New Cybersecurity Requirements for EAS
- The New York State Broadcasters Association
- 4 days ago
- 2 min read

As we reported last week, the FCC has adopted new cyber security requirements for EAS. FCC Chairman Carr noted in his statement.
While the FCC has worked to ensure that vulnerabilities in EAS and WEA are addressed, there have been additional instances of alerting and broadcast systems being compromised or manipulated, including recent attacks that used emergency alert tones and related broadcast equipment to transmit unauthorized content. These attacks are a stark reminder that threats continue to evolve and our work must continue.
Today’s item builds on our prior work by taking commonsense steps to strengthen the cybersecurity of our emergency alert systems by addressing the very types of vulnerabilities that enabled the zombie-alert incident in the first place. Requiring stronger password practices, timely software updates, and improved security controls will help reduce opportunities for bad actors to exploit weaknesses in alerting equipment.
According to the decision, broadcasters will be required to adopt a three-pronged approach to secure EAS equipment, studio transmitter links, and any other remotely managed equipment. Stations must:
Adopt strong password security practices
Test and install security patches and security-related software and firmware upgrades promptly after those patches or upgrades are available
Use a network firewall or comparable practice to limit remote access to authorized devices and systems
In addition, the decision contained a Further Notice of Proposed Rulemaking addressing issues such as EAS alert authentication, ability to better target EAS alerts, and installation of software-based EAS equipment in addition to current hardware.
Installation of a network firewall will be complex and possibly expensive, especially for smaller stations. FCC orders are typically implemented 60 days after they are published in the Federal Register. We are keeping a close watch on implementation.
You can see the story from last week here.
You can see the FCC’s News Release here.
You can see the FCC’s decision here.



