"FCC Proposes to Strengthen Cybersecurity of Emergency Alert Systems"

The Federal Communications Commission (FCC) recently voted to approve a notice of proposed rulemaking aimed at improving the cybersecurity of the nation's public warning system, in part by requiring Emergency Alert System (EAS) operators to report any breaches of their equipment to the agency within 72 hours. The proposal would require system participants to report any incident of unauthorized access to their EAS equipment to the commission within three days of learning or should have known that an incident had occurred. Participants would be required to notify the agency within that timeframe and provide information about the breach, regardless of whether or not the compromise resulted in the transmission of a false alert. The EAS and Wireless Emergency Alert (WEA) systems are used to communicate emergency information to the public, most often due to severe weather, disasters, or missing children. Local, state, and federal authorities issue the alerts, which are delivered via radio broadcasts, television, and mobile text messages. The proposed rule is believed to be justified given recent instances of false EAS alerts caused by compromised EAS equipment transmitting a false message, according to the FCC's notice of proposed rulemaking. The vote follows the Federal Emergency Management Agency's advisory on August 1 warning of certain vulnerabilities in EAS encoder/decoder devices that, if not updated to the most recent software versions, could enable a threat actor to issue EAS alerts over the host infrastructure (i.e., TV, radio, cable network). Previous incidents, both deliberate and unintentional, have highlighted the panic that false emergency alerts can cause. For example, in January 2018, a Hawaii emergency management employee sent out an alert incorrectly warning residents to seek shelter from an incoming ballistic missile. In 2020, a hacker breached a local cable TV emergency alert system in Washington state, sending out false warnings about a radiological emergency. This article continues to discuss the FCC's efforts to strengthen the security of the nation's alerting systems. 

NextGov reports "FCC Proposes to Strengthen Cybersecurity of Emergency Alert Systems"