|
The Federal Communications Commission (FCC) has published a Notice of Proposed Rulemaking (NPRM) in the Federal Register on Protecting the Nation’s Communications Systems from Cybersecurity Threats. The proposed rule aims to strengthen the cybersecurity and operational readiness of the nation’s Emergency Alert System (EAS) and Wireless Emergency Alerts (WEAs), two major components of the nation’s public warning system.
In the NPRM, the FCC cites the outcome of the last nationwide test of the EAS in August 2021 as a reason for the need to strengthening the security of the nation’s public warning system communications infrastructure.
According to data collected by the FCC’s Public Safety and Homeland Security Bureau (PSHSB) during the 2021 nationwide EAS test, more than 5,000 EAS Participants were using outdated software or using equipment that no longer supported regular software updates. The test also revealed that a large number of EAS Participants were unable to participate in testing due to equipment failure, despite receiving advanced notice that the test was going to be conducted.
While participation as a provider of emergency alerts is voluntary, the FCC’s proposed rule would impact all EAS Participants and Commercial Mobile Service (CMS) Providers who have chosen to participate. EAS Participants include radio and television broadcasters, cable systems, satellite radio and television providers, and wireline video providers. Wireless Emergency Alerts (WEAs) are broadcast primarily using the nation’s wireless cellular networks. The FCC refers to cell phone carriers and other members of the United States wireless industry who participate in WEAs as “CMS Providers.”
The rule would require all EAS Participants and CMS Providers to:
- Develop a cybersecurity risk management plan and annually certify to having this plan in place.
- Employ sufficient security measures to ensure the confidentiality, integrity, and availability of their alerting systems.
The rule would require all EAS participants to report any incident of unauthorized access of their EAS equipment, communications systems, or services within 72 hours, regardless of whether the compromise resulted in transmission of a false alert. These incidents would be reported in the FCC’s Network Outage Reporting System (NORS). This reporting requirement is significant since it would likely require ongoing monitoring not only of EAS equipment but also any network infrastructure connected to the EAS equipment.
The rule would also require CMS Providers to ensure that alerts are displayed on consumers’ mobile devices only if they come from valid base stations (cell towers). This would prevent spoofing of base stations so that messages cannot be maliciously intercepted or rerouted.
Comments on the proposed rule are due by Dec. 23, 2022, and reply comments are due by Jan. 23, 2023. If you wish to submit comments on this proposed rule, you may do so using the FCC’s Electronic Comment Filing System.
(Sources: FCC, Federal Register)
Across the nation, Emergency Communications Centers (ECCs) and Public Safety Answering Points (PSAPs) are transitioning their 911 systems to digital or Internet Protocol (IP)-based systems, known as Next Generation 911 (NG911). NG911 systems allow voice and data-rich information to be shared between and among the public, 911, and first responders.
As ECCs and PSAPs transition to NG911, collaboration between agencies is critical. As more agencies upgrade to NG911, they will need to establish agreements with one another to interconnect these new NG911 systems and ensure interoperability.
To assist federal, state, local, tribal, and territorial (FSLTT) agencies with this aspect of the transition to NG911, the Emergency Communications Preparedness Center developed a guidance document: Considerations for Establishing Agreements for NG911.
This document outlines considerations for establishing memorandums of understanding/agreements (MOU/As) between FSLTT agencies for interconnecting NG911 systems. It provides explanations and sample language for components of MOU/As, such as defining roles and responsibilities, resources and services, and technical requirements.
The document is divided into four sections, each addressing areas to consider when establishing an MOU/A:
-
Governance. This section establishes the processes for maintaining the agreement.
-
Technical System Details. This section covers technical requirements to address when interconnecting NG911 systems, such as geographic information system (GIS) capabilities for location accuracy, call routing, and delivery of 911 calls to ECCs/PSAPs.
-
Operational. Operational considerations include equipment redundancy, technology upgrades, and continuity of communications.
-
Financial Obligations. There are considerations involving the costs associated with the NG911 migration, such as what resources are reimbursable and how costs for any goods, services, or personnel will be shared among agencies.
The Emergency Communications Preparedness Center (ECPC) is a federal interagency focal point for interoperable and operable communications coordination within the Cybersecurity and Infrastructure Security Agency (CISA). The ECPC is comprised of 14 federal departments and agencies: U.S. Departments of Agriculture, Commerce, Defense, Energy, Health and Human Services, Homeland Security, the Interior, Justice, Labor, State, Transportation, and the Treasury, as well as the Federal Communications Commission and the General Services Administration.
Learn more and access the new guidance document, “Considerations for Establishing Agreements for NG911” on CISA’s website.
(Source: CISA)
The All Hazards Consortium (AHC), a non-profit focused on facilitating government-industry partnerships to support disaster preparedness, response and recovery efforts, will be hosting its third annual Resilience Exchange Virtual Summit, ResilienceEXCH 2023, on Jan. 24-26, 2023. The Summit will be held over Zoom in three half-day sessions, from 12:30 p.m. to 6:00 p.m. EST each day.
The Summit will focus on resilience issues in industry and government and strategies to address them.
During each half-day session, several hundred participants will learn, network, and collaborate with private sector critical infrastructure partners, state and local emergency managers, representatives from the Department of Homeland Security (DHS), the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Emergency Management Agency (FEMA), the Federal Motor Carrier Safety Administration (FMCSA), trade associations, academia, industry, and research groups.
Some highlighted topics on the agenda include:
- Resiliency before, during and after civil unrest.
- Extreme weather: critical infrastructure and synchronous, real-time data-informed decision-making.
- Supply chain and cross-sector interdependencies.
- State operational perspectives on regional resiliency.
- Women in crisis management and consequence management.
The Summit is free to attend for full-time government employees. Visit AHC’s ResilienceEXCH 2023 website for a full agenda, lists of speakers and sponsors, and the online registration form.
(Source: AHC)
|
