WASHINGTON, D.C. — The Federal Communications Commission on Thursday adopted rules to modernize the Emergency Alerting System (EAS) and “preserve the public’s trust in EAS” by requiring targeted cybersecurity improvements that the FCC believes will protect against hijacking by cybercriminals and U.S. adversaries.
In addition, the Commission in an unanimous 3-0 vote decided to move forward with a Further Notice of Proposed Rulemaking that seeks comment on additional ways to modernize EAS and Wireless Emergency Alerts (WEA), from bolstering reliability to improving geographic accuracy.
“This first-principles approach will identify ways to ensure that alerts and alerting systems remain as effective and efficient as possible,” the Commission believes.
Ensuring EAS security through modernization is a key objective of the Carr Commission, which explained how the Commission adopted three specific measures to help protect against hijacking by cybercriminals and our nation’s adversaries. “Specifically, the FCC will require EAS Participants to use strong passwords, promptly test and install security patches issued by equipment manufacturers, and use a network firewall or comparable practice to better limit access to their equipment,” it said.
In addition, the FNPRM proposes “multiple targeted improvements that can make EAS and WEA more accurate, resilient, flexible, and useful.”
These proposals would improve EAS’s integrity by requiring the authentication of all alerts before they are transmitted and promote the reliability of emergency alerts by establishing a universal alert identification number to help block duplicate alerts.
The Further Notice of Proposed Rulemaking also explores improving geographic accuracy by eliminating outdated WEA geotargeting exceptions that often cause alerts to be received in the wrong locations and increasing alert effectiveness by requiring EAS and WEA to display symbols that match the type of emergency.
The FCC also proposes to remove outdated requirements by allowing the implementation of EAS capabilities via software instead of hardware and retiring the 90-character maximum versions of WEA messages.
