The Federal Communications Commission is well aware of the potential harm caused by bogus emergency warnings and is working to mitigate the risk through regulation adjustments. The government has proposed rules requiring tighter security for the Emergency Alert System (EAS) and Wireless Emergency Alerts. Participants and carriers would be required not only to disclose EAS breaches within 72 hours but also to give annual certifications that they have “adequate” measures and a risk management strategy.
In addition, the proposed guidelines would compel phone carriers to submit authentication data to ensure that only real emergency notifications reach consumer devices. Similarly, the FCC is seeking feedback on the efficacy of the present rules for sending EAS alerts, as well as proposals for “alternative approaches” with enhancements.
The suggestion comes three years after University of Colorado academics cautioned that spoofing FEMA’s presidential notifications was straightforward, with no mechanism to check the broadcasts’ legitimacy. While the 2018 Hawaii missile alarm was the product of an error rather than a hack, it highlighted the dangers of misleading alerts. Even on tiny scales, a phony warning may reach tens of thousands of individuals, thereby causing fear and lowering faith in legitimate signals.
It’s unclear if the plans are sufficient. The 72-hour buffer may avoid some false signals, but not all – that’s plenty of time for a hacker to infiltrate an emergency system and broadcast phony information. It’s also uncertain whether the FCC will revise its security standards to stay up with new threats. Nonetheless, this demonstrates that the Commission is at least aware of the risks.