FCC Tightens Undersea Cable Rules, Bans Foreign Equipment and Licenses Terminal Gear
What Happened — The FCC voted to require licensing of submarine line‑terminal equipment (SLTE) and to prohibit Chinese and other “foreign‑adversary” firms from supplying related products. Operators that can certify high‑security standards and a clean incident record may qualify for an expedited review, but all owners must accept ongoing FCC oversight.
Why It Matters for Compliance & Audit Readiness —
- The rule creates a de‑facto vendor‑risk control that mirrors SOC 2 CC6.1 (Third‑Party Management) – you’ll need documented due‑diligence on equipment suppliers.
- Continuous licensing and oversight generate audit‑ready evidence of supply‑chain vetting, useful for both internal controls and external SOC 2 examinations.
- Exemptions hinge on demonstrable security certifications, pushing organizations to maintain up‑to‑date attestations and monitoring programs.
Who Is Affected — Telecommunications carriers, data‑center operators, cloud providers, and any enterprise that relies on undersea‑cable connectivity (e.g., SaaS, fintech, media streaming).
Recommended Actions —
- Map SLTE suppliers to your vendor‑risk register and update contracts to reflect licensing requirements.
- Conduct a gap analysis against SOC 2 CC6.1 to ensure you can produce continuous evidence of supplier assessments.
- Prepare for periodic FCC‑mandated audits by establishing a repository of security certifications and incident‑free records.
Source: The Record
Technical Notes — The FCC’s focus is on the physical and firmware integrity of SLTE, which connects submarine cables to terrestrial networks. The rule bans equipment from Huawei, ZTE, China Telecom, China Mobile and any other entity designated a foreign adversary. No specific CVEs are cited, but the policy addresses both cyber and physical attack vectors on critical infrastructure. Source: FCC press release