Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now


FCC Looks to Harden Alerting IP Backbone

PSHSB’s Simpson says agency working with CSRIC to close “readiness gaps” that led to EAS hacking in 2013

State and local regulators are the “cops on the beat” for public safety and the FCC relies on such regulators to maintain the security of its emergency alerting infrastructure. That’s especially important as alerting infrastructure relies more on IP-based networks, said Public Safety & Homeland Security Bureau Chief retired Rear Adm. David Simpson.

Speaking to the National Association of Regulatory Utility Commissioners meeting in Dallas this week, Simpson said: “But with brilliant innovation comes a new set of challenges: ensuring that public safety authorities are accessible in times of crisis, creating a safe communications environment that enables us to conduct business without fear that our personal information will be stolen, and ensuring that new IP-based networks are reliable and resilient. As technology advances create new and unforeseen seams, we need to work together with the states to ensure that accountability across jurisdictions is not diluted.”

He referenced the advisory group on alerting, the Communications Security, Reliability and Interoperability Council, which recently delivered several reports to the commission on hardening different aspects of alerting, including cybersecurity. That’s key, considering the 2013 incidents at stations in California, Montana, Utah, Michigan, and New Mexico in which a hacker gained entry into the EAS systems via the Internet and tried to transmit a fake “zombie” alert. We reported at the time some of these stations were successful in preventing the fake alert from being transmitted, while others were not. Simpson said the FCC is working with CSRIC “to close the cyber readiness gaps” that led to the incident.

If implemented broadly, the CSRIC recommendations recently made to the commission “will ‘harden’ our nation’s communications backbone against cyber threats with potentially wide-scale industry implications,” said Simpson, who added the agency will soon ask CSRIC participants to update the agency on their progress implementing these measures.

The update dovetails with the commission’s EAS Notice of Proposed Rulemaking in which the agency outlined several proposals to make it easier to regularly conduct national tests of the alerting system. Comments are due to Docket 04-296 Aug. 14.