Public alert systems

FCC Proposes Rules on Emergency Alert System Cyber Breach Reporting

Companies that participate in public alert systems, including broadcasters and cable providers, must report unauthorized access to their emergency alert system equipment within 72 hours under the latest rules proposed by the Federal Communications Commission. The FCC issued a notice of proposed rulemaking after the Federal Emergency Management Agency discovered during the DEF CON hacking conference in August that hackers could exploit vulnerabilities in the emergency alert system to issue false alerts on TV, radio, cable networks and mobile phones. According to the notice, early reports would allow the FCC and other government agencies to resolve the cyber breach incidents before compromised equipment is used to send false alerts, FedScoop reported.

The proposal’s main goal is to boost the operational readiness and security of the U.S. public alert and warning systems.

The notice called on organizations involved in delivering emergency alerts to implement security policies for their alerting systems, have a cybersecurity risk management plan and attest every year that such measures are in place. Wireless providers covered by the proposed rules should also submit sufficient authentication information to ensure that consumers will only receive valid alerts.

FCC Chair Jessica Rosenworcel said in a statement that the proposed rules would help guarantee the trustworthiness and reliability of the warning systems.

The FCC is seeking comments on the notice, which was issued during Cybersecurity Awareness Month.