Re: [emergency] IFSC was: RE: [emergency-msg] Any word from Jamie? Notes.

["CONSULTRAC" <rcarlton@consultrac.com>]

Don't know if you folks saw this bit of news/analysis but it was in today's
Homeland Security Monitor from Intellibridge - R

FCC Launches Review of Emergency Alert System
The U.S. Emergency Alert System (EAS) that allows officials to interrupt
radio and television broadcasts to provide emergency information is
vulnerable to cyber attacks, federal officials announced. "Security and
encryption were not the primary design criteria when EAS was developed and
initially implemented," the Federal Communications Commission (FCC) wrote in
a public notice launching a review of the system on 12 August. Established
in 1997 to replace the Cold War-era Emergency Broadcast System, the EAS was
built without basic authentication mechanisms and is activated locally by
unencrypted low-speed modem transmissions over public airwaves. According to
SecurityFocus reports, the system weaknesses leave EAS open to malicious
interference such as denial-of-service attacks or the promulgation of false
regional alerts. Under FCC regulations, unattended stations must
automatically interrupt their broadcasts to forward alerts, making it
possible for false information to be forwarded without review. The FCC
acknowledged the system "could be exploited during times of heightened
public anxiety and uncertainty" to distribute false information to the
public and that "EAS signals could be subject to jamming." Among the
questions the FCC will address is how to protect broadcasters from liability
if they inadvertently rebroadcast a false EAS message; who is responsible
for system security; how can the authenticity of EAS messages be verified;
and "what security standards, if any, should be implemented?" According to
FCC Commissioner Jonathan Adelstein, "The Commission must now buckle down
and do what it is we are asking state and local officials to do -- assess
vulnerabilities, create a plan for better service, and review and update
that plan as communications technologies evolve."

ANALYSIS: The FCC review follows a detailed report on the EAS produced by
the nonprofit Partnership for Public Warning (PPW) in February 2004, which
noted EAS security as "very much an issue." Acknowledging the system's
weaknesses, FCC officials noted that "the complete EAS protocol is a matter
of public record." Although there are no reported cases of vulnerabilities
being exploited, experts are concerned that the system's lack of security
might make it attractive as a disinformation tool to be used in conjunction
with a physical attack. Although many experts believe EAS would be a
critical government information system in the event of a chemical or
biological attack, the system is increasingly under fire by critics who
assert that its mission and reliance on analog broadcast media are obsolete
in an era of instant 24-hour news coverage. Peter Ward, chairman of PPW,
advocates replacing EAS with an all-digital network tied to cell phones,
pagers, digital televisions, and other devices. Others such as Mark
Manuelian, engineering manager at WBZ Radio in Boston, disagree. Arguing
that EAS is vital to reach the "mom and pop radio station literally running
their own business with a transmitter in the back field," Manuelian
commented, "These things stand alone in little radio stations that have no
Internet access... That's something we don't think of where we are in big
cities." Although the system has never been used for a national emergency,
state and local officials have found it valuable for warning the public of
regional crises such as tornados, floods, or hurricanes and use it
frequently in conjunction with the "Amber Alerts" program for abducted
children.