EAS Equipment Vulnerability Alert Issued

On August 5, 2022, the Chief of the FCC’s Public Safety & Homeland Security Bureau sent out emails to EAS participants titled “EAS Security Advisory” announcing that the Federal Emergency Management Agency (FEMA) had issued an advisory on a potential vulnerability in certain EAS encoder/decoder devices that have not been updated to the most recent software versions.  The message noted that the Bureau had previously warned about this vulnerability.  The FEMA notice pointed out that the security vulnerability was going to be made public at a Las Vegas tech conference, which prompted the advisory action.

Under the FCC’s rules, EAS participants are responsible for ensuring that EAS equipment is installed so that the monitoring and transmitting functions are available.  The email contains a blunt statement that failure to receive or transmit EAS messages during national tests or actual emergencies because of an equipment failure may subject the EAS participant to enforcement actions.  EAS participants should update EAS devices with latest software and security patches, change default passwords, make sure that systems are behind a firewall and review audit logs regularly to make sure that there has been no unauthorized access.