A new optional approach to internal EAS operations is being advocated by the National Association of Broadcasters as a way to help broadcasters secure alerting equipment from cyberattack.
NAB says using software-based encoder/decoder technology would eliminate the need for physical EAS equipment and promote the aims of the FCC.
However, one EAS equipment manufacturer believes that “virtualization” proposals for EAS “would be inherently dangerous” and risk weakening both local and national EAS.
Using software-based tech for EAS is referred to as virtualization in the proponents’ comments. Broadly speaking, virtualization typically means that a particular function is no longer tied to a specific physical piece of equipment.
It’s common now for equipment providers to supply software that can run on a station’s servers. EAS functionality could be added to a piece of equipment in the air chain, observers say, similar to what Nielsen is doing by licensing its watermark technology to audio processor manufacturers, who put PPM encoding right in their products. Or the software could run in a standalone computer.
It presumably also could run in the cloud, although NAB did not specifically ask for that, according to a person familiar with the issue.
“Minor policy change”
The FCC has advanced its own ideas to secure EAS equipment from cyber threats, but broadcasters say the commission’s proposal in MB Docket 22-329 is unduly burdensome and expensive and would not improve security. It would require stations to report incidents of unauthorized access to internet-connected EAS equipment within 72 hours and file annual reports certifying that they are prepared for a cyberhack attempt.
NAB and others want the FCC to look at flexible alternatives, which is where the proposal to allow software-based EAS comes into play.
“We have joined with leading engineers and technologists in the broadcasting industry to identify one minor policy change that would substantially promote the FCC’s goal of enhancing the security of EAS,” NAB wrote to the commission, asking that stations and other EAS participants be allowed to use software-based EAS encoder/decoder technology in place of a physical device.
A virtualized EAS platform would receive and create alert messages just like the existing hardware system, it said, functioning independently within a station’s infrastructure.
NAB wrote that its idea would promote the “consideration of efficient, secure technologies that could enable flexibility for future enhancements of emergency messaging and other aspects of EAS, including centralized virtualization.” It said this “voluntary modernization” will better align EAS components with other modern broadcast systems.
“EAS is an unfortunate anomaly in the operation of today’s broadcast facilities, as nearly all other components of the broadcast operations chain are advanced, software-based virtualized technology, while the components that make up EAS do not currently have a clear roadmap out of a hardware-only based system,” NAB argued.
NAB listed several ways a software approach would promote the aims of the FCC:
- It would free stations from constraints of physical hardware, such as providing a safe, climate-controlled physical location for the box.
- Broadcasters running modern, IP-based air chains would no longer have to convert media content and EAS control signals to either wired analog or digital to feed into EAS boxes and then re-convert the signals back into IP for their air chains.
- Virtualization promotes reliability, NAB said, by providing flexibility for immediate fail-over using multiple instances of EAS software and enabling redundant, replicated systems to operate remotely in diverse geographic locations.
- A software-based approach would facilitate improved system monitoring and alerting through near real-time, automated collection of activity data.
- Software-based systems provide more flexibility to manage and route messaging to various broadcast streams, such as HD Radio main and multicast channels, for the benefit of public safety.
Cox Media Group told the FCC it sides with NAB. “The permissive use of a virtual EAS encoder/decoder would provide station licensees with many benefits, including streamlined operations and improved remote maintenance and control,” CMG wrote.
“Software-based EAS systems could be upgraded and repaired quickly and easily, reducing downtime and increasing the operational readiness and security of EAS equipment.”
(Addressing other aspects of the NPRM, CMG wrote that instead of adopting new notice and certification requirements, a more “cooperative” approach between broadcasters and the FCC would strengthen the alerting program.)
REC Networks, an advocate for LPFM stations that often comments on FCC technical matters, supports NAB’s suggestion and agrees such software-based arrangements can better mesh with a radio station’s network.
“This type of change would also better encourage additional developers to enter the EAS arena,” REC wrote. “Such software-based infrastructure can better integrate with radio automation systems and streamline the methods for delivery to EAS information on HD multicast streams.”
[See Our Business and Law Page]
National Public Radio also sees the benefits of a software-based EAS and believes it would permit stations with large coverage areas to better tailor alerts to those who really need them, guarding against EAS-alert fatigue while still being distributing alerts efficiently.
“And unlike the current dispersed approach, stations that chose to use software-based EAS could better tailor alerts without the significant additional costs,” NPR told the FCC.
“In addition, software-based EAS equipment could enable stations to pull from FEMA’s Integrated Public Alert and Warning System as the primary monitoring source, thereby enabling better audio quality and greater information in the broadcasted alerts.”
NAB considers its proposal a minor change. But EAS equipment manufacturer Digital Alert Systems expressed strong misgivings.
“We contend that virtualization as suggested would not improve security — rather it would lead to much weakened security and reliability of local and national EAS,” it wrote.
“The NAB suggestion grossly underestimates — and in fact ignores — the complications and glaring added risks of this approach.”
The EAS equipment manufacturer goes further: “Virtualization (in the form of moving critical EAS operations into a software-only or cloud environment) presents multiple challenges. Many experts in network operations have discussed the potential drawbacks of using a cloud computing system and host provider for critical operations.”
Digital Alert Systems says depending on the cloud network and risking potential server downtime are a not a good combination for reliable EAS.
Among its concerns is network connectivity dependency. “A virtualization of EAS is useless if there is no working internet connection,” it wrote.
Other issues include server downtime; lack of support; the cost of cloud computing services over time; and security. “We note that — tellingly — no proposal for virtualized services have stated how this would enhance the actual security of EAS.”
It also said moving EAS into a software-only environment raises the risk of SOUP, or “Software of Unknown Pedigree.” Such solutions, it said, risk bringing uncertified applications entering the EAS ecosystem.
Asked by Radio World to expand on its comments, the company’s Ed Czarnecki said, “We continue to work with the broadcast industry to field approaches that are helping to address some of these underlying challenges. EAS devices such as the DASDEC remain critical for on-site EAS functions, which we are complementing with virtualized services for system monitoring, management, reporting and remote software updating.”
He referred to this as “hybrid virtualization” and said the approach is widely used in cable TV. He also said hundreds of DASDEC units in the broadcast industry are using the company’s Collector and Halo services.
Sage Alerting Systems, also an EAS equipment manufacturer, mentioned virtualization only briefly in its own comments to the commission.
“As to virtualization of EAS, Sage looks forward to working with the FCC and EAS participants to support future directions of the broadcast industry while continuing to meet the needs of FEMA for dissemination of the Emergency Action Notification, and the needs of the other ‘legacy’ backup components of EAS,” it wrote.