Apr 24, 2020 - Technology

FCC needs to fix its cybersecurity practices, GAO finds

FCC commissioners testify before Congress in December. Photo: Chip Somodevilla/Getty Images

A government watchdog found key security deficiencies in the Federal Communications Commission's IT systems, including the public comment system, according to a report out Friday.

Why it matters: The FCC relies on feedback from the public to help shape policy, but its system for collecting it has been marred by fake comments and outages during high-profile debates — most publicly in the fight over net neutrality.

Driving the news: The Government Accountability Office identified problems in core security functions related to identifying cyber risks; protecting the systems from threats; detecting and responding to cyber attacks; and recovering from them. The agency made 136 recommendations to help shore up the FCC's systems.

  • The FCC, which received a non-public version of the report in September 2019, had implemented 63% of them as of November, with 41 outstanding and another 10 partially implemented.
  • The FCC told GAO it has created plans to address the outstanding recommendations by April 2021.
  • "Until FCC fully implements these recommendations and resolves the associated deficiencies, its information systems and information will remain at increased risk of misuse, improper disclosure or modification, and loss," GAO said in the report.

Flashback: The FCC blamed distributed denial of services attacks for commenting system outages during the net neutrality debate in 2017, but an internal investigation by the agency's Inspector General later found that no such attacks occurred.

  • House Energy & Commerce Committee Chairman Frank Pallone and Senate Commerce communications subcommittee Ranking Member Brian Schatz had called for a GAO investigation into the alleged cyberattacks when they were first reported, as well as into the FCC's overall cybersecurity practices.
  • GAO credited the agency with bolstering the commenting system after the May 2017 disruptions, noting that the FCC had increased the system's capacity and performance.

What they're saying: Pallone said the GAO report found a "disturbing lack of security" that puts the FCC's systems at risk, and called on Chairman Ajit Pai to act swiftly to fix the vulnerabilities.

  • "Until the FCC implements all of the remaining recommendations, its systems will remain vulnerable to failure and misuse," Pallone said in a statement.
  • FCC spokesman Brian Hart said the agency has now addressed 94 of the recommendations. "We have been engaged in a major, multi-year strategic effort to modernize our IT capabilities and deliver secure, scalable, and reliable networks for both our internal operations and our public-facing systems," Hart said in a statement.

What's next: FCC Managing Director Mark Stephens told the GAO in March that the agency is in the process of upgrading its public commenting system and another system reviewed in the report.

  • "The new versions of these applications will not have the security deficiencies that you have identified in their current versions," Stephens wrote.

Go deeper

New York City to impose curfew amid ongoing protests

Photo: Lev Radin/Pacific Press/LightRocket via Getty Images

New York City will be placed under curfew on Monday from 11pm until 5am Tuesday morning following days of protests over the death of George Floyd, Gov. Andrew Cuomo announced Monday.

The state of play: The decision was a result of conversations with NYC Mayor Bill de Blasio and New York Police Department commissioner Dermot Shea. Cuomo said the number of police officers on the street will double from 4,000 to 8,000.

Family-commissioned autopsy says George Floyd's death was homicide

Police watch as demonstrators block a roadway while protesting the death of George Floyd in Miami. Photo: Joe Raedle/Getty Images

Preliminary results from an independent autopsy commissioned by George Floyd's family found that his death in the custody of Minneapolis police officer Derek Chauvin was "homicide caused by asphyxia due to neck and back compression that led to a lack of blood flow to the brain," according to a statement from the family's attorney.

Why it matters: The autopsy contradicts preliminary findings from the Hennepin County medical examiner, who found “no physical findings that support a diagnosis of traumatic asphyxiation or strangulation,” according to charging documents against Chauvin. The official examination is still ongoing.

Updated 1 hour ago - Politics & Policy

Trump lashes out at governors, calls for National Guard to "dominate" streets

President Trump berated the nation’s governors in a video teleconference call Monday, calling many of them "weak" and demanding tougher crackdowns on the protests that erupted throughout the country following the killing of George Floyd, according to audio of the call.

The latest: White House press secretary Kayleigh McEnany said at a briefing Monday that Trump's call for law enforcement to "dominate" protesters referred to "dominating the streets" with a robust National Guard presence in order to maintain the peace.