[Congressional Record Volume 170, Number 85 (Thursday, May 16, 2024)]
[Extensions of Remarks]
[Pages E512-E513]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




      NATIONAL TELECOMMUNICATIONS AND INFORMATION ADMINISTRATION 
                      REAUTHORIZATION ACT OF 2024

                                 ______
                                 

                               speech of

                           HON. ANNA G. ESHOO

                             of california

                    in the house of representatives

                         Tuesday, May 14, 2024

  Ms. ESHOO. Mr. Speaker, I rise in strong support of H.R. 4510, the 
NTIA Reauthorization Act, bipartisan legislation to reauthorize the 
National Telecommunications and Information Administration (NTIA), 
update the statutory mission and policy of the agency, authorize 
certain offices and activities of the agency, and provide greater 
Congressional oversight of the NTIA. H.R. 4510 also contains two bills 
I introduced regarding Cybersecurity, the Understanding Cybersecurity 
of Mobile Networks Act, and the American Cybersecurity Literacy Act.


         The Understanding Cybersecurity of Mobile Networks Act

  Every day Americans make calls, send texts, and access data on 2G, 
3G, and 4G networks, yet we lack a comprehensive assessment of what 
vulnerabilities exist on these networks, what issues have been 
resolved, and where mobile cybersecurity policymaking should be 
focused. Since cellphones became common in the 1990s, government 
agencies, academics, think tanks, industry associations, and 
independent researchers have discovered various Cybersecurity 
vulnerabilities in our wireless networks. Wireless network companies, 
mobile device manufacturers, and other companies have responded to many 
of these vulnerabilities, but recent cybersecurity developments depict 
that vulnerabilities continue to exist in mobile cybersecurity. For 
example, Stingray's cell site simulators continue to intercept calls, 
texts, and mobile data of unwitting victims; SIM swaps are increasing 
as a means of identity fraud; and mobile spyware made by NSO Group and 
others have threatened the safety of journalists, activists, 
dissidents, and government officials around the globe. In each of these 
instances companies have taken certain actions to mitigate threats, but 
we lack a sophisticated, comprehensive, and independent assessment of 
what vulnerabilities persist, what issues have been resolved, and where 
mobile cybersecurity policymaking should be focused.
  The Understanding Cybersecurity of Mobile Networks Act solves this 
lack of information. The legislation requires the National 
Telecommunications and Information Administration (NTIA), in 
coordination with the Department of Homeland Security (DHS), to conduct 
a comprehensive study on the cybersecurity vulnerabilities of our 2G, 
3G, and 4G networks.
  Specifically, the study will include an assessment of responses to 
known vulnerabilities and deployment of best practices, an estimate of 
the prevalence of effective encryption and authentication techniques,

[[Page E513]]

along with a discussion of barriers to adopting more efficacious 
techniques; a discussion of the prevalence, costs, availability, and 
usage of cell site simulators and other surveillance and interception 
technologies.
  In addition to coordinating with DHS, the NTIA is required to consult 
the various federal agencies with relevant expertise . . . academic and 
independent researchers, multistakeholder and international 
organizations, and industry groups. While the report will be public, it 
will include a classified annex so details about vulnerabilities that 
could aid our adversaries are not publicized.


                The American Cybersecurity Literacy Act

  Cyberattacks and data breaches are increasingly common, costing 
private companies and consumers billions of dollars and exposing the 
private information of countless Americans. As attackers become more 
sophisticated, Americans must have the tools to identify risks and 
protect themselves from attacks.
  The American Cybersecurity Literacy Act requires the NTIA to conduct 
a public education campaign to improve cyber literacy of the American 
populace by providing information about common cybersecurity risks and 
best practices that can mitigate those risks. When the government or 
private businesses identify Cybersecurity risks, they are only fighting 
half the battle. Consumers have to be able to protect themselves from 
those risks, and this bill will give them the information to do so.

                          ____________________