The Federal Communications Commission (FCC) released the tentative agenda for its October Open Commission Meeting scheduled for Oct. 27, at which the agency plans to consider a notice of proposed rulemaking to strengthen the operational readiness of the Emergency Alert System (EAS) and Wireless Emergency Alerts, including by reducing the vulnerability of these systems to cyberattacks.
The EAS – and its associated wireless emergency alerts – functions as a national public warning system most often used by state and local authorities to deliver urgent and emergency information to the public. Most often, the alerts involve weather conditions and AMBER alerts, but the system also has the capability for the President to address the public during a national emergency.
The majority of EAS alerts originate from the National Weather Service in response to severe weather events, but an increasing number of state, local, territorial, and tribal authorities also send alerts.
EAS is maintained on a collaborative basis by the FCC, the Federal Emergency Management Agency (FEMA) and NOAA’s National Weather Service (NWS) component. The FCC’s role focuses mainly on technical standards for EAS participants, procedures to follow if the system is activated, and testing protocols.
The FCC’s move to consider a noticed of proposed rulemaking on EAS system cybersecurity follows its release in August of public notice advising communications service providers involved in the system to “take steps to secure their EAS equipment against risks impacting devices that are publicly accessible from the Internet.”
The FCC pointed to a FEMA notice also issued in August about potential vulnerabilities in some EAS encoder/decoder devices that have not been updated to the most recent software versions. “If EAS devices are not up-to-date, an unauthorized actor could issue EAS alerts” using system participants’ infrastructure, the FCC said.
The agency previously warned EAS participants about that vulnerability, and encouraged them to secure their equipment by installing current security patches and using firewalls. The FCC again urged “all EAS Participants, regardless of the make and model of their EAS equipment, to upgrade their equipment software and firmware to the most recent versions recommended by the manufacturer and secure their equipment behind a properly configured firewall as soon as possible.”
Also at its Oct. 27 meeting, the FCC plans to consider other items including broadband expansion, and caller ID authentication.