Member Login


Forgot Password?
Need Login?

You are here: Home > News & Events > News > FCC Warns: Check Your EAS…
Welcome, guest: Login to your account

FCC Warns: Check Your EAS Gear for Cyber Flaw

posted on 12.12.2022

- Could Enable Remote Attacks

The FCC’s Public Safety and Homeland Security Bureau is advising all EAS participants using certain encoding/decoding equipment to take immediate steps to protect against remote attackers that could use an existing flaw in the equipment to run code on the devices.

The action follows an advisory by the Cybersecurity and Infrastructure Agency (CISA) regarding security vulnerabilities in DASDEC equipment sold by Digital Alert Systems, formerly Monroe Electronics.

CISA warns that DASDEC software prior to version 4.1 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to run code on the devices.  CISA also warns that all DASDEC software contains an XSS vulnerability via the Host Header that can be used by remote attackers after login.  
 
Broadcasters should immediately take the following steps recommended by CISA to protect their systems from cyberattacks:

  • Patch DASDEC equipment to the latest version.
  • Minimize network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet.
  • Locate control system networks and remote devices behind firewalls and isolate them from business networks.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Note that VPN is only as secure as its connected devices.

CISA ADVISORY

The FCC also urges EAS Participants to take additional steps to improve their cyber hygiene as described in its August 5, 2022 Public Notice.
 
Under the FCC’s rules, EAS Participants are responsible for ensuring that EAS equipment is installed so that the monitoring and transmitting functions are available during the times the stations and systems are in operation.  

Failure to receive or transmit EAS messages during national tests or actual emergencies because of an equipment failure may subject the EAS Participant to enforcement.   

Questions? Contact TAB’s Oscar Rodriguez or call (512) 322-9944.
 

« Back to News Archive
« Back to Latest News