Hackers broke into Emergency Alert System equipment at radio stations in Texas and Virginia late last year, injecting fake alert tones and obscene language into live broadcasts. This week, the FCC made its response official, adopting mandated cybersecurity standards.
The action, approved 3-0 by Chairman Brendan Carr and Commissioners Olivia Trusty and Anna Gomez at the Commission’s June meeting, also launches a Further Notice of Proposed Rulemaking seeking comment on broader modernization of both EAS and Wireless Emergency Alerts.
Proposed improvements include requiring authentication of alerts before transmission, establishing a universal alert identification number to block duplicates, eliminating outdated WEA geotargeting exceptions that cause alerts to reach the wrong locations, and allowing software-based EAS implementation as an alternative to dedicated hardware.
“Today’s item builds on our prior work by taking commonsense steps to strengthen the cybersecurity of our emergency alert systems by addressing the very types of vulnerabilities that enabled the zombie-alert incident in the first place,” Chairman Carr said.
Commissioner Trusty, who visited the Nebraska Emergency Management Agency in May as the state faced its worst wildfire season on record, framed the action around real-world consequences. “Any vulnerability in the Emergency Alert System can have serious consequences,” she said. “Americans rely on our alerting systems to deliver timely and accurate information when it matters most.”
NAB President and CEO Curtis LeGeyt welcomed the order, citing the FCC’s approval of an NAB petition to allow software-based EAS processing as a meaningful step forward. “By allowing broadcasters to deploy security updates more quickly, reduce equipment downtime and strengthen system redundancy, this proposal can help ensure stations are better positioned to deliver critical emergency information when communities need it most,” LeGeyt added.
