 5G protocols and networks, and focuses on real-world exploitable or mitigated vulnerabilities.

Evidence Chain:

This summary is generated from the full bill text using AI analysis. Expand "Detailed Analysis" below for identified beneficiaries/burden bearers with clause-level evidence links.

At a Glance

What This Bill Does

Requires NTIA, in consultation with DHS, to report to congressional commerce committees within one year on mobile-service network cybersecurity, mobile-device vulnerabilities, adversary surveillance tools, encryption and authentication practices, provider adoption barriers, and stakeholder consultation, while excluding 5G protocols and networks.

Key Policy Areas

Cybersecurity, Telecommunications, Consumer Protection

Primary Purpose

Requires NTIA, in consultation with DHS, to report to congressional commerce committees within one year on mobile-service network cybersecurity, mobile-device vulnerabilities, adversary surveillance tools, encryption and authentication practices, provider adoption barriers, and stakeholder consultation, while excluding 5G protocols and networks.

Policy Domains

Cybersecurity Telecommunications Consumer Protection

Substantive provisions

Identified Gains
  • Mobile service customers
  • Government agency mobile users
  • Congressional commerce committees
  • Cybersecurity researchers
  • National Institute of Standards and Technology
  • Cybersecurity and Infrastructure Security Agency
  • Federal Communications Commission
Model: codex-gpt-5 | Version: bill_summary_v2 | Source: ih
Mobile service customers:
Cybersecurity researchers:
Government agency mobile users:
Congressional commerce committees:
Federal Communications Commission:
National Institute of Standards and Technology:
Cybersecurity and Infrastructure Security Agency:
Identified Costs
  • National Telecommunications and Information Administration
  • Department of Homeland Security
  • Mobile service providers
  • Rural mobile providers
  • Telecommunications equipment manufacturers
  • Mobile device manufacturers
  • Mobile operating-system developers
Model: codex-gpt-5 | Version: bill_summary_v2 | Source: ih
Rural mobile providers:
Mobile service providers:
Mobile device manufacturers:
Department of Homeland Security:
Mobile operating-system developers:
Telecommunications equipment manufacturers:
National Telecommunications and Information Administration:

Legislative Progress

Passed House
Introduced Committee Passed
Jul 15, 2025

Received; read twice and referred to the Committee on Commerce, …

Jul 15, 2025 (inferred)

Passed House (inferred from eh version)

Jun 30, 2025

Additional sponsors: Mr. Fitzpatrick, Mrs. Houchin, and Mr. Nunn of …

Jun 30, 2025

Committed to the Committee of the Whole House on the …

Feb 27, 2025

Mr. Landsman (for himself and Mrs. Cammack) introduced the following …

Stakeholder Effects

cui bono?

How this legislation distributes effects. Mention counts reflect frequency, not effect magnitude.

Government
4 mentions across 1 clause
-4 negative

Cybersecurity and Infrastructure Security Agency, Department of Homeland Security, National Institute of Standards and Technology

Telecommunications
2 mentions across 1 clause
-2 negative

Mobile service providers, Rural mobile providers

Technology
2 mentions across 1 clause
-2 negative

Mobile operating-system developers, Telecommunications equipment manufacturers

General Public
1 mention across 1 clause
+1 positive

Mobile service customers

1/2
sections analyzed
Full impact breakdown
House Roll #191

On Motion to Suspend the Rules and Pass

Understanding Cybersecurity of Mobile Networks Act

Passed
360 Yea 10 Nay 61 Not Voting
Jul 14, 2025

Bill Structure & Actor Mappings

Who is "The Secretary" in each section?

Domains
Cybersecurity Telecommunications Consumer Protection
Actor Mappings
"assistant_secretary"
→ Assistant Secretary of Commerce for Communications and Information, the head of NTIA.

We use a combination of our own taxonomy and classification in addition to large language models to assess meaning and potential beneficiaries. High confidence means strong textual evidence. Always verify with the original bill text.

Learn more about our methodology