Understanding Cybersecurity of Mobile Networks Act

The Understanding Cybersecurity of Mobile Networks Act would require the Assistant Secretary of Commerce for Communications and Information, in coordination with the Department of Homeland Security, to produce a comprehensive report for Congress within one year. The report would analyze how secure mobile service networks are today, where they remain vulnerable to cyberattacks or surveillance by adversaries, and how well current encryption and authentication practices protect mobile devices, networks, and users. It would also examine consumer and government considerations when purchasing mobile services or devices, the availability of risk-evaluation tools, and the barriers to upgrading cryptographic standards. The bill limits its scope to mobile service networks (explicitly excluding 5G protocol considerations) and focuses on vulnerabilities demonstrated outside of lab settings or that could be feasibly exploited in real-world conditions. The bill would require extensive consultations with federal agencies, industry, researchers, and international partners, and would result in an unclassified report with a possible classified annex. It would redact potentially exploitable unclassified information but provide an unredacted version to Congress. By gathering and presenting findings on vulnerabilities, encryption, surveillance technologies (like IMSI catchers), and the adoption of best practices, the act aims to inform future policy, standards, and consumer protections related to mobile cybersecurity.