FCC Urges Stations, Cable Ops to Shore Up Emergency Alert Defenses

Move comes in wake of zombie hoax hacking incident

John Eggerton and George Winslow -- Broadcasting & Cable, 2/13/2013 9:34:52 AM

In the wake of a hacking hoax in which stations' emergency alert systems were hijacked for a zombie warning, the FCC Tuesday issued an urgent alert to stations and cable operators to update their EAS equipment, including resetting their passwords and making sure the systems' defenses are in order.

That is according to a copy of the alert obtained by B&C.

"All EAS participants are required to take immediate action to secure their CAP EAS equipment, including resetting passwords, and ensuring CAP [Common Alerting Protocol] EAS equipment is secured behind properly configured firewalls and other defensive measures," the FCC said. "All CAP EAS equipment manufacturer models are included in this advisory."

The FCC said all EAS participants need to change passwords from their default settings.

The FCC alert came the same day the president signed an executive order mandating a framework for better protections of critical systems from cyber-attacks.

FEMA, which adopted the standard for the Common Alerting Protocol (CAP)-formatted emergency messages -- which the industry was required to migrate to -- said Tuesday that the issue was at the station and system level and that its "integrated public alert and warning system" had not been breached or compromised at its end.

Ed Czarnecki, senior director of strategy and regulatory affairs at Monroe Electronics, which manufactures EAS systems, had told B&C Tuesday that the hacking highlighted the need for improved IT security and the FCC clearly agreed.

The FCC said media outlets needed to take the following steps immediately:

1. EAS Participants must change all passwords on their CAP EAS equipment from default factory settings, including administrator and user accounts.
2. "EAS Participants are also urged to ensure that their firewalls and other solutions are properly configured and up-to-date.
3. "EAS Participants are further advised to examine their CAP EAS equipment to ensure that no unauthorized alerts or messages have been set (queued) for future transmission.
4. "If you are unable to reset the default passwords on your equipment, you may consider disconnecting your device's Ethernet connection until those settings have been updated.
5. "EAS Participants that have questions about securing their equipment should consult their equipment manufacturer."