FEMA and FCC Encourage EAS Participants to Take Action Against EAS Vulnerabilities

The Federal Emergency Management Agency (FEMA) has issued an advisory that Emergency Alert System (EAS) encoder/decoder devices could be susceptible to exploitation if not updated to the most recent software. Out-of-date software could allow an outside party to issue EAS alerts over the host’s TV, radio, or cable network infrastructure. FEMA strongly encourages EAS participants to ensure that EAS devices and supporting systems are up to date with the most recent software and security patches, are protected by a firewall, and are monitored; and that their audit logs are regularly reviewed for unauthorized access.

The Federal Communications Commission also released a Public Notice reiterating FEMA’s advisory and offering further instructions. The FCC urges all EAS participants to upgrade their software and firmware to the most recent versions recommended by the manufacturer, regardless of make and model of the EAS equipment, and to secure their equipment behind a properly configured firewall as soon as possible.

The FCC also instructed participants to:

• Install software security patches issued by the manufacturer as soon as they become available.
• Change default passwords.
• Continually monitor EAS equipment, software, and audit logs to detect and report incidents of unauthorized access.
• Review the recommended best practices issued by the Communications Security, Reliability, and Interoperability Council to address potential data security vulnerabilities.

Please contact an attorney in our Media practice group if you would like more information.

Categories: Media