Artificial Intelligence is seen by many in radio and TV as a threat to their job security, while consumers are fretting over trust. Now, AI could bring another worry to radio and TV broadcasters, FCC Commissioner Olivia Trusty has shared.
In the view of the Republican votemaker at the Commissioner, AI tools are being used to mine public FCC filings to identify and specifically target communications infrastructure.
“Copper theft is the gateway,” Trusty said, while speaking at the 4th National Summit on Protecting Critical Communications Infrastructure in Philadelphia. “The onramp to something much more serious.”
Between June 2024 and June 2025, nearly 16,000 incidents of theft and vandalism targeted US communications infrastructure, disrupting service for approximately 10 million customers. In the first half of 2025 alone, there were 9,770 reported incidents, nearly double the prior six months. More than half of copper theft incidents are concentrated in California and Texas, but Trusty pushed back on any regional reading. In fact, rural America bears disproportionate exposure. “This is a nationwide crisis that impacts every state and every American in some form,” she said.
As for the AI angle, Trusty outlined four threat vectors: targeting optimization, in which AI mines publicly available data, including FCC filings, to identify high-value network nodes and pinpoint where a single attack causes maximum disruption; operational scaling, which lowers the barrier to coordinating simultaneous multi-site attacks; evasion, helping attackers analyze and avoid detection patterns; and what she called the dark web ecosystem, where AI tools and marketplace access together lower the barrier to entry for organized attacks. “We are not seeing widespread, confirmed misuse of AI in domestic infrastructure vandalism cases, yet,” Trusty said, “but the trajectory and potential for harm is clear.”
Trust called on Congress to pass H.R. 2784, the “Stopping the Theft and Destruction of Broadband Act,” which would extend federal criminal protections to private communications networks delivered by wire or radio. Whether traditional broadcast infrastructure falls clearly within the bill’s scope remains an open question, but its broader aim is to close the gap in federal law that currently protects government-operated systems far more robustly than privately owned networks.
As of Friday (6/5), H.R. 2784, introduced by Rep. Laurel Lee (R-Fla.), has 21 co-sponsors and has been referred to the House Judiciary Committee.
Currently, 28 states classify communications infrastructure attacks as felonies; Trusty noted that 22 have not, a gap she said bad actors are actively exploiting.
FCC ACTS TO HARDEN EAS SECURITY
In a direct response to a string of cyberattacks where bad actors exploited unsecured broadcast equipment to inject unauthorized audio, the FCC is moving to lock down the nation’s emergency alert infrastructure, and radio stations are on the clock to comply.
A Report and Order circulated ahead of the Commission’s June 25 open meeting would require all Emergency Alert System Participants, including radio broadcasters, to immediately implement three baseline cybersecurity measures: change all default passwords on EAS equipment before going to air, promptly install security patches and firmware updates as they become available, and place EAS equipment behind a network firewall or comparable segmentation practice that blocks unauthorized remote access.
The FCC cited incidents at KFNC “ESPN 97.5” in Houston and a Richmond-area NPR affiliate among recent examples.
The Commission framed the three requirements as a minimum baseline rather than a comprehensive framework, explicitly pulling back from a broader cybersecurity risk management plan mandate it had proposed in 2022 that drew industry pushback over cost and complexity. The order estimates compliance costs at no more than $1,000 per station and roughly 10 hours of labor per entity per year.
Alongside the cybersecurity rules, the FCC released a Further Notice of Proposed Rulemaking seeking comment on a broader EAS and Wireless Emergency Alert modernization agenda. Proposals include requiring digital signature authentication for all CAP-formatted EAS alerts, establishing a universal alert message identifier to suppress duplicate alerts, tightening WEA geotargeting by eliminating outdated exceptions tied to legacy networks and disabled location services, and requiring alert symbols to accompany EAS and WEA messages to aid comprehension.
The FNPRM also seeks comment on text-to-speech readout for earthquake alerts and the retirement of the 90-character WEA message requirement.
In a win for the NAB, the Commission formally granted NAB’s March 2025 petition to allow software-based EAS processing as an alternative to dedicated hardware, opening a rulemaking on the issue and proposing a certification framework for EAS software. iHeartMedia submitted comments in the proceeding advocating for resilience as a fourth core alerting goal, arguing that systems must remain functional when other emergency communications go down.
The cybersecurity rules take effect 90 days after publication in the Federal Register. Comment deadlines for the FNPRM are 30 and 60 days after Federal Register publication.
