FCC commissioners testify before Congress in December. Photo: Chip Somodevilla/Getty Images

A government watchdog found key security deficiencies in the Federal Communications Commission's IT systems, including the public comment system, according to a report out Friday.

Why it matters: The FCC relies on feedback from the public to help shape policy, but its system for collecting it has been marred by fake comments and outages during high-profile debates — most publicly in the fight over net neutrality.

Driving the news: The Government Accountability Office identified problems in core security functions related to identifying cyber risks; protecting the systems from threats; detecting and responding to cyber attacks; and recovering from them. The agency made 136 recommendations to help shore up the FCC's systems.

  • The FCC, which received a non-public version of the report in September 2019, had implemented 63% of them as of November, with 41 outstanding and another 10 partially implemented.
  • The FCC told GAO it has created plans to address the outstanding recommendations by April 2021.
  • "Until FCC fully implements these recommendations and resolves the associated deficiencies, its information systems and information will remain at increased risk of misuse, improper disclosure or modification, and loss," GAO said in the report.

Flashback: The FCC blamed distributed denial of services attacks for commenting system outages during the net neutrality debate in 2017, but an internal investigation by the agency's Inspector General later found that no such attacks occurred.

  • House Energy & Commerce Committee Chairman Frank Pallone and Senate Commerce communications subcommittee Ranking Member Brian Schatz had called for a GAO investigation into the alleged cyberattacks when they were first reported, as well as into the FCC's overall cybersecurity practices.
  • GAO credited the agency with bolstering the commenting system after the May 2017 disruptions, noting that the FCC had increased the system's capacity and performance.

What they're saying: Pallone said the GAO report found a "disturbing lack of security" that puts the FCC's systems at risk, and called on Chairman Ajit Pai to act swiftly to fix the vulnerabilities.

  • "Until the FCC implements all of the remaining recommendations, its systems will remain vulnerable to failure and misuse," Pallone said in a statement.
  • FCC spokesman Brian Hart said the agency has now addressed 94 of the recommendations. "We have been engaged in a major, multi-year strategic effort to modernize our IT capabilities and deliver secure, scalable, and reliable networks for both our internal operations and our public-facing systems," Hart said in a statement.

What's next: FCC Managing Director Mark Stephens told the GAO in March that the agency is in the process of upgrading its public commenting system and another system reviewed in the report.

  • "The new versions of these applications will not have the security deficiencies that you have identified in their current versions," Stephens wrote.

Go deeper

Updated 9 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Politics: Americans feel Trump's sickness makes him harder to trustFlorida breaks record for in-person early voting.
  2. Health: The next wave is gaining steam.
  3. Education: Schools haven't become hotspots.
  4. World: Ireland moving back into lockdown — Argentina becomes 5th country to report 1 million infections.
2 hours ago - World

China embraces hostage diplomacy

Illustration: Sarah Grillo/Axios

The Chinese government is threatening to detain foreign citizens unless their home governments do what Beijing demands. In some cases, China has already made good on those threats.

The big picture: This marks a potential evolution of China's "wolf warrior diplomacy" to outright rogue state behavior, putting it in the company of countries like North Korea and Iran, which have also engaged in hostage diplomacy.

Justice Department sues Google over alleged search monopoly

Illustration: Lazaro Gamio/Axios

The Justice Department and 11 states Tuesday filed an antitrust lawsuit against Google, accusing the company of using anticompetitive tactics to illegally monopolize the online search and search advertising markets.

Why it matters: The long-awaited suit is Washington's first major blow against the tech giants that many on both the right and left argue have grown too large and powerful. Still, this is just step one in what could be a lengthy and messy court battle.

Get Axios AM in your inbox

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Subscription failed
Thank you for subscribing!