Here’s an eye-opener. Three times in March, hackers targeted Russian broadcasters, taking over their emergency alert system to warn the public falsely of attacks.
The most recent as of this writing occurred on March 9, according to a story by William Mata on “The Independent”’s website.
“Radio and television broadcasts in Moscow and the western Sverdlovsk area were interrupted with a phony warning of a missile strike on the country,” the story said. The public was told to don gas masks, take potassium iodine and head quickly to shelters.
Given current geopolitical tension, perhaps it is a good idea to conduct regular security audits of the EAS system in this country—something the government regards as critical infrastructure. In August 2022, Homeland Security Today reported FEMA was advising of “certain vulnerabilities in EAS encoder/decoder devices” that did not have the latest software. Those vulnerabilities could make broadcasters susceptible to attacks from hackers, allowing them to take over the alerting system.
FEMA made three recommendations: Update systems to run the latest software; make sure EAS devices are behind firewalls; and regularly monitor EAS devices and supporting infrastructure and review audit logs to seek out unauthorized access.
At the moment, neither FEMA nor the FCC require security testing of EAS devices. Digital Alert Systems has strongly supported a FEMA suggestion to introduce a baseline security component to the evaluation and certification of EAS encoder/decoders in ex parte filings with the commission, said Edward Czarnecki, the company’s vice president for global and government affairs.
In October 2022, however, the agency launched a rulemaking to improve security and reliability of EAS and Wireless Emergency Alerts.
While the industry waits, now might be an excellent time to confirm EAS software is up-to-date, the efficacy of firewall protection and whether or not regular audits of access are occurring to see if bad actors have penetrated the system.
We all remember the panic that residents and tourists in Hawaii experienced five years ago when a miscommunication during a drill by the state’s emergency management agency caused a false missile attack alert.
With tensions running high, this country does not need hackers taking control of EAS and needlessly scaring people, and in the process jaundicing attitudes about future, legitimate warnings whether they are for severe weather or something else.