As all U.S. broadcasters should know by now, one of the security certificates used by FEMA’s IPAWS CAP feed (i.e., one issued by Federal Bridge Certification Authority) expired on November 8, 2019. Section 11.56 of the FCC Rules requires EAS Participants to “configure their systems to reject all CAP-formatted EAS messages that include an invalid digital signature.” The replacement certificate must have been installed by November 8, 2019 for the proper validation and decoding of CAP alert messages from IPAWS. Until installation of the replacement certificate is completed, EAS Participants will not be able to process and transmit CAP-formatted EAS alerts distributed by IPAWS to the public. Thus, stations will be unable to meet their general regulatory obligation to receive and process CAP-formatted national EAS alerts (e.g., Emergency Action Notification alerts), Required Monthly Tests, or Required Weekly Tests. The updated certificate was released on October 28, 2019, so stations should check with their EAS equipment vendors to obtain the new certificates.
It is important to note that all other forms of EAS messaging not requiring such validation will still function, such as Primary Entry Point (PEP), daisy chain, National Weather Service and other messages received from non-IPAWS sources.
Because installation of the new certificates in EAS encoder/decoders must be done manually, concerns have been raised that stations without engineers on site, or station groups with large numbers of EAS boxes in their facilities, may not have been able to get all their equipment updated before the certificate expired on November 8. The FCC has recognized this issue, and on November 5, 2019 it released a Public Notice (PN) providing guidance on the matter.
The PN states that in accordance with Section 11.35(b) of the Rules, EAS Participants that were unable to complete installation of the replacement certificate prior to November 8, 2019, which are therefore unable to validate (and transmit to the public) CAP-formatted EAS alerts distributed by IPAWS, may continue to operate their EAS equipment to deliver these alerts for a period of up to 60 days (through January 7, 2020) without additional FCC authority. EAS Participants are expected to make reasonable and good faith efforts to complete such certificate installation prior to the expiration of this 60-day period. The PN further states that if an EAS Participant is unable to complete installation of the new certificate information prior to the expiration of this 60-day period, it must submit to the FCC an informal request for additional time. For more details, see the PN.