On April 24, the Federal Communications Commission (FCC) sent email to emergency alert systems (EAS) participants focusing on the importance of keeping EAS devices secure. The email message, which was signed by Public Safety and Homeland Security Bureau Chief Lisa Fowlkes stated that the FCC has become aware of various reported instances of EAS equipment connected to the internet with weak or otherwise inadequate network security and/or unsecure device-setting configurations that potentially leave them vulnerable to IP-based attacks. The message reminded EAS participants that if EAS equipment lacks basic security maintenance, it can be vulnerable to disabling or exploitative attacks. The message stated:
“EAS participants should take action to secure their EAS equipment. It is advisable, for example, to ensure that default passwords have been changed, equipment is updated with current security patches and EAS equipment is secured behind properly configured firewalls and other defensive measures.”
Further, the message referred participants to the best practices contained in the Commission’s Communications Security, Reliability and Interoperability Council IV (CSRIC IV) Working Group 3, Emergency Alert System (EAS) Subcommittee’s Initial Report (May 2014) and Final Report (March 2015), and encouraged all EAS participants to review the best practices and implement those that apply to their situation. The reports are available at the following links:
The FCC’s email message is an indication that EAS security is top of mind at the Commission. It is important that all stations ensure that their EAS encoder/decoders are properly secured, especially during the current pandemic. Besides the CSRIC best practices guidelines (see Section 5 of the Initial Report), the Society of Broadcast Engineers (SBE) recently posted a useful article that outlines techniques for securing EAS devices. In addition, to help address industry concerns regarding cyber-crime during the COVID-19 health crisis, NAB is offering its online course Cyber Awareness for Broadcasters free of charge for a limited time.