In September the Federal Communications Commission issued a report and order aimed at improving the clarity and accessibility of Emergency Alert System visual messages to the public, including people who are deaf or hard of hearing as well as others who are unable to access the audio message.
EAS participants, which include most U.S. radio and television stations, have one year, until Dec. 12, 2023, in which to make the necessary changes to their EAS equipment in order to comply with the rules.
This order is but one in a series of actions and proposals from the FCC that relate to EAS. We asked Ed Czarnecki, vice president of global and government affairs for manufacturer Digital Alert Systems Inc. and a member of the board of the EAS-CAP Industry Group, to help us sort them out. He replied by email.
Radio World: What are the notable changes that the report and order puts in place, that affect U.S. radio stations?
Ed Czarnecki: The clock has started ticking for the industry to comply with the following requirements:
- Implement prioritized CAP polling: EAS participants will have to prioritize CAP messaging by immediately checking for a CAP message whenever a conventional EAS message is received. If there is a CAP version of the alert, that should be used instead of the conventional EAS message.
- EAN (“Presidential”) message changes: There are changes in the text for the EAN event code and the ORG code when used with EAN. So, the new EAN text required by the FCC will be “The United States Government has issued a National Emergency Message for the following areas …”
- NPT (National Periodic Test) changes: The FCC is changing the NPT message. For national NPT messages received via conventional EAS, a scripted text must be issued: “This is a nationwide test of the Emergency Alert System, issued by the Federal Emergency Management Agency, covering the United States from [time] until [time]. This is only a test. No action is required by the public.” This means EAS devices must be updated to produce a stored script, unlike any other EAS codes. NPT messages received via CAP and regional NPT tests (i.e., with FIPS codes other than 000000) will be processed as before.
- NIC code removal: The National Information Center (NIC) event code will have to be removed.
For radio stations, this means several things. Firstly, all EAS equipment will need to be updated to handle these changed requirements. Moreover, prioritized CAP polling will benefit radio stations by providing the best audio available. The textual changes will also affect radio stations that are forwarding alerts in services like RDS or HD Radio data.
RW: What should radio users of Digital Alert Systems EAS products do to comply, and by when?
Czarnecki: The DASDEC has already supported “prioritized CAP” since 2018 as our Triggered CAP Polling feature, from versions v.4 onwards. Customers using DASDEC versions 4.1 through 5.0 will need to adjust their Triggered CAP Polling window setting to be no less than 10 seconds.
However, the FCC’s other changes mean more than just adjusting settings. Digital Alert Systems is going to make a software update available in the first quarter of 2023 to handle these changes and provide customers ample time to test and implement.
The update, which will be available at no cost to users of version 5 software or members of our Software Assurance Plan, will include the following compliance changes to meet the FCC’s requirements:
- The Triggered CAP polling will be enabled by default, with the window timing set to 10 seconds.
- The EAN event code will be updated to “National Emergency Message”
- The PEP ORG code will be updated to “United States Government.”
- The new required National Primary Test (NPT) pre-scripted message will be implemented.
- The NIC event code will be removed.
In addition, the next version 5 update will include a range of security enhancements. We’ll be communicating directly to registered customers when this update is available. This is one of the reasons why registering your DASDEC with the company is so important — it enables us to keep in contact with important regulatory and security updates.
RW: It is confusing to keep track of the various initiatives and proposed changes coming out of the FCC regarding EAS. We’ve reported on the changes involving SECC reporting, for instance. And there is yet another set of new proposals that just came out in an NPRM recently. What are those about?
Czarnecki: The FCC has issued a rather far-ranging Notice of Proposed Rulemaking on EAS and WEA cybersecurity. It is far-ranging because the scope of some of it could potentially extend far beyond EAS gear into firewalls, IT networks, and even programming streams.
One proposed measure is to require EAS participants — including radio stations — to report to the commission any incidents of unauthorized access to EAS equipment within 72 hours of when it knew or “should have known” that the incident occurred.
Another proposed measure would require EAS participants to certify annually that they have a cybersecurity risk management plan in place and that they are employing “sufficient security measures” to ensure the confidentiality, integrity and availability of their EAS capabilities. The FCC wants plans that not only include a security baseline, but would include station measures around changing default passwords, installing security updates in a timely manner, securing equipment behind firewalls or practices, replacement for end-of-life equipment, and sanitizing information before disposing of old EAS equipment.
The FCC is also asking whether the current 60-day period to repair EAS equipment is reasonable, or if stations should instead repair or replace EAS gear “promptly and with reasonable diligence.”
The NPRM was just published in the Federal Register on Nov. 23, with comments due within 30 days and reply comments within 60 days. The new NPRM can be found in the Federal Register.
RW: What do you think is driving the FCC’s cybersecurity initiative?
Czarnecki: The FCC is reacting to several issues — a perfect storm if you will. The FCC noted that as reported in ETRS filings for the 2021 National EAS Test, more than 5,000 EAS participants were using outdated software or using EAS equipment that no longer supported regular software updates. The FCC was also aware of a number of cybersecurity reports issued regarding EAS equipment, a number of reports again revolving around EAS participants who haven’t updated software, despite the availability of security patches.
The FCC is also certainly aware of is the continuing presence of a concerning number of EAS devices left unprotected on the internet, despite multiple pleas from manufacturers, FEMA and the FCC itself. I suspect that another element in this perfect storm might be the current volatile international environment, a reminder of the need to have a functional national warning system.
[Related: “Your Guide to the Required EAS Changes,” blog post by attorney Sara Hinkle of Fletcher, Heald & Hildreth]