FCC Chairwoman Jessica Rosenworcel is pushing ahead to win approval for rules to strengthen the Emergency Alert System and Wireless Emergency Alerts against cyber threats.
Her office announced Friday that she is circulating draft final rules which, if adopted, would require communications providers that participate in EAS or WEA — including broadcasters — to create, update and implement cybersecurity risk management plans.
EAS participants also would be required to notify the commission of equipment defects within 24 hours of discovery, “which would provide the commission with greater awareness of system availability and help identify persistent technical problems in this equipment.” And EAS participants would be required to have contingency plans for delivering alerts.
If all this sounds familiar it’s because in October 2022, the commission started this process and sought comment on ways to improve the cybersecurity of emergency alert systems in response to security lapses and incidents. Then last fall the commission and CISA co-hosted a public roundtable on alerting cybersecurity.
“The draft final rules, which would reduce risks to communications networks, in keeping with a whole-of-government effort to establish cybersecurity requirements to support national security and public safety, are informed by this stakeholder input,” Friday’s announcement states. The actual text of the proposed rules on which Rosenworcel seeks a vote hasn’t been released.
Her office also noted that the Department of Homeland Security recently urged regulators to ensure that owners and operators of communications networks and other U.S. critical infrastructure are implementing controls to improve security and resilience to cybersecurity threats, “including through the establishment of minimum cybersecurity requirements.”