FCC Cybersecurity Workshop for Broadcasters: Key Takeaways and Practical Guidance

June 3, 2026

On May 14, 2026, the Federal Communications Commission’s (FCC) Public Safety & Homeland Security Bureau (PSHSB) convened a Cybersecurity Workshop for Broadcasters, bringing together public- and private-sector stakeholders to discuss emerging cyber threats, share best practices, and explore opportunities for collaboration.[1] The broadcaster-focused workshop underscored the increasingly critical role of cybersecurity in safeguarding broadcast infrastructure.

Below, we summarize the workshop and provide key takeaways for broadcasters in this ever-evolving landscape.

Evolving Risks

Workshop participants identified a broad and increasingly complex range of cyber threats facing broadcasters of all sizes. These include:

  • Infrastructure-targeted attacks, aimed at the broadcast air chain, including studio-to-transmitter link (STL) hijacking and manipulation of Emergency Alert System (EAS) equipment.
  • Ransomware and malware, which can disrupt operations, compromise sensitive data, and result in financial losses.
  • Social engineering attacks, including phishing campaigns targeting company employees and help desks.
  • Denial-of-service attacks, which can undermine a station’s ability to stay on air.

Importantly, speakers emphasized that threat actors range from financially motivated criminals to politically motivated “hacktivists” and nation-state actors.

The workshop also homed in on artificial intelligence’s (AI) role in reshaping the threat environment. Participants highlighted that while AI can enhance defensive capabilities such as real-time threat detection, it can also enable more sophisticated attacks, including deepfakes, automated phishing campaigns, and adaptive malware.

How Broadcasters Can Develop a Risk Management Approach

A consistent takeaway from the workshop was that there is no single solution to cybersecurity risk. Instead, broadcasters should adopt a layered, “defense-in-depth” strategy tailored to their specific systems and risk profiles. Key elements of a risk management approach to cybersecurity can include the following measures, as appropriate to risk:

1. Governance and Planning

  • Develop a written cybersecurity risk management plan before incidents occur.
  • Ensure leadership engagement and accountability.
  • Identify key decision-makers and roles within the organization’s cyber incident planning and response framework.

2. Cyber Hygiene Practices

  • Implement strong authentication controls.
  • Patch and update systems.
  • Segment networks and secure critical assets.

3. Asset and Vendor Management

  • Maintain a clear inventory of IT and operational systems.
  • Monitor internet-facing assets and high-risk entry points.
  • Ensure vendors adhere to appropriate security controls.

4. Training and Culture

  • Conduct employee cybersecurity training, particularly with respect to phishing and social engineering.
  • Foster organization-wide awareness – cybersecurity is not solely an IT issue.

5. Incident Response Preparedness

  • Engage in proactive incident response planning, focusing on readiness rather than reactive measures.
  • Establish a core incident response team (e.g., IT, legal, communications, leadership).
  • Prepare for business continuity, including the ability to remain on air during an incident.

Speakers also emphasized that broadcasters – especially smaller entities – should take advantage of resources such as CISA guidance and insights from industry and information-sharing organizations.

Regulatory Considerations and Reporting Obligations

The FCC reiterated that broadcasters have specific reporting obligations in the event of certain cyber incidents. In particular, incidents involving the transmission of emergency alert codes or attention signals must be reported to the FCC.

Additionally, speakers flagged broader incident disclosure considerations, including potential obligations under U.S. Securities and Exchange Commission (SEC) rules for publicly traded companies, as well as reputational and operational risks tied to public disclosure decisions.

Conclusion

The FCC’s Cybersecurity Workshop reinforced that cybersecurity remains a core operational priority for broadcasters. As cyber threats increase in sophistication and frequency, the workshop conveyed examples of proactive steps broadcasters can take to secure their systems, protect audience trust, and ensure continuity of service. Moreover, these practices will help broadcasters prepare for potential new cyber incident reporting requirements that the U.S. Department of Homeland Security is working to implement through the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) rulemaking.

By implementing tailored risk management strategies, strengthening organizational preparedness, and engaging in ongoing collaboration with government and industry partners, broadcasters can better navigate today’s complex cybersecurity landscape.

***

Wiley’s Privacy, Cyber & Data Governance team has helped companies of all sizes from various sectors proactively address risks and compliance with cybersecurity laws and requirements, including FCC regulations. Additionally, Wiley’s Media Practice has a deep bench of attorneys with extensive experience counseling broadcasters and advocating for their interests before the Commission. For more information, please contact one of the authors listed on this alert.

[1] The FCC also held a companion workshop for telecommunications providers on May 15.

Wiley Connect

Sign up for updates

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek