FCC Cybersecurity Workshop For Broadcasters: Key Takeaways And Practical Guidance

On May 14, 2026, the Federal Communications Commission’s (FCC) Public Safety & Homeland Security Bureau (PSHSB) convened a Cybersecurity Workshop for Broadcasters, bringing together public- and private-sector stakeholders to discuss emerging cyber threats, share best practices, and explore opportunities for collaboration.¹ The broadcaster-focused workshop underscored the increasingly critical role of cybersecurity in safeguarding broadcast infrastructure.

Below, we summarize the workshop and provide key takeaways for broadcasters in this ever-evolving landscape.

Evolving Risks

Workshop participants identified a broad and increasingly complex range of cyber threats facing broadcasters of all sizes. These include:

• Infrastructure-targeted attacks, aimed at the broadcast air chain, including studio-to-transmitter link (STL) hijacking and manipulation of Emergency Alert System (EAS) equipment.
• Ransomware and malware, which can disrupt operations, compromise sensitive data, and result in financial losses.
• Social engineering attacks, including phishing campaigns targeting company employees and help desks.
• Denial-of-service attacks, which can undermine a station’s ability to stay on air.

Importantly, speakers emphasized that threat actors range from financially motivated criminals to politically motivated “hacktivists” and nation-state actors.

The workshop also homed in on artificial intelligence’s (AI) role in reshaping the threat environment. Participants highlighted that while AI can enhance defensive capabilities such as real-time threat detection, it can also enable more sophisticated attacks, including deepfakes, automated phishing campaigns, and adaptive malware.

How Broadcasters Can Develop a Risk Management Approach

A consistent takeaway from the workshop was that there is no single solution to cybersecurity risk. Instead, broadcasters should adopt a layered, “defense-in-depth” strategy tailored to their specific systems and risk profiles. Key elements of a risk management approach to cybersecurity can include the following measures, as appropriate to risk:

1. Governance and Planning

• Develop a written cybersecurity risk management plan before incidents occur.
• Ensure leadership engagement and accountability.
• Identify key decision-makers and roles within the organization’s cyber incident planning and response framework.

2. Cyber Hygiene Practices

• Implement strong authentication controls.
• Patch and update systems.
• Segment networks and secure critical assets.

3. Asset and Vendor Management

• Maintain a clear inventory of IT and operational systems.
• Monitor internet-facing assets and high-risk entry points.
• Ensure vendors adhere to appropriate security controls.

4. Training and Culture

• Conduct employee cybersecurity training, particularly with respect to phishing and social engineering.
• Foster organization-wide awareness – cybersecurity is not solely an IT issue.

5. Incident Response Preparedness

• Engage in proactive incident response planning, focusing on readiness rather than reactive measures.
• Establish a core incident response team (e.g., IT, legal, communications, leadership).
• Prepare for business continuity, including the ability to remain on air during an incident.

Speakers also emphasized that broadcasters – especially smaller entities – should take advantage of resources such as CISA guidance and insights from industry and information-sharing organizations.

Regulatory Considerations and Reporting Obligations

The FCC reiterated that broadcasters have specific reporting obligations in the event of certain cyber incidents. In particular, incidents involving the transmission of emergency alert codes or attention signals must be reported to the FCC.

Additionally, speakers flagged broader incident disclosure considerations, including potential obligations under U.S. Securities and Exchange Commission (SEC) rules for publicly traded companies, as well as reputational and operational risks tied to public disclosure decisions.

Conclusion

The FCC’s Cybersecurity Workshop reinforced that cybersecurity remains a core operational priority for broadcasters. As cyber threats increase in sophistication and frequency, the workshop conveyed examples of proactive steps broadcasters can take to secure their systems, protect audience trust, and ensure continuity of service. Moreover, these practices will help broadcasters prepare for potential new cyber incident reporting requirements that the U.S. Department of Homeland Security is working to implement through the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) rulemaking.

By implementing tailored risk management strategies, strengthening organizational preparedness, and engaging in ongoing collaboration with government and industry partners, broadcasters can better navigate today’s complex cybersecurity landscape.

Footnote

1. The FCC also held a companion workshop for telecommunications providers on May 15.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.