FCC Offers Broadcasters a Free Cybersecurity Workshop in May

The Federal Communications Commission will host a May 14 cybersecurity workshop led by its Public Safety and Homeland Security Bureau. The workshop will feature speakers from the FCC, federal partners, and industry experts to raise awareness of emerging cybersecurity risks, share, and promote adoption of best practices, and highlight opportunities for public-private partnerships on cybersecurity issues facing broadcasters.

The 9 a.m. CDT event will be staged in person and online and is free and open to the public at the FCC's Washington, D.C., headquarters at 45 L Street NE. The livestream for the event is www.fcc.gov/live

The May 14 event is the latest effort by the commission's Public Safety and Homeland Security Bureau to help ensure the security of broadcast systems. Late last year the PSHSB issued a Public Notice after stations in Texas and Virginia were compromised.

A Houston FM station's studio-transmitter link (STL) was compromised last November. The FCC said, "threat actors" accessed "improperly secured Barix equipment" and reconfigured it to "receive attacker-controlled audio in lieu of station programming."

Stations in other states were subjected to inserted audio of "an actual or simulated Attention Signal and EAS alert tones," as well as profanity.

In response to those attacks, the FCC urged all broadcasters, especially those using Barix equipment, to:

• Install software security patches issued by the equipment manufacturer as soon as they become available, and upgrade equipment firmware and software to the most recent versions recommended by the manufacturer.
• Change their devices' default passwords and replace them with robust alternatives and regularly change passwords to promote continued security.
• Where reasonably feasible, install EAS, Barix, and other equipment interconnected to the broadcast signal processing system behind network firewalls, and utilize VPNs that are configured to limit remote management access to only authorized devices.
• Continually monitor EAS equipment and software and review audit logs to detect and report incidents of unauthorized access.
• Review the list of recommended best practices to address potential data security vulnerabilities issued by the Communications Security, Reliability, and Interoperability Council in 2014.

Broadcasters also are encouraged to contact their EAS equipment manufacturers with any specific questions regarding the security of EAS equipment, especially if a station suspects broadcast equipment has been subject to attempts at unauthorized access.

Government Agencies to Contact in the Event of a Station Cyber Attack

Broadcasters who suspect unlawful access to their systems should notify the FCC Operations Center at 202-418-1122 or [email protected] and report any cyberattacks to Federal Bureau of Investigation's Internet Crime Complaint Center (IC3) at https://www.ic3.gov/.

Additionally, State of Texas officials say stations also should contact XXXXXX.

Questions? Contact TAB's Michael Schneider or call (512) 322-9944.