Key Points
- The Federal Communications Commission is advancing new cybersecurity mandates to strengthen the Emergency Alert System against hacking and unauthorized transmissions.
- The proposal would require broadcasters and other participants to implement safeguards such as stronger passwords, software updates and network protections for EAS equipment.
- The changes could intersect with industry efforts to transition to NextGen TV, though funding cuts and technical concerns may complicate those plans.
The Federal Communications Commission (FCC) wants to roll out new cybersecurity mandates that are aimed at strengthening the resiliency of the national Emergency Alert System (EAS), which is used by wireless carriers, broadcasters and content distributors to provide local, regional and national emergency messages.
A draft order scheduled for consideration at the FCC’s June 25 open meeting requires broadcasters and other EAS participants to implement baseline cybersecurity safeguards following a series of incidents involving compromised alerting systems and unauthorized transmissions.
The proposal is part of a broader review of both the EAS and Wireless Emergency Alerts (WEA) systems, which the commission says remain effective but could be improved through modernization and stronger security protections.
In a blog post accompanying the draft item, FCC Chairman Brendan Carr said the measures are intended to protect emergency communications systems from cyberattacks while improving their long-term reliability.
“The item would adopt measures to help protect against hijacking by cyber criminals and our nation’s adversaries and make other targeted improvements,” Carr wrote.
For broadcasters, the most immediate changes would involve new cybersecurity requirements covering EAS equipment and other systems capable of inserting content into programming streams. Under the proposal, stations would be required to change default passwords before deploying EAS equipment, use strong credentials and replace passwords if a compromise is suspected. The FCC would also require prompt installation of security updates, firmware patches and software upgrades, along with firewalls or similar network protections designed to restrict access to authorized users and devices.
The commission cited several recent incidents in which hackers gained access to broadcast systems and transmitted unauthorized messages containing EAS tones, offensive content or promotional material.
“Because some EAS participants have not taken adequate steps to remediate these vulnerabilities and address the significant risk posed by a false alert or non-transmission of a real alert, we find that each of the three requirements we adopt today are necessary to protect the security and integrity of EAS,” the draft order states.
Beyond cybersecurity, the FCC is exploring several changes that could significantly alter how emergency alerts are delivered.
Among them is a proposal to require authentication of all EAS alerts before transmission. The agency believes authentication could help prevent spoofed messages and improve public confidence in emergency notifications.
The commission is also seeking comment on expanding EAS geo-targeting capabilities beyond the current county-based system, potentially allowing emergency managers to deliver alerts to more precisely defined areas. Other proposals include standardized visual icons for different emergency types and enhancements to earthquake alert presentations.
Coincidentally, geo-targeted EAS alerts is one of the core benefits of NextGen TV, the next-generation TV transmission standard being promoted and pushed by some broadcast industry groups. The National Association of Broadcasters (NAB) has lobbied intensely for the FCC to issue an order mandating a switchover from the current broadcast standard to NextGen TV within the next few years.
But last year’s decision to pull funding from the Corporation for Public Broadcasting at the urging of President Donald Trump could complicate that effort, since public broadcasters were among those developing and promoting localized EAS messages over NextGen TV. A program called the Next Generation Warning System (NGWS) was forced to close after federal lawmakers pulled funding for public media staitions, without earmarking separate money to continue development on future EAS standards over NextGen TV.
The NAB also wants the FCC to adopt a less-stringent requirement on broadcasters that allows them to sunset their existing EAS hardware in favor of software-based receiving and delivery of messaging. That raises other potential security concerns, including whether software is more-susceptible to hijacking from cyber criminals and other bad actors over physical hardware, which is typically under guard at local radio and TV stations. Most of the cyber hacking afflicting EAS equipment over the past few years involves hardware that was connected to the Internet.
