In our summary of this week’s regulatory actions of importance to broadcasters, we noted that the FCC sent an email to broadcasters last week warning them of a cybersecurity flaw in the DASDEC EAS encoder/decoder device sold by Digital Alert Systems (formerly Monroe Electronics), using software prior to version 4.1. The email states that the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory expressing concern that there is a vulnerability in the code used by the system that can be used by remote attackers. The CISA advisory provides the technical details of the vulnerability.
The fear is that this security flaw can allow bad actors to access not only to the EAS system but, if that system is connected to other station computer networks, to other station information and systems as well. Securing the EAS system has been a priority of the FCC, with a pending rulemaking proposal (about which we wrote here) that would require stations to adopt cybersecurity plans to secure these systems and report yearly to the FCC about those plans (and report breaches when the station learns of such breaches or when they should have learned about the breach). The FCC already requires that false EAS alerts be reported to the FCC within 24 hours (see our article here) – but the new proposal would require FCC notice even if no false alert occurred. With the FCC contemplating the imposition of these obligations on broadcasters, and (of paramount priority) the risks that station operations can be compromised by any cyberbreach, stations need to be extra-vigilant in their cybersecurity considerations. Thus, any stations that use the identified encoder/decoder must be sure that they have taken the proper actions to secure their stations.
Continue Reading FCC Warns Broadcasters of Specific Cybersecurity Flaw in One EAS Provider’s Equipment – Why Broadcasters Need to Pay Attention