Federal watchdog finds cybersecurity vulnerabilities in FCC systems

Federal watchdog finds cybersecurity vulnerabilities in FCC systems
© Greg Nash

The Government Accountability Office (GAO) on Friday urged the Federal Communications Commission (FCC) to take steps to boost the security of its comment submission process following a review that revealed dozens of cyber vulnerabilities. 

In a report compiled by the GAO, which was originally finalized in September but made public Friday, the agency detailed 136 recommendations for how the FCC could improve its Electronic Comment Filing System (ECFS). 

This system is used by the public to propose changes to regulations, and was overwhelmed in May 2017 following a surge in comments being submitted, temporarily disrupting the electronic comment system.

ADVERTISEMENT

The GAO undertook its review of the FCC’s security for the ECFS following this incident after requests from numerous Democratic lawmakers. 

“GAO identified program and control deficiencies in the core security functions related to identifying risk, protecting systems from threats and vulnerabilities, detecting and responding to cyber security events, and recovering system operations,” the government watchdog wrote in the report. 

The GAO gave credit to the FCC for addressing 63 percent of its recommendations since September, but warned that the agency was at risk until all the identified problems are dealt with.

“Until FCC fully implements these recommendations and resolves the associated deficiencies, its information systems and information will remain at increased risk of misuse, improper disclosure or modification, and loss,” GAO warned. 

A response to the GAO’s findings from FCC Managing Director Mark Stevens was included in the report, with Stevens vowing the agency would address its cybersecurity shortcomings in full by April 2021. 

ADVERTISEMENT

“We acknowledge the nine non-technical and 127 technical recommendations in this draft report,” Stevens wrote. “We have been working diligently to address them, prioritizing those recommendations that are most operationally practical to implement and those that will immediately improve our security.”

House Energy and Commerce Committee Chairman Frank Pallone Jr.Frank Joseph PalloneDem chairmen urge CMS to prevent nursing homes from seizing stimulus payments Federal watchdog finds cybersecurity vulnerabilities in FCC systems Overnight Health Care — Presented by That's Medicaid — Deal on surprise medical bills faces obstacles | House GOP unveils rival drug pricing measure ahead of Pelosi vote | Justices to hear case over billions in ObamaCare payments MORE (D-N.J.), one of the lawmakers to request the GAO review two years ago, said in a statement that the security shortcomings of the FCC were “disturbing.” Pallone called on FCC Chairman Ajit Pai to address his agency’s vulnerabilities.  

“Until the FCC implements all of the remaining recommendations, its systems will remain vulnerable to failure and misuse,” Pallone said. “Chairman Pai must act swiftly to fix these vulnerabilities and restore trust back into the ECFS and the FCC’s cybersecurity practices overall.”