The Multicultural Media, Telecom and Internet Council raised concerns after FCC Chairwoman Jessica Rosenworcel sent letters to the nation’s nine largest providers of wireless emergency alerts last week seeking information on how alerts can start to support languages beyond English and Spanish (see 2302140059). MMTC reminded the FCC it sought changes to the emergency alert system in 2005, in a petition never addressed by regulators. Reports are that the commission’s focus on the issue of multilingual emergency alerts has shifted from the emergency alert “Designated Hitter” system proposed by MMTC to a model based on WEA, said a filing posted Tuesday in docket 06-119. “If true, this shift represents an unfortunate step backward from the Commission’s goal of ensuring that people from a variety of language backgrounds are armed with critical information during and in the immediate wake of a life-threatening emergency,” MMTC said: “Although wireless providers generally do a good job of relaying multilingual emergency information in advance of anticipated disasters, cell towers and other systems making up wireless infrastructure are often compromised or taken entirely offline when disaster actually strikes, leaving radio stations with back-up generators among the few sources of mass communications still operating during such events.” The group asked the FCC to focus instead on its designated hitter proposal.
House Communications Subcommittee leaders voiced optimism Wednesday that there will be bipartisan agreement soon on an updated version of the Satellite and Telecommunications Streamlining Act, the refiled Secure Space Act (HR-675) and other satellite legislation, but indicated after a hearing the subpanel may wait until March to advance the measures. Witnesses praised the bills, as expected (see 2302070066), but noted the need for some tweaks. Also on the docket: the Leveraging American Understanding of Next-Generation Challenges Exploring Space Act (HR-682), draft Advanced, Local Emergency Response Telecommunications Parity Act and draft Precision Agriculture Satellite Connectivity Act.
Republicans’ return to a House majority is unlikely to mean a big shift in the chamber’s approach to space policy and legislative priorities since those matters have generally been an area of bipartisan cooperation, policy experts said in interviews. The House Commerce Committee made its first foray into space matters for this Congress Thursday via a Communications Subcommittee hearing (see 2301270076) that lobbyists saw as a precursor to panel leaders’ plans to prioritize advancing legislation to revamp the FCC’s satellite licensing rules. House Commerce Chair Cathy McMorris Rodgers, R-Wash., staked the panel's claim to a role in space policy, saying during the hearing it has "been far too long since Congress reassessed the role of satellite technology in the communications marketplace and whether or not our regulatory environment encourages investment and innovation in the space economy, or hampers it."
There should be closer coordination between government agencies and emergency alert system manufacturers on “validation, disclosure and the action steps” for future public warning cybersecurity vulnerabilities, said EAS equipment manufacturer Digital Alert Systems (DAS) in a meeting with an aide to FCC Chairwoman Jessica Rosenworcel, according to an ex parte filing posted Tuesday in docket 15-94. Vulnerabilities connected with DAS equipment were discussed at a hacking convention and the subject of FCC and Federal Emergency Management Agency notices to broadcasters last year (see 2301300054). “During the conversation, we confirmed that to the best of our knowledge, these vulnerabilities have not resulted in any actual compromise of the EAS,” DAS said. The company said it has been providing security patches to users without cost, and users haven't needed a major upgrade for the past three years. DAS also said the agency should bring back the National Advisory Committee to make recommendations on public warning system matters, and the FCC should oversee security certifications for EAS manufacturers.
Widely reported vulnerabilities in broadcaster emergency alert system equipment “have not resulted in any actual compromise of the EAS,” said equipment manufacturer Digital Alert Systems last week in a meeting with an aide to FCC Commissioner Brendan Carr, according to an ex parte filing in docket 15-94 (see 2210250057). DAS expressed concern about “uncoordinated disclosure” of security vulnerabilities. “One key recommendation in this area is the need for closer coordination between the public and private sector on disclosure of any future findings and the action steps to remediate issues,” DAS said. The company provisionally supports requiring EAS vendors to have a security certification, the filing said. DAS is working on “a virtualization of various aspects of EAS” and said such systems could help lower costs for EAS participants, and increase reliability. The FCC’s NPRM on emergency alerting cybersecurity listed concerns about vulnerable, out-of-date devices operated by smaller, low-power TV broadcasters (see 2210270058). The LPTV Broadcasters Association said it wants to eliminate the required EAS “box” and costs associated with it (see 2211040078). “We did acknowledge that the vast majority of incidents in the field were related to failure of some users to properly secure hardware, failure to implement basic network security practices, and failure to implement software updates in a timely manner,” the DAS filing said.
The FCC proposed a $504,000 penalty against Fox for transmitting false emergency alert system codes during an NFL promotion in November 2021, said a notice of apparent liability in Wednesday’s Daily Digest. A three-second clip of EAS tones was aired on the FOX NFL Sunday pregame show as part of “a short comedic advertisement for an upcoming game,” the NAL said. The broadcast aired on 18 Fox-owned stations and 190 network affiliates, and the audio went out over Fox’s radio and satellite radio programming, the NAL said. “This manner of appropriation of the EAS Tones is exactly the type of simulation that the Commission’s rules seek to address and prohibit in order to avoid diluting the EAS Tones’ real meaning over time,” the NAL said. “This self-promotion for the purposes of additional economic gain at the expense of the integrity of the EAS constitutes egregious misconduct warranting an additional upward adjustment.” Fox didn’t comment. An FCC spokesperson confirmed the NAL was the enforcement item that had been set for Thursday’s open meeting agenda. The FCC published a deletion notice for that item and an adjudicatory item on noncommercial educational window selectees (see 2301240037) Tuesday.
Reply comments largely tracked initial comments on an FCC NPRM on proposed rules for making the emergency alert system and wireless emergency alerts more secure (see 2212270048). FCC commissioners approved an NPRM 4-0 in October (see 2210270058). Replies were due Monday in docket 15-94. “As demonstrated throughout the record, the Commission should not adopt the cybersecurity proposals in the NPRM,” said CTIA: Participating carriers “implement WEA-specific technical standards and have robust cyber risk management plans that cover WEA operations, making the proposed certification requirement unnecessary.” The Competitive Carriers Association agreed with CTIA that the record is clear. “Instead, the Commission should promote the success and security of the WEA program in other ways including through collaborative multistakeholder security improvement processes,” CCA said: “Imposition of onerous new regulatory burdens that make WEA less flexible, more difficult, and disproportionately more costly for smaller and regional carriers to administer may potentially undermine participation in the WEA program.” USTelecom also urged a light-handed approach by the FCC. “Rather than create a new regime, the Commission should find ways to achieve its goals within the context of a harmonized, whole-of-government approach, in coordination with the Department of Homeland Security Cybersecurity and Infrastructure Security Agency and other government partners, as well as industry,” USTelecom said. The group noted CISA is already looking at when incidents should have to be reported: “Additional requirements, at this time, before the dust has settled, risk further fragmenting reporting requirements across the federal government, frustrating the Commission’s interest in working with its federal partners.” Opposition wasn't unanimous. The FCC won’t impose a significant burden on providers by requiring annual security certifications, said the Center for Internet Security. “The required risk management plan consists of nothing more than implementing [security standards] in a timely manner as part of normal operations,” the center said: “There is essentially no cost associated with implementing these controls, and a requirement for annual self-certification to the FCC would likely involve at most an on-line submission or completion of a two-page template with check-off boxes.” Broadcasters and cable companies also raised concerns. “It is imperative … that any changes to the EAS rules are proportionate to the needs of the EAS ecosystem and consistent with evolutions in broadcast infrastructure,” said Gray Television: “Gray shares the concern of several commenters that many of the proposals in the NPRM are not justified and could prove counter-productive by imposing unnecessarily burdensome obligations on broadcasters. At the same time, Gray wholeheartedly endorses the proposal of the National Association of Broadcasters (NAB) to permit EAS Participants to virtualize certain elements of their EAS operations.” As comments show, “the Commission should take care when creating any new EAS monitoring or reporting requirements to ensure that the new rules are clearly necessary and that EAS Participants continue to have sufficient time to evaluate any potential issues regarding failure of, or unauthorized access to, their EAS system and facilities,” said Altice USA: “Any new rules also should allow the greatest possible flexibility in cybersecurity policies and practices so that Participants can tailor them to the unique needs of their networks.”
The emergency alert system test reporting system (ETRS) is now accepting Form One filings from EAS participants, said an FCC Public Safety Bureau public notice Tuesday. The forms are due Feb. 28. “EAS Participants must renew their identifying information required by ETRS Form One on a yearly basis,” said the PN.
Marcus Spectrum Solutions called for random testing of wireless emergency alerts and other parts of the emergency alert system. “The Commission and its partners in other agencies must start planning in a careful and deliberate way to implement a small fraction of EAS and WEA testing at times that happen throughout the day and are not precisely announced with the exact date and time,” Marcus said in comments posted Wednesday in docket 15-94: “At present all such tests have the time and date announced with typically 2 months advanced notice.” Marcus noted the EAS became operational Jan. 1, 1997, and 25 years “should have been enough time to allow some random testing at odd hours to verify that no industry changes have resulted in unanticipated issues that are hidden by having only preannounced tests during the prime shift.”
Broadcasters and wireless carriers urged the FCC not to impose proposed new rules designed to make the emergency alert system and wireless emergency alerts more secure. Industry said cybersecurity requirements would be difficult to implement and are unnecessary. FCC commissioners approved an NPRM 4-0 in October (see 2210270058). Comments were posted Tuesday in docket 15-94.