You may have already been breached!

The first installment of this series discussed generally why it’s important for radio and TV broadcast stations to implement an effective cyber security risk assessment and recovery program. Broadcasters are considered by the Department of Homeland Security (DHS) and FCC to be an integral part of the nation’s Critical Communications Infrastructure. Therefore, there is an expectation that stations will take adequate steps to stay on the air in times of emergency.

While the FCC is concerned with a station’s ability to withstand a cyber-attack and remain on the air, they are specifically concerned with the resiliency of the Emergency Alert System (EAS). They want to make sure that broadcasters (and other EAS participants) take appropriate measures to reduce risk to the EAS. In May 2014, the commission released a report that contains guidelines for best practices to improve EAS security and reliability. The report was created as part of the FCC’s Communications Security, Reliability and Interoperability Council (CSRIC).

The report should be considered and implemented by the principal EAS stakeholders, i.e., EAS participants, emergency alert originators, EAS device manufacturers, and the federal government. All radio and television stations should acquire the CSRIC EAS Security Report, study it and implement the applicable guidelines.

In the next installment of this blog we will take a look specifically at the other FCC report that focuses on implementing an overall cyber security program based on the NIST Cyber Security Framework.

The important thing to know is that the FCC expects that broadcasters have reviewed these report documents and are in the process of adopting the principles and practices embodied in them.

More later…