The Federal Communications Commission is echoing the warning from the Federal Emergency Management Agency about keeping your EAS software current.
Its Public Safety and Homeland Security Bureau has issued a public notice reminding radio and TV stations, as well as other communications providers that participate in EAS, to secure their equipment against risks from exposure on the internet.
As we’ve reported, FEMA this month issued an advisory about a potential vulnerability in some encoder/decoder devices that have not been updated to current software versions. The vulnerability could leave them open to hacking and the broadcast of false alerts.
FEMA issued its warning because it learned that this vulnerability might be discussed publicly at a hacker and security conference this week.
[Related: “Digging Into FEMA’s Notice on EAS Vulnerabilities”]
The FCC bureau issued a similar notice about this in April of 2020. Now it again urges EAS participants — regardless of the make and model of their gear — to upgrade their software and firmware to the most recent versions recommended by the manufacturer and secure the equipment behind a good firewall asap.
Further steps to keep EAS safe are to install software security patches from the manufacturer as they become available; change default passwords; continually monitor EAS equipment and software and review audit logs to detect incidents of unauthorized access, and review recommended best practices.