FCC proposes rules to prevent fake emergency alerts
The Federal Communications Commission is well aware of the potential damage from fake emergency alerts, and it’s hoping to minimize the threat with policy changes. The agency has proposed rules that would require stricter security for the Emergency Alert System (EAS) and Wireless Emergency Alerts. Participants and telecoms would have to not only report EAS breaches within 72 hours, but provide yearly certifications that they both have “sufficient” safeguards and a risk management plan.
The proposed rules would also require phone carriers to send authentication data ensuring that only legitimate emergency alerts reach customer devices. The FCC is similarly looking for comments on the effectiveness of the current requirements for transmitting EAS notices, and suggestions for “alternative approaches” with improvements.
The proposal comes three years after University of Colorado researchers warned that it was easy to spoof FEMA’s presidential alerts, with no way to verify the authenticity of the broadcasts. And while the 2018 Hawaii missile alert was the result of an error rather than a hack, it underscored the risks associated with false warnings. Even at small scales, a fake alert could reach tens of thousands of people, possibly leading to panic and reduced trust in real messages.
It’s not certain if the proposals are enough. The 72-hour window may help prevent some false alerts, but not all of them — that’s plenty of time for a hacker to both breach an emergency system and send fake messages. It’s likewise unclear if the FCC would update its security requirements to keep up with evolving threats. Even so, this shows that the Commission is at least aware of the dangers.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
The Federal Communications Commission is well aware of the potential damage from fake emergency alerts, and it’s hoping to minimize the threat with policy changes. The agency has proposed rules that would require stricter security for the Emergency Alert System (EAS) and Wireless Emergency Alerts. Participants and telecoms would have to not only report EAS breaches within 72 hours, but provide yearly certifications that they both have “sufficient” safeguards and a risk management plan.
The proposed rules would also require phone carriers to send authentication data ensuring that only legitimate emergency alerts reach customer devices. The FCC is similarly looking for comments on the effectiveness of the current requirements for transmitting EAS notices, and suggestions for “alternative approaches” with improvements.
The proposal comes three years after University of Colorado researchers warned that it was easy to spoof FEMA’s presidential alerts, with no way to verify the authenticity of the broadcasts. And while the 2018 Hawaii missile alert was the result of an error rather than a hack, it underscored the risks associated with false warnings. Even at small scales, a fake alert could reach tens of thousands of people, possibly leading to panic and reduced trust in real messages.
It’s not certain if the proposals are enough. The 72-hour window may help prevent some false alerts, but not all of them — that’s plenty of time for a hacker to both breach an emergency system and send fake messages. It’s likewise unclear if the FCC would update its security requirements to keep up with evolving threats. Even so, this shows that the Commission is at least aware of the dangers.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission. All prices are correct at the time of publishing.
Denial of responsibility! Techno Blender is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.