Deadlines Set for Commenting on New EAS Cybersecurity Requirements
Comments on the FCC's proposal to require participants in the nation's Emergency Alert System (EAS) to meet new cybersecurity requirements are due by May 9, 2016, and reply comments are due by June 7, 2016. As we previously noted, the proposed rules would require radio and TV broadcasters, cable companies and other entities involved in disseminating emergency alerts to certify annually that they meet prescribed security requirements and to report any instances of false alerts. Among the proposed requirements, participating companies would have to certify to the following:
- Patch management. That they keep their systems updated with the latest firmware and software patches.
- Account management. That they have a control system in place to restrict access to EAS devices, that all EAS devices and connected system passwords have been changed from the default passwords, that password complexity is required, and that default, unnecessary, and expired accounts have been removed or disabled.
- Segmentation. That none of their EAS devices is directly accessible through the Internet, (for example, by configuring a firewall to deny access from the public Internet) and that any other type of remote access is properly secured and logged.
- Validation. That their EAS devices are configured to validate digital signatures on Common Alerting Protocol ("CAP") messages if the source of the CAP message includes this feature. CAP is used to distribute alerts to stations over the Internet.
Read the FCC's notice of proposed rulemaking. If you would like more information regarding the FCC's proposals, or would like to explore filing comments in the proceeding, please contact one of the attorneys identified on this alert.
This content is provided for general informational purposes only, and your access or use of the content does not create an attorney-client relationship between you or your organization and Cooley LLP, Cooley (UK) LLP, or any other affiliated practice or entity (collectively referred to as “Cooley”). By accessing this content, you agree that the information provided does not constitute legal or other professional advice. This content is not a substitute for obtaining legal advice from a qualified attorney licensed in your jurisdiction and you should not act or refrain from acting based on this content. This content may be changed without notice. It is not guaranteed to be complete, correct or up to date, and it may not reflect the most current legal developments. Prior results do not guarantee a similar outcome. Do not send any confidential information to Cooley, as we do not have any duty to keep any information you provide to us confidential. This content may be considered Attorney Advertising and is subject to our legal notices.