When radio engineers get together and talk about cybersecurity, many shake their heads that there are still stations out there that haven’t taken basic steps to protect their key systems including emergency alerting.
A new reminder email has gone out to EAS participants in broadcasting and beyond, once again emphasizing the point. The email came from Lisa Fowlkes, chief of the FCC’s Public Safety and Homeland Security Bureau.
“We are aware of various reported instances of EAS equipment connected to the internet with weak or otherwise inadequate network security and/or unsecure device setting configurations that potentially leave them vulnerable to IP-based attacks,” she wrote.
“We remind EAS participants that if EAS equipment lacks basic security maintenance, it can be vulnerable to disabling or exploitive attacks.”
The email recommends that stations change default passwords, update their equipment with current security patches and secure EAS equipment is behind properly configured firewalls and other defensive measures.
[Related: Is Your EAS Equipment Secure?]
“The commission’s Communications Security, Reliability, and Interoperability Council IV (CSRIC IV) has developed several security best practices for EAS Participants, and we encourage all EAS participants to review them and implement those that apply to their situation.”
The best practices are discussed in a 2015 EAS report here, and are listed in detail in prior report here.
“If there are any questions regarding the security of EAS equipment, we encourage EAS Participants to contact their EAS equipment manufacturers,” she added. “We appreciate your efforts to make the EAS a vital, beneficial and secure national platform for the distribution of alerts that save lives and property.”
