GAO to probe FCC cyberattack that struck amid net neutrality debate

GAO to probe FCC cyberattack that struck amid net neutrality debate
© The Hill screengrab

The government's top watchdog has agreed to investigate the reported cyberattack that targeted the Federal Communications Commission (FCC) earlier this year while the agency was preparing to roll back net neutrality regulations.

A spokesman for the Government Accountability Office (GAO) confirmed it has accepted a request from two Democratic lawmakers to probe the distributed denial of service (DDoS) attack that the FCC said disrupted its electronic comment filing system in May.

ADVERTISEMENT
The spokesman said that the probe, which was first reported by Politico, is “now in the queue, but the work won’t get underway for several months.” The investigation will also examine the FCC’s broader cybersecurity efforts. 

Sen. Brian SchatzBrian Emanuel SchatzSenate panel moves forward with bill to roll back Dodd-Frank GOP on verge of opening Arctic refuge to drilling Dems rip GOP over handwritten changes to tax plan MORE (D-Hawaii) and Rep. Frank Pallone Jr. (D-N.J.) wrote to the GAO in mid-August asking it to investigate the DDoS attack that the FCC blamed for slowing its comment filing system on May 8.

The agency’s comment filing system was brought down the day after comedian John Oliver slammed the FCC for trying to ease Obama-era net neutrality regulations during a segment on his HBO show. The incident generated speculation that the system had been overwhelmed with traffic because Oliver directed his viewers to file comments supporting the regulations. 

However, the FCC later said that the system had been targeted with a DDoS attack, which overwhelms a website with massive amounts of fake traffic. 

Democrats have clamored for more documentation on the alleged cyberattack.

In their Aug. 17 letter to the GAO, Schatz and Pallone appeared to cast doubt on the FCC’s claims about the incident. 

“While the FCC and the FBI have responded to Congressional inquiries into these DDoS attacks, they have not released any records or documentation that would allow for confirmation that an attack occurred, that it was effectively dealt with, and that the FCC has begun to institute measures to thwart future attacks and ensure the security of its systems,” the Democrats wrote. 

“As a result, questions remain about the attack itself and more generally about the state of cybersecurity at the FCC — questions that warrant an independent review,” they wrote.

The GAO did not specify a completion date for the investigation.