[sbe-eas] Upcoming FCC changes to EAS rules (September meeting agenda)
Walke, Larry
LWalke at nab.org
Tue Oct 18 17:34:57 EDT 2022
Please take a look at this new FCC draft NPRM. At first glance, it seems like a game-changer in terms of the requirements on EAS Participants to ensure the security of their EAS service, and report any and all incidents that could affect any and all communications services that could potentially affect EAS, whether it led to a false alert or not. In addition to incident reporting, EAS Participants will be required to certify annually that they have implemented a cybersecurity risk management plan for its EAS system, and again, any communications services that could potentially affect EAS functionality.
https://www.fcc.gov/document/improving-security-national-alert-and-warning-systems
Larry Walke, NAB Legal & Regulatory
(202) 429-5313 (o)
(202) 607-7611 (c)
-----Original Message-----
From: sbe-eas <sbe-eas-bounces at sbe.org> On Behalf Of Sean Donelan
Sent: Friday, September 9, 2022 7:36 PM
To: SBE EAS Exchange - a mail list for discussion about the Emergency Alert System and other emergency communication issues. <sbe-eas at sbe.org>
Subject: Re: [sbe-eas] Upcoming FCC changes to EAS rules (September meeting agenda)
External Email:
Outside of the Blackhat/DefCon conference? No.
Its technically possible, and demonstrated to work. Works best with very old phones. Each new generation 3G/4G/5G/6G improves security. I haven't checked if it would work on 5G (probably would, just haven't checked myself). 6G is under development.
Reason why: the WEA standards designed to get alerts to the public, even when parts of the network are broken (i.e. the parts that do authentication & billing). Adding more security would slow/break stuff.
The risk assumed limited to a geographic area. But if you want to see what happens, watch the Ukraine and Russia cell companies. A lot of theoritical stuff suddenly made practical.
On Fri, 9 Sep 2022, Rob Dale wrote:
> Good find! This one makes me wonder:
>
> • Requiring wireless providers to take steps to ensure that only
> valid alerts are displayed on consumer devices.
>
>
> Has there ever been a ‘fake WEA’ somehow put on a user’s phone? I
> can’t even begin to imagine how that could be done…
More information about the sbe-eas
mailing list